February 2024

Cyber threats

Every month, cyber threats as seen by Gatewatcher’s CTI analysts
Le Lab Gatewatcher D
146 429
Identified Indicators of Compromise (IOCs)
82 929
Identified compromise reports (sum of IoCs)

Highlight of the month

The international “Cronos” operation, orchestrated on February 20, 2024, marked a notable moment in the global fight against cyberthreats. It targeted the LockBit group, notorious for its ransomware activities since 2020, and which we had already shed some light on in a previous editorial.
This threat actor, is notably known for having caused considerable financial damage to multiple sectors, including finance and healthcare in particular.

In the USA, the group has targeted some 1,700 organizations, including major corporations such as Boeing. In France alone, over 200 entities were affected, including critical infrastructures such as the Corbeil-Essonnes and Versailles healthcare establishments.

The result of close collaboration between the FBI, ANSSI, Gendarmerie Nationale and Europol, Operation Cronos led to the neutralization of a significant part of LockBit’s infrastructure. This resulted in the seizure of 34 servers in Europe, the UK and the USA, the identification and freezing of 200 cryptocurrency accounts, and the closure of 14,000 online accounts.

Access to Lockbit’s publishing site and administration systems also facilitated the provision of decryption keys to victims. The operation also led to the arrest in Poland and Ukraine of two Russian nationals, implicated in the worldwide distribution of this ransomware.

The importance of this operation lies not only in the scale of the seizures and arrests, but also in its role as a catalyst for other efforts to combat cybercrime worldwide. By dismantling such a preeminent player as LockBit, law enforcement has sent a strong message to the cybercrime community and is paving the way for similar initiatives in the future.

However, the impact of Operation Cronos could be short-lived. Just four days later, on February 24, the cybercriminal group defied the authorities by putting a new showcase site online, accompanied by the publication of alleged new victims. This rapid reaction demonstrates, if proof were needed, the resilience and adaptability of this type of highly structured cybercriminal network in the face of legal intervention.





Definition of the month

In the Ransomware-as-a-Service (RaaS) model, the term “affiliates” refers to cybercriminals who partner with ransomware providers (also known as “operators”) to carry out attacks. This partnership enables affiliates to use sophisticated malware developed by others, often in return for a share in the profits generated by successful attacks.

This structure enables ransomware attacks to spread more widely and rapidly, as it reduces the barriers to entry for malicious actors wishing to engage in cybercrime without possessing the technical skills to develop their own malicious tools. It also enables risk to be shared between the various players in the chain. If an operator is neutralized, its affiliates can turn to one of its RaaS competitors (and vice-versa).





About the Cyber Threat Barometer

Malware, critical vulnerabilities, advanced persistent threats, industries particularly targeted, weak signals of emerging attacks…It’s no secret that knowledge of one’s adversary is a key factor for the security of an enterprise. The Cyber Threats Barometer gives you a monthly overview of the cyber threats detected by Gatewatcher CTI , our Cyber Threat Intelligence platform..

Gatewatcher CTI’s automated collection, analysis and correlation engines are continuously fed by more than 4000 data sources from multiple channels: social networks, specialized sites, dark and deep web. They make threat information available an average of 24 hours in advance of the competition and help operational response teams make better decisions by dramatically reducing their analysis and incident treatment times.

Ask for a demo

Cyber Threats Barometer: Your monthly cyberthreat overview as seen by Gatewatcher’s CTI analysts