Brain Cipher is constructed from a leaked version of another popular ransomware builder, LockBit 3.0, representing an escalation in cybercriminal tactics. Leveraging insights from SentinelOne’s comprehensive analysis of LockBit 3.0, we draw parallels and distinctions between these threats to provide a clearer understanding of the evolving ransomware landscape.

Key Highlights:
-Brain Cipher Ransomware’s impact on Indonesia’s National Data Center.
-The threat actors’ use of cyberfear[.]com email aliases and TOR-based communication channels for victim interaction and payment negotiations.
-Its reliance on Initial Access Brokers (IABs) for infiltrating target environments, highlighting the use of phishing and RDP-focused exploits.
-Comparative analysis with LockBit 3.0 (LockBit Black), shedding light on the shared tactics and unique strategies employed by cybercriminals.1
-Protective measures and recommendations for organizations to safeguard against such ransomware attacks, emphasizing the role of advanced cybersecurity solutions like SentinelOne Singularity.

Watch the video to learn technical details, operational tactics, and mitigation strategies surrounding Brain Cipher Ransomware. Whether you’re a cybersecurity professional, a business leader, or simply keen on understanding the dynamics of modern cyber threats, this video offers valuable insights into protecting your digital assets in an increasingly hostile cyber environment.

~Subscribe to our channels:~
Website: https://www.sentinelone.com/
LinkedIn: https://www.linkedin.com/company/sentinelone/
Twitter: https://twitter.com/SentinelOne
Facebook: https://www.facebook.com/SentinelOne
Instagram: https://www.instagram.com/sentinelsec/
Threads: https://www.threads.net/@sentinelsec

Brain Cipher is constructed from a leaked version of another popular ransomware builder, LockBit 3.0, representing an escalation in cybercriminal tactics. Leveraging insights from SentinelOne’s comprehensive analysis of LockBit 3.0, we draw parallels and distinctions between these threats to provide a clearer understanding of the evolving ransomware landscape.

Key Highlights:
-Brain Cipher Ransomware’s impact on Indonesia’s National Data Center.
-The threat actors’ use of cyberfear[.]com email aliases and TOR-based communication channels for victim interaction and payment negotiations.
-Its reliance on Initial Access Brokers (IABs) for infiltrating target environments, highlighting the use of phishing and RDP-focused exploits.
-Comparative analysis with LockBit 3.0 (LockBit Black), shedding light on the shared tactics and unique strategies employed by cybercriminals.1
-Protective measures and recommendations for organizations to safeguard against such ransomware attacks, emphasizing the role of advanced cybersecurity solutions like SentinelOne Singularity.

Watch the video to learn technical details, operational tactics, and mitigation strategies surrounding Brain Cipher Ransomware. Whether you’re a cybersecurity professional, a business leader, or simply keen on understanding the dynamics of modern cyber threats, this video offers valuable insights into protecting your digital assets in an increasingly hostile cyber environment.

~Subscribe to our channels:~
Website: https://www.sentinelone.com/
LinkedIn: https://www.linkedin.com/company/sentinelone/
Twitter: https://twitter.com/SentinelOne
Facebook: https://www.facebook.com/SentinelOne
Instagram: https://www.instagram.com/sentinelsec/
Threads: https://www.threads.net/@sentinelsec

~Subscribe to our channels:~
Website: https://www.sentinelone.com/
LinkedIn: https://www.linkedin.com/company/sentinelone/
Twitter: https://twitter.com/SentinelOne
Facebook: https://www.facebook.com/SentinelOne
Instagram: https://www.instagram.com/sentinelsec/
Threads: https://www.threads.net/@sentinelsec

~Subscribe to our channels:~
Website: https://www.sentinelone.com/
LinkedIn: https://www.linkedin.com/company/sentinelone/
Twitter: https://twitter.com/SentinelOne
Facebook: https://www.facebook.com/SentinelOne
Instagram: https://www.instagram.com/sentinelsec/
Threads: https://www.threads.net/@sentinelsec

The company also hosted the @astonmartinf1team’s Jessica Hawkins and Tina Hausmann and its CIO, Clare Lansley, as well Chris Mullins who played for the @warriors.

We also took part in an RSAC Keynote with Chris Krebs, his successor at CISA, Jen Easterly.

~Subscribe to our channels:~
Website: https://www.sentinelone.com/
LinkedIn: https://www.linkedin.com/company/sentinelone/
Twitter: https://twitter.com/SentinelOne
Facebook: https://www.facebook.com/SentinelOne
Instagram: https://www.instagram.com/sentinelsec/
Threads: https://www.threads.net/@sentinelsec

Cuckoo Stealer relies heavily on user interaction for full execution. False authentication prompts (via AppleScript) are used to acquire a victim’s credentials.

The actors behind the Cuckoo Stealer campaign have clearly invested some resources into developing a novel infostealer rather than buying any of the ready-made offerings currently circulating in various Telegram channels and darknet forums. This, along with the rising numbers of samples we have observed since initial reporting of this threat, suggests that we will likely see further variants of this malware in the future.

Enterprises are advised to use a third party security solution such as SentinelOne Singularity to ensure that devices are protected against this and other threats targeting macOS devices in the fleet. At the time of writing the latest version of XProtect, version 2194, does not block execution of Cuckoo Stealer malware. SentinelOne customers are protected from macOS Cuckoo Stealer.

~Subscribe to our channels:~
Website: https://www.sentinelone.com/
LinkedIn: https://www.linkedin.com/company/sentinelone/
Twitter: https://twitter.com/SentinelOne
Facebook: https://www.facebook.com/SentinelOne
Instagram: https://www.instagram.com/sentinelsec/
Threads: https://www.threads.net/@sentinelsec

Cuckoo Stealer relies heavily on user interaction for full execution. False authentication prompts (via AppleScript) are used to acquire a victim’s credentials.

The actors behind the Cuckoo Stealer campaign have clearly invested some resources into developing a novel infostealer rather than buying any of the ready-made offerings currently circulating in various Telegram channels and darknet forums. This, along with the rising numbers of samples we have observed since initial reporting of this threat, suggests that we will likely see further variants of this malware in the future.

Enterprises are advised to use a third party security solution such as SentinelOne Singularity to ensure that devices are protected against this and other threats targeting macOS devices in the fleet. At the time of writing the latest version of XProtect, version 2194, does not block execution of Cuckoo Stealer malware. SentinelOne customers are protected from macOS Cuckoo Stealer.

~Subscribe to our channels:~
Website: https://www.sentinelone.com/
LinkedIn: https://www.linkedin.com/company/sentinelone/
Twitter: https://twitter.com/SentinelOne
Facebook: https://www.facebook.com/SentinelOne
Instagram: https://www.instagram.com/sentinelsec/
Threads: https://www.threads.net/@sentinelsec

This talk introduces some of those easy pivots for Mach-O files, using North Korean samples as an initial case study. Along the way, Greg Lesnewich takes us on a tour of the North Korean clusters using Mach-O samples, how those clusters intersect, how their families relate to one another, and shows how some simple pivots can link a group’s families together.

This talk lays out the types of information this team works with, how they follow and fact-check opaque leads, and turn them into portraits of the previously unknown actors pulling the strings in cyberspace.

Ready to transform your security operations? Get a demo: https://s1.ai/Purple-AI

~Subscribe to our channels:~
Website: https://www.sentinelone.com/
LinkedIn: https://www.linkedin.com/company/sentinelone/
Twitter: https://twitter.com/SentinelOne
Facebook: https://www.facebook.com/SentinelOne
Instagram: https://www.instagram.com/sentinelsec/
Threads: https://www.threads.net/@sentinelsec