KELA Cyber Intelligence Research

Research

March 18, 2024

A deep dive into Akira and Black Basta negotiations

Diving into the shadowy realm of cyber extortion! KELA’s new report reveals the intricate tactics of Akira and Black Basta, two of the most formidable ransomware adversaries in 2023. Uncover their negotiation strategies, ransom demands, and the real implications of capitulating to their terms. Delve deeper into the full report for a detailed

Download the full report

Research

March 11, 2024

Chinese Cybercrime Ecosystem Report

CISA prioritized Chinese cyber threats in 2023 amidst increased state-sponsored attacks and cybercrime originating from China. Mutual growth between financially motivated cybercriminals and state-sponsored APTs within the Chinese cybercrime ecosystem is noted. KELA’s research aims to empower defenders against these evolving threats.

Download the full report

Research

August 2, 2023

Beyond Donations: How Hacktivist Groups Fund Their Operations

Through active monitoring of hacktivist groups, KELA identified a shift in their funding patterns. While traditionally relying on donations from community, it became evident that solely depending on these contributions is insufficient. In this report, KELA explores the success and failure of hacktivist groups’ various monetization efforts.

Download the full report

Research

July 25, 2023

Ransomware Victims and Network Access Sales in Q2 2023

Hold on to your hats! The ransomware and extortion pros were in full swing during the Q2 2023! KELA identified more than 1,200 victims, amounting to an increase of 41% from Q1 2023. Read the report to learn about the most prolific ransom and extortion actors, as well as their victim, top geographies, industries and main events involving ransom gangs.

Download the full report

Research

June 5, 2023

APT Groups And Their Presence In The Cybercrime Ecosystem [REPORT]

Despite the aura of sophistication surrounding APT groups, and although it is difficult to identify them in cybercrime sources, the cybercrime ecosystem is an important resource for APT groups when it comes to their operations. In this report, we show how APT groups not only access standard cybercrime sources, but are also active participants in them.

Get Report

Research

May 15, 2023

Delving Into The Emerging Infostealers Of 2023 [Report]

Information stealers continue to be a significant concern for companies in 2023 as in the last few years. The emergence of new infostealers highlights the ongoing efforts of cybercriminals to create new tools for stealing sensitive data. Read the report to learn about newly emerged infostealers, popular illicit markets and what to anticipate in 2023.

Download the full report

Research

April 10, 2023

Ransomware Victims and Network Access Sales in Q1 2023

The massive ransomware campaign that targeted thousands of ESXi servers in early 2023 highlights the continuing danger posed by ransomware and extortion groups to organizations worldwide.1 KELA observed an increase in ransomware and extortion attacks and sales of network access (an important part in ransomware gangs’ supply chain) in Q1 2023 compared

Read the full report

Research

February 1, 2023

TELEGRAM – How a Messenger Turned Into a Cybercrime Ecosystem by 2023

Telegram is a messaging app that is used by many people around the world for a variety of purposes. However, it has also become a hub for cybercrime activities, including the sale and leakage of stolen personal and corporate data, the organization of cybercrime gangs, the distribution of hacking tutorials, hacktivism and the sale of illegal physical

Read the full report

Research

January 12, 2023

The Cybercrime Inferno- 2022 Annual Report

Ransomware attacks occur when hackers gain unauthorized access to a computer system or network and hold it hostage through data encryption or threats to expose sensitive information until a ransom is paid. Get insights into the 2022 landscape of ransomware, extortion attacks, as well as trends, prevention strategies, and mitigation methods.

Read the full report

Research

December 8, 2022

Keys to the Kingdom: How Compromised Corporate Emails Have Become the Most Attractive Attack Vector for Cybercriminals

Dedicated shops provide a convenient platform for threat actors to sell a large number of compromised emails. Once purchased, these accounts can be monetized through various attack types. KELA’s analysis examines the extent of these shops used to monetize compromised emails and demonstrates how actors exploit obtained access.

Read the full report

Research

October 31, 2022

Ransomware Victims and Network Access Sales in Q3 2022

Ransomware and data-leak actors continue to operate vigorously with new gangs having emerged in Q3 2022. IABs offers continue to be in demand and to increase in quantity and price. Read on to delve into KELA’s expert analysis and get mitigation recommendations!

Read the full report

Research

October 6, 2022

Top Luxury Brands in France: Threat Landscape Report

France is a world leader in the Luxury sector. This research by KELA delves into cyber threats faced by luxury companies, emphasizing their attractiveness as targets due to holding data from affluent individuals and public figures. Moreover, compromising employee data grants attackers access to internal information for exfiltration, sale, or extortion.

Read the full report

Research

August 11, 2022

Examining Ransomware Victims and Network Access Sales in Q2 2022

Ransomware groups continue to evolve and threaten organizations and companies around the world. While some gangs reduced their activity in Q2 2022 or shut down, new actors like Black Basta emerged and continued extorting money from businesses. The report is based on KELA’s monitoring of ransomware gangs and initial access brokers’ activity in Q2.

Read the full report

Research

August 8, 2022

German Automotive Sector Cybercrime Threats Landscape Report

The German automotive sector is one of the leading sectors in Germany. It is adopting digital and automation technologies, and is therefore a valuable target for cyber criminals, from ransomware gangs to nation-state actors. In the report you’ll find new surprising findings by KELA research team as well as valuable forecasts and recommendations.

Read the full report

Research

June 2, 2022

Ransomware Victims and Network Access Sales in Q1 2022

In Q1 2022, ransomware gangs maintained their status as a major threat. They collaborated with various cybercriminals, such as initial access brokers (IABs), and aimed to conduct attacks against corporations worldwide. This report features insights and analysis from KELA’s extensive monitoring of ransomware gangs and IAB’s activity in Q1.

Read the full report

Research

May 5, 2022

2021-2022 UK Financial Sector Cyber Threat Landscape Report

This research aims to shed light on cyber threats targeting the UK’s financial sector. Due to the trend of transporting banking and financial services online, the sector is putting itself at cyber risk. Being the most likely sector to hold personal data of customers, the question of financial sector’s state of cyber security is of utmost importance.

Read the full report

Research

March 17, 2022

Beware. Ransomware. Top Trends of 2021

In this report, KELA provides insights into ransomware victims, recaps activity of ransomware groups in 2021 — both in terms of their attacks and presence on cybercrime forums — and shares exclusive findings about collaboration of ransomware actors with other cybercriminals.

Read the full report

Research

March 17, 2022

Analysis of leaked Conti’s internal data

On February 27, 2022, as a response to the Conti ransomware gang’s support of the Russian invasion of Ukraine, a suspected Ukrainian researcher leaked internal conversations of its members. KELA analyzed the leaks to understand the group’s evolution and TTPs, as well as organizational structure. Get the report to learn more!

Get Report