Tag: group
-
Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion
A Telegram-based guarantee marketplace known for advertising a broad range of illicit services appears to be winding down its operations, according to new findings from Elliptic.The blockchain intelligence company said Tudou Guarantee has effectively ceased transactions through its public Telegram groups following a period of significant growth. The marketplace is estimated to have processed First…
-
Mandiant pushes organizations to dump insecure NTLMv1 by releasing a way to crack it
Tags: attack, authentication, computer, credentials, crypto, cve, data, data-breach, email, encryption, group, Hardware, international, mandiant, microsoft, network, ntlm, phishing, risk, service, supply-chain, theft, threat, vulnerability, windowspass-the-hash. The benefit is time and money saved: Mandiant reckons its rainbow table allows the recovery of an NTLMv1 key in 12 hours using a computer costing $600, rather than relying on third party services or expensive hardware to brute-force the keys.None of this makes NTLMv1 less secure or easier to target than it already…
-
Ransomware ‘Most Wanted’: Cops Seek Head of Black Basta
Crackdown Targets Multiple Members of Cybercrime Group, Including ‘Hash Crackers’. Police raided two suspected members of the notorious Black Basta ransomware group – tied to over 600 victims worldwide and many millions in ransom payments – in Ukraine and issued an international arrest warrant for the Russian national suspected of being the operation’s founder and…
-
UK govt. warns about ongoing Russian hacktivist group attacks
The U.K. government is warning of continued malicious activity from Russian-aligned hacktivist groups targeting critical infrastructure and local government organizations in the country in disruptive denial-of-service (DDoS) attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/uk-govt-warns-about-ongoing-russian-hacktivist-group-attacks/
-
Spear-Phishing Campaign Leverages Google Ads to Distribute EndRAT Malware
Genians Security Center has published an in-depth analysis of Operation Poseidon, a sophisticated APT campaign attributed to the Konni threat group that exploits legitimate advertising infrastructure to distribute EndRAT malware. This advanced spear-phishing operation demonstrates how threat actors leverage trusted platforms to circumvent traditional security defenses while targeting South Korean financial institutions and human rights…
-
Unmasked by Leaks: The Hidden Backbone of a Ransomware Operation
The leaks tied to the BlackBasta ransomware group and Russian hosting company Media Land pulled back the curtain on something defenders rarely get to see: the internal machinery and people behind a major ransomware operation. In February 2025, an unknown individual using the handle ExploitWhispers appeared on Telegram and published a massive archive of BlackBasta’s internal chats…
-
Law enforcement tracks ransomware group blamed for massive financial losses
Law enforcement agencies in Ukraine and Germany have identified two members of a Russian-affiliated ransomware group and carried out searches in western Ukraine. Search … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/19/international-ransomware-group-investigation-ukraine/
-
Suspects Linked to Black Basta Ransomware Group Raided in Ukraine
Oleg Evgenievich Nefedov, allegedly one of the founders of Black Basta, was also placed on Europol’s and Interpol’s Most Wanted lists First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/suspects-black-basta-ransomware/
-
From arts degree to cybersecurity: Rona Michele Spiegel brings fresh perspective to cyber leadership
Tags: ai, awareness, business, cisco, ciso, cloud, compliance, computer, cyber, cybersecurity, data, governance, group, hacking, Hardware, intelligence, jobs, network, office, penetration-testing, privacy, psychology, risk, risk-management, skills, software, startup, strategy, supply-chain, technology, tool, vulnerabilityRona Michele Spiegel’s journey to cybersecurity might seem unconventional to some: She studied the arts. But as someone who grew up when computers first appeared and everyone wanted to experiment with them, she did a lot of multimedia work. She was always interested in technology and discussed with art colleagues about where the world was…
-
EU and INTERPOL Hunt Black Basta Ransomware Kingpin, Suspects Identified in Ukraine
