Weekly Threat Briefing: Massive Botnet Chews Through 20,000 WordPress Sites

Weekly Threat Briefing: Massive Botnet Chews Through 20,000 WordPress Sites

December 11, 2018 | Anomali Labs

The intelligence in this week’s iteration discuss the following threats: APT, Banking trojan, Botnet, BEC, Data theft, Malspam, Phishing, Targeted attacks, Threat group, Vulnerabilities and Website compromise. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.

Observed Threats

This section includes the top threats observed from the Anomali Community user base as well as sensors deployed by Anomali Labs. A ThreatStream account is required to view this section. Click here to request a trial. Additional information regarding the threats discussed in this week’s Community Threat Briefing can be found below:

TheDarkOverlord
TheDarkOverlord is a threat group that has been active since at least June 2016 when they started to list dumps for sale on the forum called “Real Deal Marketplace.” The group engages in extortion and data leaks of company data and Personally Identifiable Information (PII). The first incidents the group was involved in revolved around gaining access to healthcare organization servers, stealing information, and then demanding payment for not releasing the data. The data typically consists of PII and Protected Health Information (PHI). The group later expanded from solely targeting the healthcare industry to others such as education and finance, however, the group’s tactics remained the same; steal data and demand payment for not releasing it to open source locations.
Anomali Labs
About the Author

Anomali Labs

Get the latest threat intelligence news in your email.