How Flashpoint Shaped the News: A Year of Blogs and Press

This year, Flashpoint intelligence analysts worked with reporters at a variety of publications serving a variety of audiences across the private and public sectors. Their expertise – along with many of the 150 new blogs we published in 2022 – was featured in The Wall Street JournalAxios, Washington Post, THE CABLE, Financial TimesBloomberg, Dark Reading, ThreatPost, Bleeping Computer and many other news outlets, linked below, that produce the journalism you read daily.
We’ve organized a list of some of the most important Flashpoint blogs and press clippings from the year that was. Together, they illustrate Flashpoint’s intelligence, innovations and impact in helping organizations address a wide variety of cyber and physical security challenges.
Contribute to the vulnerability intelligence landscape
Discover new vulnerabilities
Amid numerous reports from federal cybersecurity agencies that Advanced Persistent Threats (APTs) were targeting vulnerable network routers and devices, our internal vulnerability research team discovered two critical vulnerabilities affecting NetModule Router Software (SC Magazine).

Organizations that deploy NetModule router software may be vulnerable to exploitation
Flashpoint’s vulnerability research team discovers new vulnerabilities and works closely with vendors and customers to ensure these issues are resolved.
read more
Sheds light on recently disclosed zero-days and other critical vulnerabilities
2022 introduced many new vulnerabilities. But when new cases catch the attention of the media or the threat actors themselves, security teams often struggle to triage them – as actionable details are not yet available in CVE, at the time of disclosure. As such, we made sure we helped clear the air on several requested vulnerabilities such as SpringShell (VentureBeat), Text4Shell (The Hacker News) and the zero days affecting Microsoft’s Exchange Server software (The Record).
Security teams often struggling with their workloads need a comprehensive source of vulnerability information. It’s also important that organizations understand how CVE’s passive approach to vulnerability aggregation is negatively impacting their teams:

Why the full vulnerability intelligence picture depends on data beyond CVE and NVD
If your risk models are missing a third of all known vulnerabilities, are they effective?
read more
Tracking illegal marketplaces and threat actor activity
Fraud forums
Earlier this year, we observed that Raid Forums, a popular illegal online community known for its high-profile, large-scale database leaks, was suddenly seized by an unknown identity. Raid Forums had been running unhindered since 2015, but no official authorities or other cyber threat groups had claimed responsibility for shutting down the domain. Three weeks later, Breach Forums took Raid Forums place and is now ready to be the successor.

Breach Forums markets itself as a successor to raid forums
After about three weeks after Raid Forums was seized, a threat actor launched an alternative illegal hacking community called Breach Forums.
read more
Follow the story on TechTarget, PC Magazine and Hacker News.
Alphabay
Before Alphabay’s shutdown in 2017, it was considered one of the most popular darknet marketplaces – selling a wide range of illegal and illegal goods and services. Now it is back to its former glory with plans for innovation. One year after its re-emergence, we posted what we saw and what we think will come next for Alphabay Market. Our Alphabay-related intelligence research was featured in THE CABLEamong other outlets.

AlphaBay turns 1—again: Analyzing the impact of the AlphaBay Market
One year after AlphaBay resurfaced, AlphaBay has become one of the largest illegal marketplaces on the darknet.
read more
LAPSUS$
APTs, threat actors and ransomware groups have been quite prolific this year, but so have we – our analysts have been hard at work describing their illicit activities.
“Many of LAPSUS$’s recruitment ads are written in both English and Portuguese. According to cyber intelligence firm Flashpoint, the bulk of the group’s victims (15 of them) have been in Latin America and Portugal.
Krebson Security
Among many threat actor groups, LAPSUS$ made serious headlines this year. Initially targeting Latin American and Portuguese organizations in 2021, LAPSUS$ has since expanded its scope, breaking with well-known organizations such as Nvidia, Microsoft and Okta. Despite the sophistication of these attacks, there were rumors that the group was possibly led by, or had, teenagers in its ranks (Bloomberg) — a theory that Flashpoint analysts helped confirm.

What we know about the “Grand Theft Auto VI” data breach.
This data breach adds to the growing list of cyber attacks experienced by organizations in the gaming industry.
read more
On September 18, a threat actor named “tea pot chopper” posted on an online forum claiming to have hacked Rockstar Games, creator of the popular and controversial Grand Theft Auto (GTA) video game series. Our analysts quickly noticed that several sources in monitored illegal channels had linked together tea pot chopper to the recent Uber hack, and also said he was a member of LAPSUS$—and a minor. Read the aftermath of our findings by reading The CyberWire, The Hacker News and ITWorldCanada’s follow-up stories.
Cyber meets kinetic: Russia’s invasion of Ukraine
Before Russian troops invaded Ukraine, there was a trail of cyber intelligence apparently leading to a potential conflict. Two days before the war, US intelligence noted that Russia had massed 190,000 troops along the Ukrainian border. At the time there were no visual signs of fighting between the two nations, our analysts observed that much of the “action” was taking place on the internet as both Ukrainian nationalists and Russian-aligned groups scrambled to recruit people to their causes – with cybercriminal groups that also participate in the fight.
“Researchers at threat intelligence group Flashpoint said they have tracked close to 50 hacker groups that have now joined the latest cyber effort, with the majority supporting Ukraine and several financially motivated criminal groups, such as the Conti ransomware group, declaring allegiance to Russia. “
Financial Times
When Russia declared war on Ukraine, we offered free access to our intelligence to help the countries and organizations that would be affected by the crisis. The Cybersecurity Infrastructure and Security Agency (CISA) saw increased activity from Russian APTs, and in response, President Biden announced the Shields Up campaign – further emphasizing the need for detailed vulnerability information. As the war continued, we saw the Conti ransomware group declare their allegiance to Russia, as well as other groups like Killnet – who would cooperate on “doomsday” – bombarding Lithuania with relentless DDoS attacks.
Our analysts are continuously monitoring the crisis, and have observed the digital ripple effect the war has had on Russia’s black market and its cybercriminal underground:
Since the war is ongoing, there will be more updates and more stories to cover. To stay up-to-date on Flashpoint’s coverage of the Ukraine-Russia war, bookmark the Timeline of Russia’s Invasion of Ukraine: Cyber and Physical Warfare post, which is constantly updated with the latest news:

Timeline of Russia’s Invasion of Ukraine: Cyber and Physical Warfare
A compilation of Flashpoint coverage of the Russia-Ukraine war, from cyberattacks on infrastructure to illegal funding of mercenary groups.
read more
Stay informed with Flashpoint
Something new is happening every day, and the incessant noise can make it difficult for security teams to effectively protect their organizations. That’s why the analysts and writers at Flashpoint are dedicated to providing you with details and updates on the most important threat-related current events you need to be aware of. To stay updated, bookmark our Threat Intel blog. Sign up for a free trial to access Flashpoint’s best threat and vulnerability intelligence.