European and international law enforcement agencies have intensified their pursuit of individuals connected to the Black Basta ransomware operation. Authorities confirmed that the alleged leader of the Russia-linked ransomware-as-a-service (RaaS) group has been placed on both the European Union’s Most Wanted list and INTERPOL’s Red Notice, while Ukrainian and German investigators have identified two additional…
-
Threat Actors Abuse Browser Extensions to Deliver Fake Warning Messages
Threat intelligence researchers at Huntress have uncovered a sophisticated browser extension campaign orchestrated by the KongTuke threat actor group, featuring a malicious ad blocker impersonating the legitimate uBlock Origin Lite extension. The campaign weaponizes fake browser crash warnings to trick users into executing malicious PowerShell commands, ultimately delivering ModeloRAT, a previously undocumented Python-based remote access…
-
GootLoader uses malformed ZIP files to bypass security controls
GootLoader malware uses malformed ZIP files made of hundreds of concatenated archives to evade detection. GootLoader is used by ransomware actors for initial access, then handed off to others. Built to evade detection, it accounted for 11% of bypassing malware in the past years. GootLoader runs on an access-a-as-a-service model, it is used by different groups to…
-
GootLoader uses malformed ZIP files to bypass security controls
GootLoader malware uses malformed ZIP files made of hundreds of concatenated archives to evade detection. GootLoader is used by ransomware actors for initial access, then handed off to others. Built to evade detection, it accounted for 11% of bypassing malware in the past years. GootLoader runs on an access-a-as-a-service model, it is used by different groups to…
-
UkraineGermany operation targets Black Basta, Russian leader wanted
Police in Ukraine and Germany identified Black Basta suspects and issued an international wanted notice for the group’s alleged Russian leader. Ukrainian and German police raided homes linked to alleged Black Basta ransomware members, identifying two Ukrainian suspects. Law enforcement also issued an international wanted notice for the group’s alleged Russian ringleader. >>The Office of…
-
Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice
Ukrainian and German law enforcement authorities have identified two Ukrainians suspected of working for the Russia-linked ransomware-as-a-service (RaaS) group Black Basta.In addition, the group’s alleged leader, a 35-year-old Russian national named Oleg Evgenievich Nefedov (Ðефедов Олег Евгеньевич), has been added to the European Union’s Most Wanted and INTERPOL’s Red Notice lists, authorities First seen on…
-
Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice
Ukrainian and German law enforcement authorities have identified two Ukrainians suspected of working for the Russia-linked ransomware-as-a-service (RaaS) group Black Basta.In addition, the group’s alleged leader, a 35-year-old Russian national named Oleg Evgenievich Nefedov (Ðефедов Олег Евгеньевич), has been added to the European Union’s Most Wanted and INTERPOL’s Red Notice lists, authorities First seen on…
-
China-linked APT UAT-8837 targets North American critical infrastructure
Cisco Talos says a China-linked group, tracked as UAT-8837, has targeted North American critical infrastructure since last year. Cisco Talos reports that threat group UAT-8837, likely linked to China, has targeted critical infrastructure in North America since at least last year. The activity shows tactics overlapping with known China-linked clusters. >>Cisco Talos is closely tracking…
-
Ransomware activity never dies, it multiplies
Ransomware attacks kept climbing through 2025, even as major criminal groups collapsed and reformed. A new study conducted by the Symantec and Carbon Black Threat Hunter Team … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/16/ransomware-attacks-extortion-trends/
-
A ransomware attack disrupted operations at South Korean conglomerate Kyowon
South Korean conglomerate Kyowon confirmed a ransomware attack that disrupted operations and may have exposed customer data. Kyowon Group is a major South Korean conglomerate with diverse business interests spanning education, publishing, media, and technology. It operates nationwide, serving millions of customers through its various subsidiaries and brands. The company is a significant player in…
