Tag: extortion
-
Malware devs abuse Anthropic’s Claude AI to build ransomware
Anthropic’s Claude Code large language model has been abused by threat actors who used it in data extortion campaigns and to develop ransomware packages. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malware-devs-abuse-anthropics-claude-ai-to-build-ransomware/
-
Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations
Cybercriminals have started >>vibe hacking
-
Anthropic AI Used to Automate Data Extortion Campaign
The company said the threat actor abused its Claude Code service to an unprecedented degree, automating reconnaissance, intrusions, and credential harvesting. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/anthropic-ai-automate-data-extortion-campaign
-
Storm-0501 Exploits Entra ID to Exfiltrate and Delete Azure Data in Hybrid Cloud Attacks
The financially motivated threat actor known as Storm-0501 has been observed refining its tactics to conduct data exfiltration and extortion attacks targeting cloud environments.”Unlike traditional on-premises ransomware, where the threat actor typically deploys malware to encrypt critical files across endpoints within the compromised network and then negotiates for a decryption key, First seen on thehackernews.com…
-
Anthropic Disrupts AI-Powered Cyberattacks Automating Theft and Extortion Across Critical Sectors
Anthropic on Wednesday revealed that it disrupted a sophisticated operation that weaponized its artificial intelligence (AI)-powered chatbot Claude to conduct large-scale theft and extortion of personal data in July 2025.”The actor targeted at least 17 distinct organizations, including in healthcare, the emergency services, and government, and religious institutions,” the company said. “ First seen on…
-
Attackers steal data from Salesforce instances via compromised AI live chat tool
What Salesloft Drift users should do next: The GTIG report and the Salesloft advisories include indicators of compromise such as IP addresses used by the attackers and User-Agent strings for the tools they used to access the data. Mandiant advises companies to also search logs for any activity from known Tor exit nodes in addition…
-
Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks
Hackers breached sales automation platform Salesloft to steal OAuth and refresh tokens from its Drift chat agent integration with Salesforce to pivot to customer environments and exfiltrate data. The ShinyHunters extortion group claims responsibility for these additional Salesforce attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/salesloft-breached-to-steal-oauth-tokens-for-salesforce-data-theft-attacks/
-
New Hook Android Banking Malware Emerges with Advanced Features and 107 Remote Commands
Zimperium’s zLabs research team has identified a sophisticated new variant of the Hook Android banking trojan, marking a significant escalation in mobile threat sophistication. This iteration incorporates ransomware-style overlays that display extortion messages, demanding payments via dynamically fetched wallet addresses from the command-and-control (C2) server. Activated by the >>ransome
-
HOOK Android Trojan Adds Ransomware Overlays, Expands to 107 Remote Commands
Cybersecurity researchers have discovered a new variant of an Android banking trojan called HOOK that features ransomware-style overlay screens to display extortion messages.”A prominent characteristic of the latest variant is its capacity to deploy a full-screen ransomware overlay, which aims to coerce the victim into remitting a ransom payment,” Zimperium zLabs researcher Vishnu Pratapagiri First…
-
Zscaler ThreatLabz 2025 Ransomware Report – Datendiebstahl und Erpressung auf dem Vormarsch
First seen on security-insider.de Jump to article: www.security-insider.de/cyberkriminalitaet-verschiebung-zu-datendiebstahl-und-erpressung-a-467511bb89ff761c86ad26a95e70d627/
-
Disgruntled developer gets four-year sentence for revenge attack on employer’s network
Lone wolves: It’s the attack every enterprise fears even more than hackers or a data breach: an insider with skills and knowledge who decides to go rogue.While such attacks remain exceptions, the ones that come to public attention in court cases always make for stressful reading. The challenge is that developers and admins must have…
-
Enterprise passwords becoming even easier to steal and abuse
