This blog post aims at presenting the life cycle of logs, the cybercrime marketplaces dedicated to logs and the noticeable schemes recently used by threat actors to exploit the stolen data.
In the first of the two-part blog post on the Russian-speaking infostealer ecosystem, Sekoia.io analysts highlighted the main distribution channels used by cybercriminals to spread their infostealers to a large public. In this second part, we share our analysis of the phenomenon of large-scale data theft, notably focusing on “logs”, i.e. stolen data collected by the infostealers. Since both financially-motivated and State-nexus threat actors add infostealers to their malware toolset, Sekoia.io monitors and analyses in-depth this infostealer ecosystem to follow the trends.
This blog post aims at presenting the life cycle of logs, the cybercrime marketplaces dedicated to logs and the noticeable schemes recently used by threat actors to exploit the stolen data. It is based on the monitoring of threat actors’ activities on underground forums and Telegram channels, as well as open source reports.
