Tag: cybercrime

Deciphering Black Basta’s Infrastructure from the Chat Leak

Mar 6, 2025 8:53 PM

Tags: cybercrime, cybersecurity, infrastructure, leak, ransomware

By Oleg Lypko, with Estelle Ruellan and Tammy Harper (Flare Research) This article has originally appeared on Cybercrime Diaries On February 20, 2025, the cybersecurity community received an unexpected stroke of luck as internal strife seemingly spread within the infamous Black Basta ransomware group. On that day, an unknown individual using the alias ExploitWhispers released……
Cybercriminals Exploit Compromised Email Servers for Fraudulent Campaigns

Mar 6, 2025 7:54 PM

Tags: attack, business, cyber, cybercrime, edr, email, exploit, fraud

Trend Micro’s Managed XDR team has recently investigated a sophisticated Business Email Compromise (BEC) attack that targeted multiple business partners. The incident, which occurred over several days, involved the exploitation of a compromised email server to orchestrate a complex fraud scheme. Intricate Web of Deception The attack involved three business partners (Partner A, Partner B,…
PrintSteal Cybercrime Group Mass-Producing Fake Aadhaar PAN Cards

Mar 6, 2025 7:54 PM

Tags: cyber, cybercrime, data-breach, group, india, network

A large-scale cybercrime operation dubbed >>PrintSteal
Cybercrime ‘crew’ stole $635,000 in Taylor Swift concert tickets

Mar 6, 2025 7:54 PM

Tags: cybercrime, marketplace

New York prosecutors say that two people working at a third-party contractor for the StubHub online ticket marketplace made $635,000 after almost 1,000 concert tickets and reselling them online. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cybercrime-crew-stole-635-000-in-taylor-swift-concert-tickets/
Detecting Malicious Activities With Traffic Distribution Systems

Mar 6, 2025 7:54 PM

Tags: attack, cyber, cybercrime, exploit, infrastructure, malicious, malware, network, phishing, service, tool

Traffic Distribution Systems (TDS) have emerged as critical tools for both legitimate and malicious purposes, serving as sophisticated redirection networks that manage traffic flow across multiple endpoints. While businesses use TDS to optimize marketing campaigns and improve service reliability, cybercriminals exploit this infrastructure to orchestrate phishing attacks, malvertising campaigns, and illicit services. These systems obfuscate…
Hackers Deploy Advanced Social Engineering Tactics in Phishing Attacks

Mar 6, 2025 7:54 PM

Tags: apt, attack, cyber, cybercrime, hacker, malicious, phishing, social-engineering, strategy, tactics, threat

Cybercriminals are evolving their phishing methods, employing more sophisticated social engineering tactics to deceive their targets. Recent findings from ESET’s APT Activity Report highlight a concerning trend where threat actors are establishing relationships with potential victims before deploying malicious content. This shift in strategy makes it increasingly challenging for employees to identify and avoid phishing…
Two arrested for stealing Taylor Swift Eras Tour tickets and selling for a $600,000 profit in cybercrime scheme

Mar 6, 2025 5:53 PM

Tags: access, cybercrime

Two people were arrested in New York City after allegedly using backend access to StubHub’s system to steal the URLs for 900 concert tickets, most of which were for Taylor Swift’s popular Eras Tour. First seen on therecord.media Jump to article: therecord.media/two-arrested-for-stealing-taylor-swift-tickets-cybertheft
Cybercriminals picked up the pace on attacks last year

Mar 5, 2025 7:34 PM

Tags: access, attack, cybercrime, group, intelligence, ransomware, threat

Ransomware groups last year achieved lateral movement within an average of 48 minutes after gaining initial access to targeted environments, threat intelligence experts said. First seen on cyberscoop.com Jump to article: cyberscoop.com/cybercriminals-record-speed-attacks-2024/
Black Basta Pivots to Cactus Ransomware Group

Mar 5, 2025 4:34 PM

Tags: attack, cybercrime, group, malware, ransomware

The future of the formerly fearsome cybercriminal group remains uncertain as key members have moved to a new affiliation, in fresh attacks that use novel persistence malware BackConnect. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/black-basta-pivots-cactus-ransomware-group
Cybercriminals Impersonate Electronic Frontier Foundation to Target Gaming Community

Mar 5, 2025 1:34 PM

Tags: cyber, cybercrime, exploit, phishing, tactics

A sophisticated phishing campaign targeting the Albion Online gaming community has been uncovered, revealing a complex operation involving impersonation of the Electronic Frontier Foundation (EFF) and deployment of advanced malware. The campaign, discovered on March 4, 2025, showcases the evolving tactics of cybercriminals in exploiting trust in reputable organizations and leveraging the immersive nature of…
The dirty dozen: 12 worst ransomware groups active today

