New Blog / DarkRaaS and CornDB: Evidence of a Coordinated Network?

Read Now

Research

research
[ajax_load_more preloaded="true" order="DESC" orderby="date" preloaded_amount="12" seo="true" id="resources" container_type="div" paging="true" paging_show_at_most="24" paging_scroll="true:100" paging_controls="false" post_type="resource" posts_per_page="24" taxonomy="resource_type" taxonomy_terms="research" taxonomy_operator="IN"]

Research

Welcome to KELA Cyber Threat Intelligence Research! Stay informed, stay protected. Our expert team monitors evolving cyber threats, analyzing cybercrime underground sources, trends, tactics, and vulnerabilities. Get ahead of bad actors with insights on emerging attack techniques, industry-specific threats, and actionable recommendations to fortify your defenses.

August 7, 2024

Unmasking Deepfakes: When Digital Deception Becomes the New Reality

Uncover the alarming rise of deepfake technology in our report, where we delve into how it’s becoming a crucial tool for cybercriminals, facilitating deception, manipulation, and fraud.
July 23, 2024

2024 Paris Olympics: Cyberattacks are Far from Fair Game

Discover the critical cyber threats facing the 2024 Paris Olympic Games and the extended risks to associated partners and participants in our comprehensive report.
July 22, 2024

Chinese Cybercrime Ecosystem [Report]

CISA prioritized Chinese cyber threats in 2023 amidst increased state-sponsored attacks and cybercrime originating from China. Mutual growth between financially motivated cybercriminals and state-sponsored APTs within the Chinese cybercrime ecosystem is noted. KELA’s research aims to empower defenders against these evolving threats.
March 18, 2024

A deep dive into Akira and Black Basta negotiations

Diving into the shadowy realm of cyber extortion! KELA’s new report reveals the intricate tactics of Akira and Black Basta, two of the most formidable ransomware adversaries in 2023. Uncover their negotiation strategies, ransom demands, and the real implications of capitulating to their terms. Delve deeper into the full report for a detailed
August 2, 2023

Beyond Donations: How Hacktivist Groups Fund Their Operations

Through active monitoring of hacktivist groups, KELA identified a shift in their funding patterns. While traditionally relying on donations from community, it became evident that solely depending on these contributions is insufficient. In this report, KELA explores the success and failure of hacktivist groups’ various monetization efforts.
July 25, 2023

Ransomware Victims and Network Access Sales in Q2 2023

Hold on to your hats! The ransomware and extortion pros were in full swing during the Q2 2023! KELA identified more than 1,200 victims, amounting to an increase of 41% from Q1 2023. Read the report to learn about the most prolific ransom and extortion actors, as well as their victim, top geographies, industries and main events involving ransom gangs.
June 5, 2023

APT Groups And Their Presence In The Cybercrime Ecosystem [REPORT]

Despite the aura of sophistication surrounding APT groups, and although it is difficult to identify them in cybercrime sources, the cybercrime ecosystem is an important resource for APT groups when it comes to their operations. In this report, we show how APT groups not only access standard cybercrime sources, but are also active participants in them.
May 15, 2023

Delving Into The Emerging Infostealers Of 2023 [Report]

Information stealers continue to be a significant concern for companies in 2023 as in the last few years. The emergence of new infostealers highlights the ongoing efforts of cybercriminals to create new tools for stealing sensitive data. Read the report to learn about newly emerged infostealers, popular illicit markets and what to anticipate in 2023.
April 10, 2023

Ransomware Victims and Network Access Sales in Q1 2023

The massive ransomware campaign that targeted thousands of ESXi servers in early 2023 highlights the continuing danger posed by ransomware and extortion groups to organizations worldwide.1 KELA observed an increase in ransomware and extortion attacks and sales of network access (an important part in ransomware gangs’ supply chain) in Q1 2023 compared
February 1, 2023

TELEGRAM – How a Messenger Turned Into a Cybercrime Ecosystem by 2023

Telegram is a messaging app that is used by many people around the world for a variety of purposes. However, it has also become a hub for cybercrime activities, including the sale and leakage of stolen personal and corporate data, the organization of cybercrime gangs, the distribution of hacking tutorials, hacktivism and the sale of illegal physical
January 12, 2023

The Cybercrime Inferno- 2022 Annual Report

Ransomware attacks occur when hackers gain unauthorized access to a computer system or network and hold it hostage through data encryption or threats to expose sensitive information until a ransom is paid. Get insights into the 2022 landscape of ransomware, extortion attacks, as well as trends, prevention strategies, and mitigation methods.
December 8, 2022

Keys to the Kingdom: How Compromised Corporate Emails Have Become the Most Attractive Attack Vector for Cybercriminals

Dedicated shops provide a convenient platform for threat actors to sell a large number of compromised emails. Once purchased, these accounts can be monetized through various attack types. KELA’s analysis examines the extent of these shops used to monetize compromised emails and demonstrates how actors exploit obtained access.
October 31, 2022

Ransomware Victims and Network Access Sales in Q3 2022

Ransomware and data-leak actors continue to operate vigorously with new gangs having emerged in Q3 2022. IABs offers continue to be in demand and to increase in quantity and price. Read on to delve into KELA’s expert analysis and get mitigation recommendations!
October 6, 2022

Top Luxury Brands in France: Threat Landscape Report

France is a world leader in the Luxury sector. This research by KELA delves into cyber threats faced by luxury companies, emphasizing their attractiveness as targets due to holding data from affluent individuals and public figures. Moreover, compromising employee data grants attackers access to internal information for exfiltration, sale, or extortion.
August 11, 2022

Examining Ransomware Victims and Network Access Sales in Q2 2022

Ransomware groups continue to evolve and threaten organizations and companies around the world. While some gangs reduced their activity in Q2 2022 or shut down, new actors like Black Basta emerged and continued extorting money from businesses. The report is based on KELA’s monitoring of ransomware gangs and initial access brokers’ activity in Q2.
August 8, 2022

German Automotive Sector Cybercrime Threats Landscape Report

The German automotive sector is one of the leading sectors in Germany. It is adopting digital and automation technologies, and is therefore a valuable target for cyber criminals, from ransomware gangs to nation-state actors. In the report you’ll find new surprising findings by KELA research team as well as valuable forecasts and recommendations.
June 2, 2022

Ransomware Victims and Network Access Sales in Q1 2022

In Q1 2022, ransomware gangs maintained their status as a major threat. They collaborated with various cybercriminals, such as initial access brokers (IABs), and aimed to conduct attacks against corporations worldwide. This report features insights and analysis from KELA’s extensive monitoring of ransomware gangs and IAB’s activity in Q1.
May 5, 2022

2021-2022 UK Financial Sector Cyber Threat Landscape Report

This research aims to shed light on cyber threats targeting the UK’s financial sector. Due to the trend of transporting banking and financial services online, the sector is putting itself at cyber risk. Being the most likely sector to hold personal data of customers, the question of financial sector’s state of cyber security is of utmost importance.
March 17, 2022

Beware. Ransomware. Top Trends of 2021

In this report, KELA provides insights into ransomware victims, recaps activity of ransomware groups in 2021 — both in terms of their attacks and presence on cybercrime forums — and shares exclusive findings about collaboration of ransomware actors with other cybercriminals.
March 17, 2022

Analysis of leaked Conti’s internal data

On February 27, 2022, as a response to the Conti ransomware gang’s support of the Russian invasion of Ukraine, a suspected Ukrainian researcher leaked internal conversations of its members. KELA analyzed the leaks to understand the group’s evolution and TTPs, as well as organizational structure. Get the report to learn more!