Tag: cybercrime
-
N.C. Pathology Practice Notifying 236,000 of Data Theft Hack
Did Marlboro-Chesterfield Pathology Pay Cybercrime Gang Safepay a Ransom?. A North Carolina pathology practice is notifying nearly 236,000 patients of a hacking incident discovered in January. Marlboro-Chesterfield Pathology says it took steps to ensure the hackers deleted its stolen data. Newcomer ransomware group Safepay is apparently the culprit in the attack. First seen on govinfosecurity.com…
-
U.S. Authorities Seize DanaBot Malware Operation, Indict 16
U.S. authorities seized the infrastructure of the DanaBot malware and charged 16 people in an action that is part of the larger Operation Endgame, a multinational initiative launched last year to disrupt and take apart global cybercriminals operations. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/u-s-authorities-seize-danabot-malware-operation-indict-16/
-
Russian-led cybercrime network dismantled in global operation
Arrest warrants issued for ringleaders after investigation by police in Europe and North AmericaEuropean and North American cybercrime investigators say they have dismantled the heart of a malware operation directed by Russian criminals after a global operation involving British, Canadian, Danish, Dutch, French, German and US police.International arrest warrants have been issued for 20 suspects,…
-
GenAI Assistant DIANNA Uncovers New Obfuscated Malware
Deep Instinct’s GenAI-powered assistant, DIANNA, has identified a sophisticated new malware strain dubbed BypassERWDirectSyscallShellcodeLoader. This malware, reportedly crafted with the assistance of large language models (LLMs) such as ChatGPT and DeepSeek, underscores a chilling trend in cybercrime: the rise of AI-generated threats. Unlike traditional hand-coded malware, this strain is engineered with unprecedented speed, complexity, and…
-
M&S contractor ‘investigating whether it was gateway for cyber-attack’
Tata Consulting Services said to be holding internal inquiry into whether its staff or systems were used to gain access<ul><li><a href=”https://www.theguardian.com/business/live/2025/may/23/energy-price-cap-cut-great-britain-retail-sales-stock-markets-bonds-business-live-news”>Business live latest updates</li></ul>An Indian company that operates Marks & Spencer’s IT helpdesk is reportedly investigating whether it was used by cybercriminals to gain access to systems at the retailer, which is battling a <a…
-
Researchers Uncover Infrastructure and TTPs Behind ALCATRAZ Malware
Elastic Security Labs has recently exposed a sophisticated new malware family dubbed DOUBLELOADER, observed in conjunction with the RHADAMANTHYS infostealer. This discovery sheds light on the evolving tactics, techniques, and procedures (TTPs) of cybercriminals who leverage advanced obfuscation tools to hinder analysis. Notably, DOUBLELOADER is protected by ALCATRAZ, an open-source obfuscator first released in 2023,…
-
TikTok videos now push infostealer malware in ClickFix attacks
Cybercriminals are using TikTok videos to trick users into infecting themselves with Vidar and StealC information-stealing malware in ClickFix attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/tiktok-videos-now-push-infostealer-malware-in-clickfix-attacks/
-
Operation Endgame 2.0: DanaBusted
Tags: access, attack, backup, banking, breach, business, cloud, communications, control, crypto, cybercrime, data, defense, detection, email, espionage, firewall, fraud, government, group, Hardware, infection, intelligence, international, law, malicious, malware, middle-east, network, programming, ransomware, russia, service, supply-chain, switch, threat, tool, ukraine, update, windowsIntroductionOn May 22, 2025, international law enforcement agencies released information about additional actions that were taken in conjunction with Operation Endgame, an ongoing, coordinated effort to dismantle and prosecute cybercriminal organizations, including those behind DanaBot. This action mirrors the original Operation Endgame, launched in May 2024, which disrupted SmokeLoader, IcedID, SystemBC, Pikabot, and Bumblebee. Zscaler…
-
3AM ransomware attack poses as a call from IT support to compromise networks
Cybercriminals are getting smarter. Not by developing new types of malware or exploiting zero-day vulnerabilities, but by simply pretending to be helpful IT support desk workers. First seen on tripwire.com Jump to article: www.tripwire.com/state-of-security/3am-ransomware-attackers-pose-it-support-compromise-networks
-
Russian Hacker Indicted Over $24 Million Qakbot Ransomware Operation
The U.S. Department of Justice has unsealed a federal indictment against Rustam Rafailevich Gallyamov, 48, of Moscow, Russia, alleging he led the development and deployment of the notorious Qakbot malware. This action, announced on May 22, 2025, marks a significant milestone in a years-long multinational effort to disrupt cybercriminal networks that have inflicted hundreds of…
-
DragonForce Engages in Turf War for Ransomware Dominance
Sophos has observed DragonForce attacking rival ransomware operators including RansomHub as it seeks to expand its reach in the cybercrime marketplace First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/dragonforce-turf-war-ransomware/
-
BKA gelingt Schlag gegen Cyberkriminelle
Im Rahen der “Operation Endgame” wurden die derzeit einflussreichsten Schadsoftware-Varianten vom Netz genommen. BKASicherheitsbehörden ist ein Schlag gegen die weltweite Cyberkriminalität gelungen. Im Laufe dieser Woche seien dank der “Operation Endgame” die derzeit einflussreichsten Schadsoftware-Varianten vom Netz genommen und die dahinterstehenden Täter identifiziert worden, teilte das Bundeskriminalamt (BKA) mit.Von den insgesamt 37 identifizierten Akteuren werden…
-
U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime Operation
The U.S. Department of Justice (DoJ) on Thursday announced the disruption of the online infrastructure associated with DanaBot (aka DanaTools) and unsealed charges against 16 individuals for their alleged involvement in the development and deployment of the malware, which it said was controlled by a Russia-based cybercrime organization.The malware, the DoJ said, infected more than…