Tags: access, attack, authentication, breach, ceo, ciso, compliance, control, credentials, cyber, cybersecurity, data, detection, encryption, exploit, extortion, group, identity, leak, mfa, monitoring, passkey, password, phishing, ransomware, risk, strategy, threat, tool, zero-trustGrowing threat from stolen credentials: Attackers actively target user credentials because they offer the most direct route or foothold into a targeted organization’s network. Once inside, attackers can move laterally across systems, searching for other user accounts to compromise, or they attempt to escalate their privileges and gain administrative control.This hunt for credentials extends beyond…
-
Zunehmende Komplexität von Ransomware-Angriffen: Erpressung entwickelt sich weiter
Untersuchung beleuchtet Vorgehensweise von Angreifern sowie Konsequenzen für Unternehmen. Die gängigste Praxis ist laut dem neuen SOTI-Bericht (State of the Internet) von Akamai die doppelte Erpressung. Akamai hat festgestellt, dass Bedrohungsakteure nun auch eine neue Taktik verwenden die vierfache Erpressung [1]. Wie der »Ransomware-Bericht 2025: Der Aufbau von Resilienz in einer unbeständigen Bedrohungslandschaft«… First seen…
-
Cyberangriff auf Colt: Support-Systeme nach Lösegelddrohung offline
Tags: access, api, china, cve, cyberattack, exploit, extortion, hacker, infrastructure, mail, microsoft, ransomware, rce, remote-code-execution, service, technology, update, vulnerabilityDer TK-Konzern Colt kämpft seit einer Woche mit den Folgen einer Ransomware-Attacke.Colt Technology Services, ein britischer Telekommunikationskonzern, der 900 Rechenzentren in Europa, Asien und Nordamerika miteinander verbindet, wurde am 12. August 2025 Opfer eines Cyberangriffs.Der Fall wurde zunächst als ‘technisches Problem” bezeichnet. Inzwischen hat das Unternehmen jedoch den Angriff bestätigt und seine interne Support-Systeme, darunter…
-
Cyberangriff auf Colt: Support-Systeme nach Lösegelddrohung offline
Tags: access, api, china, cve, cyberattack, exploit, extortion, hacker, infrastructure, mail, microsoft, ransomware, rce, remote-code-execution, service, technology, update, vulnerabilityDer TK-Konzern Colt kämpft seit einer Woche mit den Folgen einer Ransomware-Attacke.Colt Technology Services, ein britischer Telekommunikationskonzern, der 900 Rechenzentren in Europa, Asien und Nordamerika miteinander verbindet, wurde am 12. August 2025 Opfer eines Cyberangriffs.Der Fall wurde zunächst als ‘technisches Problem” bezeichnet. Inzwischen hat das Unternehmen jedoch den Angriff bestätigt und seine interne Support-Systeme, darunter…
-
Singapore issues critical alert on Dire Wolf ransomware targeting global tech and manufacturing firms
Tags: attack, authentication, backup, business, compliance, control, credentials, cyber, data, defense, email, endpoint, extortion, insurance, intelligence, leak, malicious, mfa, msp, network, phishing, ransom, ransomware, resilience, risk, supply-chain, threat, updateRipple effects on global enterprises: The global business fallout of Dire Wolf ransomware attacks is significant and poses a multi-layered, high-impact threat to global enterprises.”Its attacks directly disrupt operations and supply chains, particularly in manufacturing and tech, leading to production delays, revenue loss, and downstream customer impact,” said Manish Rawat, analyst at TechInsights. “Financial impact…
-
Law Enforcement Seizes BlackSuit Ransomware Servers Targeting U.S. Critical Infrastructure
Tags: control, cyber, extortion, group, infrastructure, international, law, ransomware, tactics, threatThe U.S. Department of Justice, in collaboration with multiple domestic and international law enforcement agencies, announced the seizure of critical infrastructure associated with the BlackSuit ransomware group, formerly known as Royal. Authorities dismantled four command-and-control (C2) servers and nine domains utilized by the threat actors for deploying ransomware payloads, extorting victims through double-extortion tactics, and…
-
Cybercrime Groups ShinyHunters, Scattered Spider Join Forces in Extortion Attacks on Businesses
Tags: attack, credentials, cybercrime, data, extortion, finance, group, service, tactics, technology, theftAn ongoing data extortion campaign targeting Salesforce customers may soon turn its attention to financial services and technology service providers, as ShinyHunters and Scattered Spider appear to be working hand in hand, new findings show.”This latest wave of ShinyHunters-attributed attacks reveals a dramatic shift in tactics, moving beyond the group’s previous credential theft and database…
-
Home Office Phishing Scam Targets UK Immigration Sponsors
The sophisticated campaign aims to steal credentials of sponsor license holders to facilitate immigration fraud, extortion and other monetization schemes First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/home-office-phishing-uk/