Mar 5, 2025 10:34 AM

Tags: access, ai, alphv, apt, attack, backup, breach, cloud, cyber, cybercrime, dark-web, data, detection, email, encryption, endpoint, exploit, extortion, finance, government, group, healthcare, infrastructure, intelligence, korea, law, leak, linux, lockbit, malicious, malware, moveIT, network, north-korea, organized, phishing, ransom, ransomware, russia, service, social-engineering, software, strategy, threat, tool, usa, vmware, vulnerability, windows, zero-day

Black Basta: History: Black Basta appeared on the ransomware scene in early 2022 and is believed to be a spin-off from Conti, a group notorious for attacking major organizations.How it works: Black Basta usually deploys malware through exploitation of known vulnerabilities and social engineering campaigns. “Employees in the target environment are email bombed and then…
Polyglot files used to spread new backdoor

Mar 5, 2025 5:34 AM

Tags: access, attack, awareness, backdoor, business, ceo, cio, ciso, computer, control, corporate, cybercrime, data, detection, email, endpoint, espionage, exploit, india, infection, infrastructure, malicious, malware, social-engineering, technology, threat, training

the attackers first compromised the email account of an Indian electronics company, then used that access to send email messages with malicious links;the link led to a ZIP file that includes polyglot files to obfuscate payload content.According to Proofpoint, the use by threat actors of polyglot files, which are files that can be interpreted by…
How Hackers Using AI Tools Threaten the Health Sector

Mar 5, 2025 12:34 AM

Tags: ai, attack, cybercrime, exploit, hacker, tool, vulnerability

The majority of significant attacks hitting the health sector involve unpatched vulnerabilities dating back years, a situation cybercriminals are more easily and swiftly able to exploit using AI-based tools, said Health Information Sharing and Analysis Center president Denise Anderson. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/how-hackers-using-ai-tools-threaten-health-sector-i-5459
Cybersecurity Risks in 2025

Mar 4, 2025 8:34 PM

Tags: cyber, cybercrime, cybersecurity, risk, threat

Cyber threats in 2025 will constantly evolve, with cybercriminals using both new and old vulnerabilities. Here are the risks expected in 2025. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/cybersecurity-risks-in-2025/
Cybercrime-Umfrage: Laut Bitkom 6 von 10 Internetnutzern betroffen

Mar 4, 2025 7:34 PM

Tags: cybercrime

First seen on datensicherheit.de Jump to article: www.datensicherheit.de/cybercrime-umfrage-bitkom-61-prozent-internetnutzer-betroffenheit
LLMjacking Hackers Abuse GenAI With AWS NHIs to Hijack Cloud LLMs

Mar 4, 2025 6:34 PM

Tags: access, ai, api, attack, cloud, cyber, cybercrime, exploit, hacker, LLM, service

In a concerning development, cybercriminals are increasingly targeting cloud-based generative AI (GenAI) services in a new attack vector dubbed >>LLMjacking.
GrassCall Malware Targets Job Seekers to Steal Login Credentials

Mar 4, 2025 5:34 PM

Tags: credentials, crypto, cyber, cyberattack, cybercrime, group, jobs, linkedin, login, malicious, malware, russia, software

A newly identified cyberattack campaign, dubbed GrassCall, is targeting job seekers in the cryptocurrency and Web3 sectors through fake job interviews. Attributed to the Russian-speaking cybercriminal group >>Crazy Evil,
Hackers Exploit Microsoft Teams Quick Assist for Remote Access

Mar 4, 2025 5:34 PM

Tags: access, attack, corporate, cyber, cybercrime, cybersecurity, defense, exploit, group, hacker, microsoft, ransomware, threat, tool, unauthorized

Cybersecurity researchers have uncovered a sophisticated campaign in which threat actors are exploiting Microsoft Teams and Quick Assist to gain unauthorized remote access to enterprise systems. The attacks, attributed to ransomware groups such as Black Basta and Cactus, demonstrate the growing trend of cybercriminals abusing legitimate tools to bypass security defenses and infiltrate corporate networks.…
Qilin Cybercrime Ring Claims Credit for Lee Newspaper Breach

Mar 3, 2025 10:34 PM

Tags: breach, cybercrime, group, leak, ransom, ransomware, service

The ransomware-as-a-service (RaaS) cybercrime group intends to leak the stolen information in just two days, it claims; but oddly, it doesn’t seek a ransom payment from its victim. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/qilin-cyber-gang-credit-lee-newspaper-breach
Ransomware Evolution: From Encryption to Extortion

Mar 3, 2025 10:34 PM

Tags: ai, attack, cybercrime, data, encryption, extortion, intelligence, ransomware, threat

Cybercriminals Use Artificial Intelligence and Physical Threats to Maximize Impact One-dimensional data encryption threats have morphed into more dangerous, multi-layered ransomware attacks that are expanding in scope and impact, creating an urgent need for organizations to fortify their defenses. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/blogs/ransomware-evolution-from-encryption-to-extortion-p-3816
Fake IT Support Calls Trick Microsoft Teams Users into Installing Ransomware

