Marco A. De Felice (aka @amvinfe) of SuspectFile and DataBreaches have often shared information with each other about threat actors or incidents, including what may appear to be second attacks or maybe just a re-listing of a previous attack. He has recently taken a look at listings of data claimed by two or more groups to determine if they are unique breaches or a re-sale or re-listing of previously breached data. In a new post, he writes:
In recent years, cybersecurity has faced an increasingly complex threat: collaboration among cybercriminal groups. It is now common to observe the same set of data being released by multiple malicious actors, with timelines ranging from a few days to several months. This phenomenon can be attributed to two main scenarios:
- Intentional collaboration among groups, where resources and information are exchanged strategically.
- Resale or sharing of exfiltrated data, where the initial attacker provides information to multiple actors.
Among the key players in these events is the Meow Leaks group, known for claiming “exclusive” attacks. However, a closer analysis reveals that in at least seven recent cases, listed in the table below, the declared victims’ names had already been disclosed by other actors. This raises suspicions that the group may not be the original perpetrator of the breaches but rather an intermediary in the resale or reuse of stolen data.
Read more at SuspectFile.