Full Report
After posting something about a new report on cbsecurity[.]net by Dos-OP on Nova RaaS, Nova contacted me to complain, dispute the claims, and accuse me of being an unprofessional journalist. Once they made contact, I told him I would forward his criticisms to Dos-OP for their response, even though, as Dos-OP pointed out to me, Nova... Source
Analysis Summary
This document summarizes an **information security event** stemming from the public disclosure of a report concerning the Nova Ransomware-as-a-Service (RaaS) operation. The incident details focus on the post-publication communication and dispute rather than a technical breach of a victim organization.
# Incident Report: Response to Nova RaaS Disclosure
## Executive Summary
Following the journalist's publication of a report by Dos-OP detailing the Nova RaaS operation, the Nova RaaS group contacted the journalist to dispute the findings and criticize the reporting. The journalist mediated by forwarding the criticisms to Dos-OP, who subsequently provided evidence to support their claims, leading to an update of the original report.
## Incident Details
- Discovery Date: November 30, 2025 (Date of original report publication, triggering contact)
- Incident Date: Shortly after November 30, 2025 (When Nova contacted the journalist)
- Affected Organization: Nova RaaS (Target of the investigation/reporting)
- Sector: Cybercrime/RaaS Operations
- Geography: Not specified (Implied international due to RaaS operation)
## Timeline of Events
### Initial Access
- Date/Time: Undetermined, post-publication of Dos-OP report.
- Vector: Direct contact initiated by Nova RaaS via communication channels utilized by the journalist (e.g., email, direct message).
- Details: Nova complained, disputed the claims made in the Dos-OP report, and accused the journalist of unprofessionalism.
### Lateral Movement
- N/A (This event relates to information exchange and dispute, not network compromise.)
### Data Exfiltration/Impact
- N/A (No direct impact via technical compromise detailed; impact is reputational/informational.)
### Detection & Response
- Detection: Nova RaaS initiating contact.
- Response Actions: The journalist informed Nova that their criticisms would be forwarded to Dos-OP. Dos-OP subsequently responded to the journalist's forwarded questions, providing evidence (screenshots, proof) for their claims. The original post was updated to include Nova's rebuttal and Dos-OP's defense.
## Attack Methodology
*Note: Since this is an information dispute rather than a technical compromise, standard MITRE ATT&CK classifications are adjusted to reflect communication vectors.*
- Initial Access: Direct communication (Contact initiated by the adversary group, Nova).
- Persistence: N/A
- Privilege Escalation: N/A
- Defense Evasion: N/A
- Credential Access: N/A
- Discovery: N/A
- Lateral Movement: N/A
- Collection: N/A
- Exfiltration: N/A
- Impact: Reputational challenge/disinformation attempt against the report author.
## Impact Assessment
- Financial: Not applicable/Unknown.
- Data Breach: No indication of a data breach or system compromise related to the reporting activity.
- Operational: No operational disruption to the journalist or Dos-OP was noted.
- Reputational: The incident resulted in an active, public dispute regarding the accuracy of the investigative report, necessitating an amendment to the original publication.
## Indicators of Compromise
- Network Indicators: N/A
- File Indicators: N/A
- Behavioral Indicators: Attempt by subject group (Nova) to pressure or discredit reporting sources.
## Response Actions
- Containment: The journalist contained the situation by acting as an intermediary, forwarding communications to the original source (Dos-OP).
- Eradication: N/A
- Recovery: Recovery involved updating the original article to incorporate the dispute and Dos-OP's supporting evidence.
## Lessons Learned
- Investigative reporting involving high-profile threat groups often invokes direct pushback or attempts at reputation damage from the subjects of the investigation.
- Maintaining clear documentation and evidence (as Dos-OP provided) is crucial when claims are publicly disputed.
- Information sharing with law enforcement regarding certain findings has already commenced.
## Recommendations
- Future investigations should anticipate direct, adversarial communication post-publication from heavily scrutinized entities like RaaS groups.
- Ensure all evidentiary support for controversial claims is secured and ready for immediate verification if challenged publicly.