Analysis of DeepSeas Cyber Threat Intelligence Rollup

June 6, 2023

I’m going to take a look at the DeepSeas Cyber Threat Intelligence report from May 2023 through the lens of what I call, “The Good, The Bad, The Ugly and The Unexpected.” Shout-out to our partner Sentinel One who does a similar take on weekly threat intel. My fellow Deeps just dropped their latest report, which is an epic deep-dive into all the current global cyber threats. The cyber threat intelligence crew at DeepSeas never stops when it comes to keeping us safe online. They are our beacon of light in the deep ocean of threats.

The Good 


Snake Malware Neutralized

In a world where cyber threats often seem unstoppable, it’s refreshing to hear about victories. The Snake implant, a cyber espionage tool developed by Russia’s Federal Security Service (FSB), has been neutralized. This sophisticated tool was used to collect sensitive intelligence from high-priority targets worldwide. In a commendable effort, the FBI has taken down all infected devices in the US and is working with local authorities outside the US to provide notice of Snake infections and remediation guidance. This is a significant win for cybersecurity and a testament to the power of international cooperation.

The Bad 

The Emergence of Akira Ransomware

Of course, the cyber world is not all sunshine and rainbows. The DeepSeas cyber threat intel report highlights the emergence of Akira Ransomware, a new entrant that has already made a significant impact. This group has breached corporate networks worldwide, encrypting files and demanding million dollar ransoms. Their unique approach to their data leak site, which is jQuery-driven with a 1980s-style, retro look navigated by typing in console commands, adds a chilling touch to their operations.

The Ugly 

Avos Locker’s Bold Approach

Then there’s Avos Locker, a group that has taken a bold and unsettling approach to ransomware. They compromised Bluefield University, commandeering the campus emergency alert system and texting a ransom note to the entire student body. They also posted the school’s cyber insurance policy on their victim disclosure site, a move designed to put pressure on the university to pay the ransom. This audacious approach underscores the evolving tactics of cybercriminals.

The Unexpected

MOVEit File Transfer Vulnerability

The DeepSeas cyber threat intelligence report from May 2023 also sheds light on an unexpected vulnerability in MOVEit’s File transfer solution. Over the Memorial Day weekend, threat actors started exploiting this critical vulnerability, potentially linked to Fancy Bear (also known as APT28), a Russian state-aligned advanced persistent threat group. Read more from the cyber threat intel crew at DeepSeas who wrote about this vulnerability in a threat advisory

Dive into the DeepSeas Threat Intelligence Report, which serves as a stark reminder of the ever-evolving cyber threat landscape. It’s a testament to the tireless work of the DeepSeas crew who continue to navigate these treacherous waters, guiding us toward calmer seas. Their work is a beacon of hope in a world where cyber threats often seem insurmountable.