Skip to content Skip to footer

Advanced Threat Research Report October 2021

Published by: McAfee

As 2021 progressed through its second quarter and into the third, cyber criminals introduced new—and updated—threats and tactics in campaigns targeting prominent sectors. Ransomware campaigns maintained their prevalence while evolving their business models to extract valuable data and millions in ransoms from enterprises big and small.
DarkSide's highly publicized attack on Colonial Pipeline's gas distribution dominated cybersecurity headlines in May. MVISION Insights quickly identified DarkSide's early prevalence of targets within the United States, primarily Legal Services, Wholesale and Manufacturing, Oil, Gas, and Chemical sectors.
Shutting down a major U.S. gas supply chain grabbed the attention of public officials and Security Operations Centers, but equally concerning were other ransomware groups operating similar affiliate models. Ryuk, REvil, Babuk, and Cuba ransomware actively deployed business models supporting others' involvement to exploit common entry vectors and similar tools. These, and other groups and their affiliates, exploit common entry vectors and, in many cases, the tools we see being used to move within an environment are the same. Not long after DarkSide's attack, the REvil gang stole the spotlight using a Sodinokibi payload in its ransomware attack on Kaseya, a global IT infrastructure provider. REvil/ Sodinokibi topped our list of ransomware detections in Q2 of 2021.
Download now and read McAfee's Advanced Threat Research Report.

Read More

By submitting this form you agree to McAfee contacting you with marketing-related emails or by telephone. You may unsubscribe at any time. McAfee web sites and communications are subject to their Privacy Notice.

By requesting this resource you agree to our terms of use. All data is protected by our Privacy Notice. If you have any further questions please email

digital route logo
Lang: ENG
Type: Whitepaper Length: 18 pages

More resources from McAfee