The ransomware group Black Basta disbanded after internal chat leaks, but its tactics, especially mass email spam and Microsoft Teams phishing, continue to be used by former members and new groups. Emerging attack methods now include Python script execution with cURL for payload delivery, emphasizing the need for strong user education and vigilant defense strategies. #BlackBasta #MicrosoftTeamsPhishing #CactusRaaS
Tag: INITIAL ACCESS
CyberEye, also known as TelegramRAT, is a modular .NET-based Remote Access Trojan that uses Telegram Bot API for command and control, enabling stealthy surveillance and data theft without requiring attacker infrastructure. Its capabilities include credential harvesting, defense evasion by disabling Windows Defender, clipboard hijacking, and persistence via scheduled tasks, making it a significant threat for users and organizations. #CyberEye #TelegramRAT #TelegramBotAPI
The Black Basta ransomware group’s social engineering attacks sharply declined after December 2024, with evidence indicating that BlackSuit affiliates have adopted or absorbed their tactics. Rapid7’s analysis reveals sophisticated Java RAT and QEMU-based malware deployments, leveraging cloud services for command and control, and highlights ongoing evolution in attacker methods. #BlackBasta #BlackSuit #JavaRAT
Cybersecurity researchers have uncovered Myth Stealer, a Rust-based info stealer distributed via fake gaming websites and a MaaS platform, capable of stealing browser data and evading detection. This malware highlights the ongoing use of game cheat lures to spread malicious tools and exploit user trust. #MythStealer #RustMalware…
A hacker group called Rare Werewolf has been covertly mining cryptocurrency across Russia and neighboring countries by infecting computers with XMRig malware, using sophisticated techniques to avoid detection. This campaign, active since at least 2019, involves phishing attacks and stealthy shutdown methods to maximize mining efficiency and evade detection. #RareWerewolf #XMRig…
FIN6, also known as Skeleton Spider, employs sophisticated social engineering tactics leveraging professional job platforms to distribute the Moreeggs backdoor via cloud-hosted malicious infrastructure. Their campaigns utilize fake resumes, CAPTCHA protections, and environmental filtering to evade detection and deliver ransomware and credential theft malware. #FIN6 #Moreeggs #Skeleton_Spider
Rare Werewolf, an APT group, has targeted Russia and CIS countries using legitimate software and phishing tactics to deploy cryptojackers and facilitate remote access. The group’s activities include using PowerShell scripts, remote desktop tools, and decoy documents, complicating detection efforts. #RareWerewolf #APT #Cryptojacking…
SentinelLABS detected and thwarted reconnaissance and intrusion operations linked to the PurpleHaze and ShadowPad activity clusters, attributed with high confidence to China-nexus threat actors targeting SentinelOne and related organizations. Despite multiple sophisticated attacks between 2024 and 2025, SentinelOne’s infrastructure remained uncompromised, underscoring persistent threats to cybersecurity vendors and global industries. #PurpleHaze #ShadowPad #GOREshell #APT15 #UNC5174
SentinelOne reports on a series of cyber intrusions linked to China-nexus threat actors, targeting organizations across the globe from July 2024 to March 2025. These activities involve reconnaissance, lateral movement, and exploitation, primarily by the PurpleHaze group and related clusters, with implications for government, media, and IT sectors. #PurpleHaze #UNC5174…
SentinelOne reports a sophisticated supply chain attack by Chinese state-sponsored hackers targeting critical infrastructure and large enterprises worldwide. The campaign involved exploitation of network vulnerabilities and malware such as ShadowPad and GOREshell, highlighting persistent cyber espionage efforts. #APT15 #APT41 #ShadowPad #GOREshell
This cybersecurity update highlights recent critical vulnerabilities, advanced malware campaigns, and nation-state hacking activities, emphasizing the importance of proactive defense. Key incidents include Google Chrome fixing an exploited 0-day, PathWiper targeting Ukraine, and sophisticated zero-click attacks on iPhones. #ChromeZeroDay #PathWiper #SaltTyphoon…
Cybersecurity researchers warn about a new ClickFix malware campaign targeting macOS users with social engineering tactics to install Atomic macOS Stealer (AMOS). The attack involves fake Spectrum impersonation sites and malicious shell scripts that deceive users into revealing passwords, leading to data theft and lateral movement. #ClickFix #AtomicStealer…
A new malware called ‘PathWiper’ is targeting critical infrastructure in Ukraine, aiming to destroy systems rather than extort. It is attributed to Russia-linked APT groups and shows evolution from previous wiper malware like HermeticWiper. #PathWiper #HermeticWiper #Sandworm #Ukraine #APT
Kettering Health experienced a significant cyberattack in May when the Interlock ransomware group stole sensitive data and caused system outages. The healthcare provider has since secured its systems and restored critical services, but the breach exposed substantial patient and organizational information. #InterlockRansomware #KetteringHealth
A sophisticated cyber campaign named Operation DRAGONCLONE targeted China Mobile Tietong using VELETRIX and VShell malware, employing DLL sideloading, anti-sandbox, and IPfuscation techniques. The activity is linked to China-aligned threat groups UNC5174 and Earth Lamia, with overlaps to multiple post-exploitation tools and infrastructure. #OperationDRAGONCLONE #VELETRIX #VShell #ChinaMobileTietong #UNC5174 #EarthLamia