-
Ransomware by the Numbers: Count of Victims and Groups Surge
Despite Some Well-Known Groups Disappearing, Ransomware Competition Remains Fierce. Here’s unwelcome ransomware news: Groups’ victim listings and underground chatter suggest that the count of victims and number of criminal groups behind such attacks have both risen over the past 12 months, despite repeat disruptions by law enforcement, fierce competition and fewer victims paying. First seen…
-
Most Inspiring Women in Cyber 2026: Meet The Judges
Next month, the annual Most Inspiring Women in Cyber Awards will take place at The BT Tower, London, celebrating some of the industry’s most inspirational and oftentimes unsung women. Sponsored by Fidelity International, BT, Plexal and Bridewell, and proudly supported by industry-leading diversity groups WiTCH, WiCyS UK&I and Seidea, the 2026 event is The post…
-
Predator-Spyware gefährlicher als gedacht
Bereits Ende 2024 veröffentlichte die Google Threat Intelligence Group erste Ergebnisse zu der Spyware Predator, die der Intellexa Alliance zugerechnet wird. Aufbauend auf diesen Erkenntnissen hat das Threat Labs Team von Jamf eigene Analysen durchgeführt First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/predator-spyware
-
Ransomware gangs extort victims by citing compliance violations
Tags: ai, attack, breach, compliance, data, data-breach, extortion, group, ransomware, regulation, threat, toolAI amplifies attacks: Hild points to another problem: “AI-powered tools dramatically accelerate these attacks. Criminals can now screen stolen documents for ‘material’ compliance violations within hours of a data breach, faster and more accurately than many companies can audit their own systems.”The SailPoint specialist explains: “They create detailed, legally sound complaints for authorities and set…
-
South Korean giant Kyowon confirms data theft in ransomware attack
The Kyowon Group (Kyowon), a South Korean conglomerate, disclosed that a cyberattack has disrupted its operations and customer information may have been exposed in the incident. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/south-korean-giant-kyowon-confirms-data-theft-in-ransomware-attack/
-
CERT-UA reports PLUGGYAPE cyberattacks on defense forces
CERT-UA reported PLUGGYAPE malware attacks on Ukraine’s defense forces, linked with medium confidence to Russia’s Void Blizzard group. The Computer Emergency Response Team of Ukraine (CERT-UA) reported new cyberattacks against Ukraine’s defense forces using PLUGGYAPE malware. Government experts attributed the attack with medium confidence to the Russian-linked group Void Blizzard (aka Laundry Bear, UAC-0190), active…
-
SpyCloud Launches Supply Chain Solution to Combat Rising Third-Party Identity Threats
Tags: access, ai, authentication, breach, business, communications, compliance, credentials, cybercrime, cybersecurity, dark-web, data, data-breach, defense, government, grc, group, identity, incident response, infosec, infrastructure, malware, monitoring, phishing, ransomware, risk, risk-management, service, supply-chain, technology, theft, threat, toolFor government agencies and critical infrastructure operators, supply chain threats present national security risks that demand heightened vigilance. Public sector organizations managing sensitive data and critical services increasingly rely on contractors and technology vendors whose compromised credentials could provide adversaries with pathways into classified systems or essential infrastructure. Last year alone, the top 98 Defense…
-
DeadLock Ransomware Group Utilizes Polygon Smart Contracts
Stealthy Group Taps Blockchain ‘EtherHiding’ to Facilitate Victim Communications. The DeadLock ransomware group, a newly emerged digital extortion group, is using blockchain smart contracts to store proxy server addresses for facilitating ransomware negotiations with victim organizations. The technique suggests the group is made up of experienced cybercriminals. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/deadlock-ransomware-group-utilizes-polygon-smart-contracts-a-30518
-
PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of new cyber attacks targeting its defense forces with malware known as PLUGGYAPE between October and December 2025.The activity has been attributed with medium confidence to a Russian hacking group tracked as Void Blizzard (aka Laundry Bear or UAC-0190). The threat actor is believed…