Security Bloggers Network Vulnerabilities

Home » Cybersecurity » Analytics & Intelligence » Threat Intelligence » 8Base Ransomware Surge; SmugX Targeting European Governments; Russian-Linked DDoS Warning

8Base Ransomware Surge; SmugX Targeting European Governments; Russian-Linked DDoS Warning

by Jörg Abraham on July 5, 2023

Surge in 8Base Ransomware Operations Raises Questions of Connections to Phobos and RansomHouse

In June 2023, activity related to 8base ransomware operations increased significantly, although the exact reason for this surge remains unknown. [1]

Messages listed on the group’s onion site indicate that it has been active since at least April 2022. The actor deploys double extortion technique, exfiltrating and encrypting sensitive data and threatening with publication if the ransom is not paid in time. 8Base has compromised organizations globally, spanning multiple sectors.

OSINT reporting shows similarities between 8base and RansomHouse – another ransomware operation. The ransom notes used by both operations share a 99% similarity, indicating a strong connection. Furthermore, the language utilized on the 8base leak site closely resembles that of RansomHouse, suggesting a potential link between the two groups.

There are also some differences between 8base and RansomHouse. While RansomHouse openly advertises its partnerships and actively recruits for collaborations, 8base does not engage in such practices. Moreover, the layout design and structure of the leak site for 8base differs from that of RansomHouse, further distinguishing the two operations.

There are also parallels between 8base and another ransomware group known as Phobos. Phobos utilized the file extension “.8base” for its encrypted files in the past. According to VMware, a “comparison of Phobos and the 8Base sample revealed that 8Base was using Phobos ransomware version 2.9.1”. Since Phobos was available as a ransomware-as-a-service (RAAS) offering, it is plausible that the actor modified the variant to their own needs.

It is yet to be determined if 8Base is a derivative of Phobos or RansomHouse.

*** This is a Security Bloggers Network syndicated blog from EclecticIQ Blog authored by Jörg Abraham. Read the original post at: https://blog.eclecticiq.com/8base-ransomware-surge-smugx-targeting-european-governments

July 5, 2023July 5, 2023 Jörg Abraham Industry, Threat Intelligence, Threats and Vulnerabilities

8Base Ransomware Surge; SmugX Targeting European Governments; Russian-Linked DDoS Warning

Surge in 8Base Ransomware Operations Raises Questions of Connections to Phobos and RansomHouse

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Warning to US Retail: ‘Scattered Spider’ Targets YOU (with DragonForce Ransomware)