Incidents involving malware or ransomware. In some cases, incidents called “ransomware” do not involve any locking but merely hack, exfiltrate, and attempt to extort.
Bleeping Computer reports that an unnamed 45-year-old suspect linked to DoppelPaymer ransomware attacks targeting Dutch organizations in 2021 has been arrested by Moldovan police. Police officers searched the suspect’s home and car on May 6, seizing an electronic wallet, €84,800, two laptops, a mobile phone, a tablet, six bank cards, and multiple data storage devices. […]
The Times of India reports: Google’s Threat Intelligence Group (GTIG) has issued a warning about a Russia-based hacking group, known as COLDRIVER. The Alphabet-owned company claims that this hacking group is using a newly identified malware called LOSTKEYS to steal data. The tech giant claims that this malware, which was tracked in multiple attacks this […]
Ars Technica reports on another concerning security issue involving DOGE: Login credentials belonging to an employee at both the Cybersecurity and Infrastructure Security Agency and the Department of Government Efficiency have appeared in multiple public leaks from info-stealer malware, a strong indication that devices belonging to him have been hacked in recent years. Kyle Schutt […]
May 1, 2025. A press release from the U.S. Attorney’s Office for the Central District of California: LOS ANGELES – A Yemeni national was charged today in a three-count federal grand jury indictment alleging he deployed the so-called “Black Kingdom” ransomware against computer servers owned organizations worldwide, including businesses, schools, and hospitals in the United States, […]
Someone’s hitting big UK retail firms. First it was M&S, then Co-Op, and now it’s Harrod’s. BBC reports: The luxury department store Harrods says it is the latest retailer to have been targeted by a cyber attack. The firm said it had “restricted internet access at our sites” following an attempt to gain access to […]
Bleeping Computer reports: Ongoing outages at British retail giant Marks & Spencer are caused by a ransomware attack believed to be conducted by a hacking collective known as “Scattered Spider” BleepingComputer has learned from multiple sources. Marks & Spencer (M&S) is a British multinational retailer that employs 64,000 employees and sells various products, including clothing, food, […]
TOI Tech Desk reports: A Russian-linked hacking group is reportedly exploiting two newly discovered zero-day vulnerabilities. Security researchers have warned that the Russian cybercrime group known as RomCom has been misusing these security flaws to target Firefox and Windows users in Europe and North America. These “zero-click” exploits, identified by security firm ESET, allowed hackers […]
Bleeping Computer reports: The ransomware scene is re-organizing, with one gang known as DragonForce working to gather other operations under a cartel-like structure. DragonForce is now incentivizing ransomware actors with a distributed affiliate branding model, providing other ransomware-as-a-service (RaaS) operations a means to carry out their business without dealing with infrastructure maintenance cost and effort. […]
Forbes reports: The same criminal group behind the DOGE Big Balls ransomware attack has just upped the ante. A newly updated ransom note is now using Elon Musk and DOGE references with a demand for, are you sitting down, one trillion dollars from victims. Although there is no doubt that ransomware threats should be taken very seriously, […]
Defending Against UNC3944/Scattered Spider: Cybercrime Hardening Guidance from the Frontlines – Mandiant
Background UNC3944, which overlaps with public reporting on Scattered Spider, is a financially-motivated threat actor characterized by its persistent use of social engineering and brazen communications with victims. In early operations, UNC3944 largely targeted telecommunications-related organizations to support SIM swap operations. However, after shifting to ransomware and data theft extortion in early 2023, they impacted […]