-
US reveals it seized $1 million worth of Bitcoin from Russian BlackSuit ransomware gang
The United States Department of Justice has revealed that the recent takedown of the BlackSuit ransomware gang’s servers, domains, and dark web extortion site, also saw the seizure of US $1,091,453 worth of cryptocurrency. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/us-reveals-it-seized-1-million-worth-of-bitcoin-from-russian-blacksuit-ransomware-gang
-
Scattered Spider’s New Telegram Channel Names Targeted Organizations
A new Telegram channel that combined the names of well-known threat actor organizations Shiny Hunters, Scattered Spider, and Lapsus$ emerged on Friday afternoon in a daring uptick in cyberthreat activity. This platform, potentially short-lived due to Telegram’s moderation policies, has rapidly disseminated evidence of multiple data breaches, partial data leaks, and extortion demands within its…
-
Scattered Spider’s New Telegram Channel Names Targeted Organizations
A new Telegram channel that combined the names of well-known threat actor organizations Shiny Hunters, Scattered Spider, and Lapsus$ emerged on Friday afternoon in a daring uptick in cyberthreat activity. This platform, potentially short-lived due to Telegram’s moderation policies, has rapidly disseminated evidence of multiple data breaches, partial data leaks, and extortion demands within its…
-
9 things CISOs need know about the dark web
Tags: 2fa, access, ai, attack, automation, backup, blockchain, botnet, breach, captcha, ceo, ciso, communications, corporate, credentials, crypto, cyber, cybercrime, cybersecurity, dark-web, data, data-breach, ddos, deep-fake, defense, detection, dns, exploit, extortion, finance, fraud, group, guide, hacking, identity, incident, incident response, infrastructure, intelligence, international, jobs, law, leak, lockbit, malicious, malware, marketplace, mfa, monitoring, network, open-source, phishing, privacy, ransomware, resilience, risk, russia, saas, scam, service, strategy, tactics, technology, threat, tool, training, vpn, vulnerability, zero-dayNew groups form after major marketplaces are disrupted: International takedown efforts damage infrastructure and curb cybercrime operations by disrupting larger operations, removing major players from the ecosystem and scattering user bases.However, the dark web is highly adaptive and sophisticated actors often maintain contingency plans, including mirrors, backups, and alternative forums, according to Edward Currie, associate…
-
Google confirms Salesforce CRM breach, faces extortion threat
Google disclosed a Salesforce Customer Relationship Management (CRM) breach exposing data of some prospective Google Ads customers. Google confirmed a breach in a Salesforce CRM instance affecting the data of prospective Google Ads customers. The website Databreaches.net reported that the attackers have sent an extortion demand to the Tech giant. Google Threat Intelligence Group confirmed that…
-
Still Dangerous After All These Years
Ransomware isn’t dying, it’s evolving, swapping encryption for aggressive extortion as attacks and data theft hit record highs. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/ransomware-still-dangerous-after-all-these-years/
-
Unbefugter Zugriff bei einem globalen IT-Unternehmen
The Cost of a Call: From Voice Phishing to Data Extortion First seen on cloud.google.com Jump to article: cloud.google.com/blog/topics/threat-intelligence/voice-phishing-data-extortion
-
Unbefugter Zugriff bei einem globalen IT-Unternehmen
The Cost of a Call: From Voice Phishing to Data Extortion First seen on cloud.google.com Jump to article: cloud.google.com/blog/topics/threat-intelligence/voice-phishing-data-extortion
-
US confirms takedown of BlackSuit ransomware gang that racked up $370 million in ransoms
Two weeks ago, the ransomware gang’s darknet extortion sites were seized in an operation involving police from more than nine countries including Germany, France and the United Kingdom. First seen on therecord.media Jump to article: therecord.media/us-confirms-blacksuit-takedown
-
Airlines KLM and Air France Detail Customer Data Breach
ShinyHunters May Have Struck Again. Airlines Air France and KLM said they suffered a data breach involving a third-party service storing customer data. The alert comes as the ShinyHunters extortion group continues to target Salesforce-using organizations and trick them into sharing direct access to their customer data. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/airlines-klm-air-france-detail-customer-data-breach-a-29143