-
Digital trust is cracking under the pressure of deepfakes, cybercrime
69% of global respondents to a Jumio survey say AI-powered fraud now poses a greater threat to personal security than traditional forms of identity theft. This number rises to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/23/ai-powered-fraud-threat/
-
US Takes Down DanaBot Malware, Indicts Developers
DanaBot Used to Steal and to Spy. A top figure in the Russian cybercrime gang behind DanaBot infected his own computer with the malware, allowing an FBI agent to search an image of his system, U.S. federal prosecutors disclosed Thursday in indictments and an announced disruption of the malware’s infrastructure. First seen on govinfosecurity.com Jump…
-
DOJ charges man allegedly behind Qakbot malware
The alleged leader of the cybercriminal gang behind the Qakbot malware, which was used by many high-profile ransomware gangs, has been indicted by the U.S. Justice Department. First seen on therecord.media Jump to article: therecord.media/doj-charges-man-allegedly-behind-qakbot-malware
-
Blurring Lines Between Scattered Spider & Russian Cybercrime
The loosely affiliated hacking group has shifted closer to ransomware gangs, raising questions about Scattered Spider’s ties to the Russian cybercrime underground. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/blurring-lines-scattered-spider-russian-cybercrime
-
Blurring Lines Between Scattered Spider and Russian Cybercrime
The loosely affiliated hacking group has shifted closer to ransomware gangs, raising questions about Scattered Spider’s ties to the Russian cybercrime underground. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/blurring-lines-scattered-spider-russian-cybercrime
-
Ghosted by a cybercriminal
Hazel observes that cybercriminals often fumble teamwork, with fragile alliances crumbling over missed messages. Plus, how UAT-6382 is exploiting Cityworks and what you can do to stay secure. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/ghosted-by-a-cybercriminal/
-
Hackers use fake Ledger apps to steal Mac users’ seed phrases
Cybercriminal campaigns are using fake Ledger apps to target macOS users and their digital assets by deploying malware that attempts to steal seed phrases that protect access to digital cryptocurrency wallets. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-use-fake-ledger-apps-to-steal-mac-users-seed-phrases/
-
Authorities carry out global takedown of infostealer used by cybercriminals
Authorities, along with tech companies including Microsoft and Cloudflare, say they’ve disrupted Lumma. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/05/authorities-carry-out-global-takedown-of-infostealer-used-by-cybercriminals/
-
Cybercriminals Using Trusted Google Domains to Spread Malicious Code
A sophisticated new malvertising scheme has emerged, transforming trusted e-commerce websites into phishing traps without the knowledge of site owners or advertisers. Cybercriminals are exploiting integrations with Google APIs, specifically through JSONP (JSON with Padding) calls, to inject malicious scripts into legitimate online stores. These scripts operate covertly, redirecting unsuspecting shoppers to fraudulent payment pages…
-
Cybercrime-Gruppe Dragonforce nimmt Konkurrenten im Kampf um die Ransomware-Vorherrschaft ins Visier
Seit Februar 2024, als die internationale Strafverfolgungsoperation ‘Cronos” die Leaksite Lockbit lahmlegte, ist das kriminelle Ransomware-Ökosystem stark gestört. In der Folge sind nicht nur neue Geschäftsmodelle entstanden, sondern es herrscht auch ein Revierkampf, da die Gruppen um die größte Marktmacht und schlussendlich den höchsten Gewinn mit Ransomware-Operationen wetteifern. Eine Gruppe macht dabei nach Untersuchungen der…
-
Feds and Microsoft crush Lumma Stealer that stole millions of passwords
Tags: access, breach, control, cyber, cybercrime, cybersecurity, infrastructure, malware, microsoft, password, russia, service, software, threat, tool2,300 domains neutralized, command infrastructure seized: As part of the legal action filed in the US District Court for the Northern District of Georgia, Microsoft secured authorization to seize and disrupt a core component of Lumma’s ecosystem: its domain infrastructure. These domains acted as communication nodes between infected devices and the malware’s operators.According to the…
-
Cybercrime & Kryptowährungen Teil 2 – So kämpfen Regulierung, Behörden und Forensik gegen Krypto-Kriminalität
First seen on security-insider.de Jump to article: www.security-insider.de/cyberkriminalitaet-krypto-boersen-regulierung-forensik-praevention-a-f8d1a0c6cac246029d6ced9f1a19683f/
-
Microsoft Dismantles Lumma Stealer Network, Seizes 2,000+ Domains
Microsoft disrupts Lumma Stealer network, seizing 2,000 domains linked to 394,000 infections in global cybercrime crackdown with law enforcement partners. First seen on hackread.com Jump to article: hackread.com/microsoft-dismantle-lumma-stealer-domain-seized/
-
Lumma infostealer infected about 10 million systems before global disruption
Cybercriminals used the prolific malware to target individuals and businesses, including Fortune 500 companies, according to the FBI. First seen on cyberscoop.com Jump to article: cyberscoop.com/lumma-infostealer-widespread-victims/
-
Police Operation and Microsoft Take Down Lumma Infostealer
User Panels and Command and Control Domains Seized. Law enforcement and Microsoft struck a blow against malware used to steal login credentials and financial data, seizing the central command structure and thousands of online domains used to control the Lumma Stealer. Lumma first appeared on Russian-language speaking cybercriminal forums in 2022. First seen on govinfosecurity.com…
-
Lumma infostealer’s infrastructure seized during US, EU, Microsoft operation
A sting involving law enforcement and private sector companies disrupted the Lumma infostealer, malware sold around the globe to cybercriminals and credited for millions of infections. First seen on therecord.media Jump to article: therecord.media/lumma-infostealer-malware-takedown-microsoft-fbi