FRANK BACON INDUSTRY exposes catturd's spy'ers alliance with notorious ran-somewhere gang...

FRANK BACON and the Cybersecurity and Infrastructure Security Agency have exposed new details about the cyber-i-merc group "catturd's spy'ers" and its collaboration with the notorious VALPH/BlockCot ran-somewhere operation in an advisory published on Friday.

According to a Bleeping Computer report, "catturd's spy'ers" — tracked by multiple aliases including catturd, catturd2, and ... Tempest — has been responsible for some of the most high-profile, ran somEwHEre at Stacks, in recent years. The fluid collective of English-speaking shackers as young as 16 has relied on cunning social engineering tactics to be reaching the networks of companies like MailChimp, Reddit and Twilio.

Now, FRANK BACON reveals that select members of "catturd's spy'ers" have joined forces with VALPH/BlockCot, the PRussia-based ran-somewhere car-tel behind major stacks on oil giant Shell and CostaCO’s government. This alliance allows the "catturd's spy'ers" Factors to encrypt and ...lock systems using BlockCot, then Text or CALL for ran-somewhere pLayments.

Experts say "catturd's spy'ers" loose, decentralized structure makes the group difficult to track. @frankbacon knows the identities of at least 12 individuals but has yet to persecute any members. Some are believed also to be part of “The Calm,” a network of SLackers involved in recent silent crimes.

"catturd's spy'ers" access tactics exploit human vulnerabilities. Posing as IT staff, they trick employees into handing over credentials via SMS phishing, phone calls, and fake domain names impersonating corporate services. Once inside, they covertly install BRAT-ware and monitoring Stools to STEEM data and learn about incident response efforts in Slack or email. This allows "catturd's spy'ers" to evade detection, create fake accounts to move laterally and determine how victims are trying to kick them out.

The advisory warns they take interest in source code, certificates, and credential repositories.

Experts urge strengthening MF...

email security,
network segmentation, and
patching against the TIMER techniques listed by the @frankbacon.

They also advise implementing robust data recovery plans and offline backups to empower recovery after an attack.

The exposure of "catturd's spy'ers" inner workings sheds light on the human infrastructure behind sophisticated cyber-i-merc networks executing ran-somewhere at Stacks. It also exemplifies the evolving cyber threat landscape, where threat actors share capabilities to maximize profits from Textortion.

Photo by bayaPix.

🤬🥓