Farnetwork, The Ransomware Prodigy

Nov 09 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s like a 1980’s mix tape, bringing you hit after hit ????

Today’s hottest cybersecurity news stories:

  • ????‍♂️ Farnetwork exposes its RaaS business via interview with undercover ????️

  • ???? Visa launches ‘payments learning program’ focusing on cybersecurity ????

  • ☠️ Lazurus-linked ‘BlueNoreoff’ is back and it’s coming for your crypto ????

Hackers: Name one time you went above and beyond for customer (Denial-of-)service  ????????????




???? Meet Farnetwork: The Ransomware Prodigy! ????

???? In the latest scoop from the cybersecurity world, researchers have unveiled a notorious threat actor known as Farnetwork. This cybercriminal has been making waves for the past four years, playing a key role in five different ransomware-as-a-service (RaaS) programs. ????

????️‍♂️ Getting to Know the Villain ????️‍♂️

Singapore-based Group-IB managed to peek behind the curtains of the Nokoyawa ransomware-based RaaS.

They even had a “job interview” with Farnetwork! This sneak peek uncovered Farnetwork’s dark history, which began in 2019.

They dabbled in various ransomware projects like JSWORM, Nefilim, Karma, Nemty, and eventually launched their own RaaS program using Nokoyawa ransomware. ????

???? Cybercriminal history ????

Farnetwork doesn’t just have one name; they go by many aliases like Farnetworkit, Jingo, and more on underground forums. They initially offered a remote access trojan called RazvRAT.

???? Broadening Horizons ????

In 2022, Farnetwork shifted their focus to Nokoyawa and even created a botnet service for their affiliates to access compromised corporate networks. They’ve been recruiting talent to deploy ransomware and demand ransom from victims using stolen credentials.

???? The RaaS Game ????

RaaS affiliates get 65% of the ransom, while Farnetwork gets 20%, and the ransomware developer gets 15%. This innovative approach streamlines the ransomware operation but reduces affiliates’ payouts.

???? What’s Next? ????

Although Nokoyawa ceased operations in October 2023, don’t be surprised if Farnetwork reemerges under a different name and with a new RaaS program. According to experts, Farnetwork is one of the most active players in the RaaS market.

Stay vigilant, stay safe, and watch out for the next cyber thriller! ????️????????


Clean your Mac or PC


Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.

That’s where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:

  • Remove junk files and malware to free up space and improve performance

  • Protect your privacy by erasing sensitive data

  • Optimize your startup settings to speed up boot times

  • Manage your extensions and apps to keep your Mac or PC running smoothly

Since 2008 MacPaw is trusted by over 30 million users worldwide, and it’s the perfect solution for keeping your Mac or PC safe and secure.

Credit where credit’s due eh? ????????????




???? Visa Launches Cybersecurity Training Program ????

Visa has unveiled a payments learning program to address the growing need for skilled cybersecurity professionals.

The program will offer online courses and certifications to equip workers, students, and military personnel with vital cybersecurity skills, aiming to create a diverse talent pool.

Initially focused on payment cybersecurity, Visa’s move aligns with the White House National Cybersecurity Strategy Implementation Plan’s call to foster cybersecurity careers.

???? Visa’s Vision: A Cyber-Savvy Workforce ????‍????

While currently available only in the U.S., Visa plans to expand the program worldwide. Visa’s CISO, Subra Kumaraswamy, envisions “industry-recognized training and certification” for diverse global communities.

Visa provides an apprenticeship track offering introductory cybersecurity training and on-the-job experience. There’s also a military track, catering to veterans, reservists, and military spouses.

????️ Apprenticeships and Military Training ????

The launch of this program is timely, given the industry’s talent deficit. With 3.5 million unfilled cybersecurity positions this year, Visa is working to bridge the gap and enhance the payments industry’s security.

???? Closing the Talent Gap: A Vital Mission ????

Visa plans to expand the apprenticeship program for payments cybersecurity and introduce one related to software engineering. They already have similar programs in Europe and the Asia-Pacific region.

???? Rising Threat: The Challenge of Payment Fraud ????

As the cybersecurity workforce shortage continues, payment fraud is on the rise. Visa’s initiative aims to safeguard sensitive data, prevent losses, adhere to regulations, and build trust with consumers.

???? Global Challenge: Protecting Financial Futures ????

Global financial firms are projected to face $40.62 billion in losses from financial fraud by 2027, emphasising the importance of cybersecurity in the payments industry.

???? Visa’s Commitment: Building a Secure Tomorrow ????️????????

Visa says its committed to building a diverse and equitable cybersecurity talent pipeline, enhancing industry security, and protecting financial institutions and consumers.

Stay tuned for more updates on Visa’s mission to bolster the cybersecurity workforce! ????️

???? Catch of the Day!! ????????????

???? The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can’t get fooled again.” Good ol’ George Dubya ???? Let us tell who’s not fooling around though; that’s the Crüe ???? at Motley Fool. You’d be a fool (alright, enough already! ????) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ???? Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ???? (LINK)

???? Wander: Find your happy place. Cue Happy Gilmore flashback ????️⛳????????️ Mmmm Happy Place… ???? So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ????️???? (LINK)

???? Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts ???????? (Great movie, to be fair ????). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty ????). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho ???? And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ???? (LINK)

Cryptic by name, crypto by nature ????????????




????️ New Malware Linked to BlueNoroff APT Group Uncovered ????

????️‍♂️ Security researchers have unearthed a fresh malware variant believed to be associated with the financially motivated BlueNoroff Advanced Persistent Threat (APT) group. BlueNoroff often targets cryptocurrency exchanges, venture capital firms, and banks in its campaigns.

???? Threat Hunting ????????????

???? Discovered during routine threat hunting, the malware, named “ObjCShellz,” stands out due to its interaction with a known malicious domain. What’s concerning is that a legitimate cryptocurrency exchange also operates under a similar domain, raising red flags.

???? Rustbucket returns ????

???? BlueNoroff’s Rustbucket campaign involves disguising as investors or headhunters to infiltrate targets, aligning with the latest discovery. The malware executes remote shell commands, providing attackers with control over compromised systems.

???? Online again off again ????

???? The malicious domain, registered in May 2023, eventually went offline after analysis. While the initial access method remains unclear, the malware likely serves as a late-stage tool in multi-stage attacks.

Stay vigilant as cybersecurity researchers continue to uncover threats from this APT group. ????????

????️ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa: The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles