Video series discussing the major threat actor trends from 2023

In this video series, Talos Director of Threat Intelligence and Interdiction Matt Olney and Head of Outreach Nick Biasini share their insights on the most significant cybersecurity threats from the past year. From attacks on network infrastructure to the latest APT activities, as well as an updat...

British LAPSUS$ Teen Members Sentenced for High-Profile Attacks

Two British teens part of the LAPSUS$ cyber crime and extortion gang have been sentenced for their roles in orchestrating a string of high-profile attacks against a number of companies. Arion Kurtaj, an 18-year-old from Oxford, has been sentenced to an indefinite hospital order due to his intent ...

FBI Takes Down BlackCat Ransomware, Releases Free Decryption Tool

The U.S. Justice Department DoJ has officially announced the disruption of the BlackCat ransomware operation and released a decryption tool that more than 500 affected victims can use to regain access to files locked by the malware. Court documents show that the U.S. Federal Bureau of Investigati...

Play Ransomware A Global Threat Impacting Businesses

Summary: The Play ransomware group, active since June 2022, employs a double-extortion model, impacting businesses globally. Utilizing legitimate tools for malicious activities, the group has affected approximately 300 entities. Threat Level - Red | Attack Report For a detailed threat advisory,...

CISA and FBI Release Advisory on ALPHV Blackcat Affiliates

Today, CISA and the Federal Bureau of Investigation FBI released a joint Cybersecurity Advisory CSA, StopRansomware: ALPHV Blackcat, to disseminate known ALPHV Blackcat affiliates’ tactics, techniques, and procedures TTPs and indicators of compromise IOCs identified through FBI investigations as...

Double-Extortion Play Ransomware Strikes 300 Organizations Worldwide

The threat actors behind the Play ransomware are estimated to have impacted approximately 300 entities as of October 2023, according to a new joint cybersecurity advisory from Australia and the U.S. "Play ransomware actors employ a double-extortion model, encrypting systems after exfiltrating dat...

FBI, CISA, and ASD’s ACSC Release Advisory on Play Ransomware

Today, the Federal Bureau of Investigation FBI, Cybersecurity and Infrastructure Security Agency CISA, and the Australian Signals Directorate’s Australian Cyber Security Centre ASD's ACSC released a joint Cybersecurity Advisory CSA, StopRansomware: Play Ransomware, to disseminate Play ransomware...

SpyLoan Scandal: 18 Malicious Loan Apps Defraud Millions of Android Users

Cybersecurity researchers have discovered 18 malicious loan apps for Android on the Google Play Store that have been collectively downloaded over 12 million times. "Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans...

Ransomware-as-a-Service: The Growing Threat You Can't Ignore

Ransomware attacks have become a significant and pervasive threat in the ever-evolving realm of cybersecurity. Among the various iterations of ransomware, one trend that has gained prominence is Ransomware-as-a-Service RaaS. This alarming development has transformed the cybercrime landscape,...

DJVU Ransomware's Latest Variant 'Xaro' Disguised as Cracked Software

A variant of a ransomware strain known as DJVU has been observed to be distributed in the form of cracked software. "While this attack pattern is not new, incidents involving a DJVU variant that appends the .xaro extension to affected files and demanding ransom for a decryptor have been observed...

Akira Ransomware

Akira Ransomware By Alexandre Mundo, Max Kersten · November 29, 2023 First discovered in early 2023, Akira ransomware seemed to be just another ransomware family that entered the market. Its continued activity and numerous victims are our main motivators to investigate the malware’s inner working...

Akira Ransomware

Akira Ransomware By Trellix · November 29, 2023 This blog was also written by Alexandre Mundo and Max Kersten First discovered in early 2023, Akira ransomware seemed to be just another ransomware family that entered the market. Its continued activity and numerous victims are our main motivators t...

U.S. Cybersecurity Agencies Warn of Scattered Spider's Gen Z Cybercrime Ecosystem

U.S. cybersecurity and intelligence agencies have released a joint advisory about a cybercriminal group known as Scattered Spider that's known to employ sophisticated phishing tactics to infiltrate targets. "Scattered Spider threat actors typically engage in data theft for extortion using multipl...

ALPHV/BlackCat Take Extortion Public

Learn more about ALPHV filing a complaint with the Security and Exchange Commission SEC against their victim, which appears to be an attempt to influence MeridianLink to pay the ransom sooner than later...

Alleged Extortioner of Psychotherapy Patients Faces Trial

Prosecutors in Finland this week commenced their criminal trial against Julius Kivimäki, a 26-year-old Finnish man charged with extorting a once popular and now-bankrupt online psychotherapy practice and thousands of its patients. In a 2,200-page report, Finnish authorities laid out how they...

CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks

The threat actors behind the Rhysida ransomware engage in opportunistic attacks targeting organizations spanning various industry sectors. The advisory comes courtesy of the U.S. Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, and the Multi-State...

Scattered Spider

SUMMARY The Federal Bureau of Investigation FBI and Cybersecurity and Infrastructure Security Agency CISA are releasing this joint Cybersecurity Advisory CSA in response to recent activity by Scattered Spider threat actors against the commercial facilities sectors and subsectors. This advisory...

New Ransomware Group Emerges with Hive's Source Code and Infrastructure

The threat actors behind a new ransomware group called Hunters International have acquired the source code and infrastructure from the now-dismantled Hive operation to kick-start its own efforts in the threat landscape. "It appears that the leadership of the Hive group made the strategic decision...

Trellix 2024 Threat Predictions

Trellix 2024 Threat Predictions By Trellix · October 30, 2023 Introduction This last year we have seen upheaval across the cybersecurity landscape. The need for effective, worldwide threat intelligence continues to grow as geopolitical and economic developments create an increasingly complicated...

Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction

Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for organizations across multiple industries. Octo Tempest leverages broad social engineering campaigns to compromise organizations across the...