BlackCat on the Run, FBI Online Crime Statistics and BEC Targeting the US Government.

BlackCat/APLHV is continuing to follow their routine of patterns. In their latest stunt, they have put a fake site takedown alert on their darknet site. ALPHV has been known to pull Exit Scams before so they will likely re-brand themselves in the near future. This classic exit scam comes in light of UnitedHealth being ransomed by the group and allegedly paying out a $20 Million USD Ransom. The National Crime Agency told Reuters that it was not involved in a takedown of ALPHV as the group's website suggests.

Dmitry Smilyanets of Recorded Future shared a screenshot of a darknet post where known BlackCat affiliate Notchy, claims that the group was “screwed over by the feds” and that they intended to sell their source code. The screenshot is shared below.

Moving on, the FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report. That report can be found here. After looking over the report there are some key statistics to look at, in 2023 total reported losses due to cybercrime were up 22% from 2022. The total reported loss hit a staggering $12.5 Billion USD. The total loss count for the last 5 years is $37.4 Billion USD. I would definitely recommend going and reading through the IC3 report for yourself.

Sticking to the government sector, TA4903 has been impersonating government entities through Business Email Compromise (BEC). TA4903 specializes in BEC and they have been active since at least 2019. Proofpoint recently shared an email that is being sent by the group that is utilizing a QR code to direct users to a fake bidding page for jobs with the Department of Agriculture.

The threat actor has been known to register domains that are similar to known government entities to aid in their campaigns. Proofpoint also noted that the actor seems to be moving away from targeting government entities and has begun looking at smaller organizations.