- Table of contents
The author
The Cyberint Research Team work round the clock to unearth the latest threats to SMBs and enterprises. They are on top of the latest TTPs and monitor rising threat groups, malwares and trends.
Table of contents
Related Articles
New Cyber Alliance: The Five Families Telegram Channel
First Published: August 29th 2023
Updated: September 12th 2023
The Cyberint research team has discovered a new Telegram channel called “The Five Families,” purportedly marking the initiation of collaboration of five distinct threat actor groups:
- ThreatSec
- GhostSec
- Stormous
- Blackforums
- SiegedSec
This channel, which was established just a few hours ago, has already amassed nearly 400 subscriptions. Currently, it contains only one message:
This message has been shared across the official channels of the above-mentioned collaboration groups, signifying their approval of this joint effort. Allegedly, The Five Families consists of five representatives from each threat actor group, and they have already committed to sharing information about their coordinated attacks in the near future, forming an alarming new cybercrime syndicate.
Partnerships Emerging Among Threat Actors
It’s noteworthy that this is not the first instance of such collaboration and cooperation among threat actor groups. Within this very collective, a recent example involves the partnership between GhostSec, a hacktivist group, and Stormous, a ransomware group. This partnership was openly acknowledged and detailed. Just last week, GhostSec disclosed its involvement in a collaborative initiative with Stormous and other partners aimed at targeting the European digital services company Econocom Group. As part of this operation, GhostSec has already made a substantial amount of data (70GB) publicly accessible, along with selected samples.
The collaboration between GhostSec and Stormous formally commenced on July 13, 2023, with GhostSec announcing it on their Telegram channel, a declaration that was also echoed by Stormous. The partnership was driven by their shared opposition to Cuba, prompting joint attacks on various Cuban institutions, including the Department of Culture, the Ministry of Education, and the National Council for Culture.
Furthermore, GhostSec has connections to another member of “The Five Families” – SiegedSec. GhostSec and SiegedSec have been linked on several occasions. YourAnonWolf, a prominent threat actor publicly announced his affiliation with GhostSec and SiegedSec in the image below, where the threat actor states that they were once a GhostSec member and that they co-founded SiegedSec (Figure 5).
Recent Five Families Attacks
Alfacomercial-.com.br
On the 30th August 2023 the Five Families launched a cyber attack on Alfacomercial-.com.br, claiming to access 230GB of data from the company’s cloud systems. This data they allege contains customer data, financial information, internal documents and company software.
Biostar
“Five Families ” has openly acknowledged its involvement in a cyber attack against a global computer hardware accessories manufacturer, Biostar, headquartered in Taiwan. This attack led to the unauthorized acquisition of sensitive data of both customers and employees of Biostar.
Impact and Future Scenarios
While the joint entity and the disclosure of forthcoming collaborative attacks might not be exceptionally unexpected for the Cyberint research team – We are closely monitoring this cooperation within the Threat Actors groups consisting of The Five Families and other joined actions of other Threat Actor groups – this announcement is still very concerning.
The increasing trend of threat actor groups joining together for collaborative efforts is raising significant concerns, and we expect the trend to continue and even grow. These groups realize that collective action enhances their power and efficiency and allows for more impactful attacks, both operationally and in terms of public relations. These collaborations yield results that go beyond the capabilities of individual groups. Such partnerships often attract attention from supporters of all participating parties, increasing the impact on the targeted organizations. By pooling their resources and tapping into each other’s unique strengths, these groups benefit mutually.
The Cyberint Research Team anticipates the continuation of such collaborations in the near future, with more groups likely to join forces for more powerful attacks. While previous collaborations primarily revolved around the trade and outsourcing of malware and tools, the trend has evolved to encompass more comprehensive mutual campaigns and infrastructures.
These collaborations make threat actor groups stronger, and the potential consequences are alarming. They present a significant danger to the security and stability of the countries and organizations they target worldwide.
Cyberint and the Dark Web
Cyberint excels in accessing high-tier sources that remain elusive to most companies. Our unique ability to penetrate these hidden corners enables us to collect and analyze invaluable data. We enrich our automated collection with a human approach, through research and analysis of our military-grade expert team.
Find new sources in deep and dark web marketplaces, forums, and sites, even if those sources are volatile and difficult to track. Get deep analysis and reports, that allow you to understand a specific threat actor and group profiling, including the places of operation, targeted countries or verticals, TTPs and more. Get a demo and see what assets you have exposed on the deep & dark web.