Mar 3, 2025 9:34 PM

Tags: cybercrime, email, microsoft, ransomware

Cybercriminals pose as IT support, using fake calls and Microsoft Teams messages to trick users into installing ransomware through email floods and remote access. First seen on hackread.com Jump to article: hackread.com/fake-it-support-calls-microsoft-teams-users-install-ransomware/
CrowdStrike 2025 Global Threat Report: 51-Second Breaches Shake Cybercrime

Mar 3, 2025 7:34 PM

Tags: breach, china, crowdstrike, cyberattack, cybercrime, malware, threat

CrowdStrike’s 2025 Global Threat Report reveals cyberattacks breaking out in just 51 seconds, with a 150% surge in China-linked activity and 79% malware-free detections. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/cybersecurity/crowdstrike-2025-threat-report-insights/
âš¡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists

Mar 3, 2025 2:34 PM

Tags: ai, android, breach, crypto, cybercrime, exploit, microsoft, tool, zero-day

This week, a 23-year-old Serbian activist found themselves at the crossroads of digital danger when a sneaky zero-day exploit turned their Android device into a target. Meanwhile, Microsoft pulled back the curtain on a scheme where cybercriminals used AI tools for harmful pranks, and a massive trove of live secrets was discovered, reminding us that…
UK Cybersecurity Weekly Update 2 March 2025

Mar 3, 2025 1:34 PM

Tags: access, ai, apple, attack, backup, breach, china, cyber, cyberattack, cybercrime, cybersecurity, data, election, encryption, google, governance, government, group, healthcare, infrastructure, intelligence, monitoring, office, privacy, ransomware, regulation, russia, service, threat, unauthorized, update, vulnerability

UK Government’s Encryption Demands Lead to Apple’s Data Protection Withdrawal The UK government has mandated that Apple provide access to encrypted iCloud backups under the Investigatory Powers Act of 2016. In response, Apple has withdrawn its “Advanced Data Protection” feature for UK users, citing concerns over user privacy and security. This move has sparked a…
Ransomware access playbook: What Black Basta’s leaked logs reveal

Mar 3, 2025 10:34 AM

Tags: access, breach, credentials, cybercrime, dark-web, data, data-breach, extortion, group, login, malware, password, ransomware, service, software, theft, threat, tool

From infostealer to ransomware: Infostealers are malware programs designed to scrape login information stored inside browser password stores and other applications. These threats are increasingly being offered as a service on cybercriminal forums, and according to a recent study, their prevalence has increased three-fold over the past year. The information stolen by such tools, known…
Why cyber attackers are targeting your solar energy systems, and how to stop them

Mar 3, 2025 8:33 AM

Tags: access, attack, authentication, automation, awareness, backup, best-practice, china, communications, control, credentials, cyber, cybercrime, cybersecurity, data, detection, exploit, firmware, framework, group, infrastructure, iot, mfa, monitoring, network, password, penetration-testing, regulation, risk, russia, service, software, technology, threat, update, vulnerability

Smart inverter vulnerabilities threaten the electric grid: The biggest risk occurs during high-demand times. If enough solar DERs suddenly go offline during a critical period, there might not be adequate alternative energy sources that can come online immediately, or the available alternatives are much more expensive to operate. Attackers can produce similar results merely by…
US Military Personnel Arrested for Hacking 15 Telecom Providers

Mar 3, 2025 7:33 AM

Tags: cyber, cybercrime, hacking, military

Federal prosecutors have filed a detention memorandum urging the court to indefinitely detain Cameron John Wagenius, a 21-year-old active-duty U.S. Army soldier stationed at Fort Cavazos, Texas, following his alleged involvement in a multi-state cybercrime campaign targeting at least 15 telecommunications providers. The charges, unsealed ahead of a March 3 detention hearing, reveal a sprawling…
The Rise of QR Phishing: How Scammers Exploit QR Codes and How to Stay Safe

Mar 2, 2025 10:33 PM

Tags: cybercrime, exploit, malicious, phishing, qr, scam

QR phishing is on the rise, tricking users into scanning malicious QR codes. Learn how cybercriminals exploit QR codes and how to protect yourself. First seen on hackread.com Jump to article: hackread.com/rise-of-qr-phishing-how-scammers-exploit-qr-codes/
Security Affairs newsletter Round 513 by Pierluigi Paganini INTERNATIONAL EDITION

Mar 2, 2025 12:33 PM

Tags: cybercrime, email, exploit, international, microsoft, ransomware, WeeklyReview, zero-day

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Ransomware gangs exploit a Paragon Partition Manager BioNTdrv.sys driver zero-day Microsoft disrupted a global cybercrime ring abusing Azure…
Was ist ein Initial Access Broker?

Mar 2, 2025 10:34 AM

Tags: access, cybercrime

In der Cybercrime-Szene hat sich in den letzten Jahren eine Spezialisierung herausgebildet, die für Unternehmen und Organisationen weltweit eine ernsthafte Bedrohung darstellt: der Initial Access Broker (IAB). First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/initial-access-broker-definition