Incidents involving malware or ransomware. In some cases, incidents called “ransomware” do not involve any locking but merely hack, exfiltrate, and attempt to extort.
Seen at The Stack: Europol, the DoJ and other law enforcement agencies “neutralized” a swathe of malware strains this week, which they said was a “direct blow to the ransomware kill chain.” The actions were part of the ongoing Operation Endgame which targeted a series of botnets just over a year ago. But it’s worth […]
BleepingComputer reports: A 3AM ransomware affiliate is conducting highly targeted attacks using email bombing and spoofed IT support calls to socially engineer employees into giving credentials for remote access to corporate systems. This tactic was previously linked to the Black Basta ransomware gang and later observed in FIN7 attacks, but its effectiveness has driven a wider […]
The Register reports: Scotland’s West Lothian Council has confirmed that data was stolen from its education network after the Interlock ransomware group claimed responsibility for the intrusion earlier this month. The local authority, governing a region bordering Edinburgh, originally said that there was no evidence to suggest that data had been taken when it first […]
The Register reports: A ransomware attack at a Middle Eastern business partner of payroll company ADP has led to customer data theft at Broadcom, The Register has learned. It’s understood Broadcom’s HR department has begun the process of informing current and former staff who are affected by the September ransomware attack at Business Systems House (BSH). Broadcom […]
Forbes reports: When you think of cybercriminal actors watching you, maybe phishing threats such as Hello Pervert, where the attacker claims to know where you live and has proof to back it up, spring to mind. Or how about the ransomware gang that has been found to install employee monitoring software to watch victims at work? Recent reports […]
Bleeping Computer reports that an unnamed 45-year-old suspect linked to DoppelPaymer ransomware attacks targeting Dutch organizations in 2021 has been arrested by Moldovan police. Police officers searched the suspect’s home and car on May 6, seizing an electronic wallet, €84,800, two laptops, a mobile phone, a tablet, six bank cards, and multiple data storage devices. […]
The Times of India reports: Google’s Threat Intelligence Group (GTIG) has issued a warning about a Russia-based hacking group, known as COLDRIVER. The Alphabet-owned company claims that this hacking group is using a newly identified malware called LOSTKEYS to steal data. The tech giant claims that this malware, which was tracked in multiple attacks this […]
Ars Technica reports on another concerning security issue involving DOGE: Login credentials belonging to an employee at both the Cybersecurity and Infrastructure Security Agency and the Department of Government Efficiency have appeared in multiple public leaks from info-stealer malware, a strong indication that devices belonging to him have been hacked in recent years. Kyle Schutt […]
May 1, 2025. A press release from the U.S. Attorney’s Office for the Central District of California: LOS ANGELES – A Yemeni national was charged today in a three-count federal grand jury indictment alleging he deployed the so-called “Black Kingdom” ransomware against computer servers owned organizations worldwide, including businesses, schools, and hospitals in the United States, […]
Defending Against UNC3944/Scattered Spider: Cybercrime Hardening Guidance from the Frontlines – Mandiant
Background UNC3944, which overlaps with public reporting on Scattered Spider, is a financially-motivated threat actor characterized by its persistent use of social engineering and brazen communications with victims. In early operations, UNC3944 largely targeted telecommunications-related organizations to support SIM swap operations. However, after shifting to ransomware and data theft extortion in early 2023, they impacted […]