46 matches found
Claude AI chatbot abused to launch “cybercrime spree”
Anthropic—the company behind the widely renowned coding chatbot, Claude—says it uncovered a large-scale extortion operation in which cybercriminals abused Claude to automate and orchestrate sophisticated attacks. The company issued a Threat Intelligence report in which it describes several...
Iranian Hacker Pleads Guilty in $19 Million Robbinhood Ransomware Attack on Baltimore
An Iranian national has pleaded guilty in the U.S. over his involvement in an international ransomware and extortion scheme involving the Robbinhood ransomware. Sina Gholinejad aka Sina Ghaaf, 37, and his co-conspirators are said to have breached the computer networks of various organizations in...
Leaked Black Basta Ransomware Chat Logs Reveal Inner Workings and Internal Conflicts
More than a year's worth of internal chat logs from a ransomware gang known as Black Basta have been published online in a leak that provides unprecedented visibility into their tactics and internal conflicts among its members. The Russian-language chats on the Matrix messaging platform between...
RedEnergy Stealer-as-a-Ransomware Threat Targeting Energy and Telecom Sectors
A sophisticated stealer-as-a-ransomware threat dubbed RedEnergy has been spotted in the wild targeting energy utilities, oil, gas, telecom, and machinery sectors in Brazil and the Philippines through their LinkedIn pages. The .NET malware "possesses the ability to steal information from various...
Royal Ransomware Targets Organizations with Custom Encryption and Double Extortion Tactics
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary Since September 2022, threat actors have been attacking both US and international organizations using a version of ransomware called Royal. This ransomware is unique...
Israel’s Technion Targeted by DarkBit Ransomware’s Campaign
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The DarkBit ransomware is a newly emerged threat in the cybersecurity scene that has targeted Technion - Israel Institute of Technology, a prestigious academic institution in Israel. The attackers behind...
ESXiArgs Ransomware Hits Over 500 New Targets in European Countries
More than 500 hosts have been newly compromised en masse by the ESXiArgs ransomware strain, most of which are located in France, Germany, the Netherlands, the U.K., and Ukraine. The findings come from attack surface management firm Censys, which discovered "two hosts with strikingly similar ranso...
Faux ‘DarkSide’ Gang Takes Aim at Global Energy, Food Sectors
Several organizations in the oil, gas and food sectors have received threatening emails from cybercriminals posing as DarkSide – the ransomware gang behind the Colonial Pipeline hack. According to researchers at Trend Micro, threat actors are taking advantage of the notoriety around the pipeline...
‘Fancy Lazarus’ Cyberattackers Ramp up Ransom DDoSes
A distributed denial-of-service DDoS extortion group has blazed back on the cybercrime scene, this time under the name of “Fancy Lazarus.” It’s been launching a series of new attacks that may or may not have any teeth, researchers said. The new name is a tongue-in-cheek combination of the...
British Hacker Sentenced to 5 Years for Blackmailing U.S. Companies
A UK man who threatened to publicly release stolen confidential information unless the victims agreed to fulfill his digital extortion demands has finally pleaded guilty on Monday at U.S. federal district court in St. Louis, Missouri. Nathan Francis Wyatt , 39, who is a key member of the infamous...
Clever Phishing Attack Bypasses MFA to Nab Microsoft Office 365 Credentials
A new phishing campaign can bypass multi-factor authentication MFA on Office 365 to access victims’ data stored on the cloud and use it to extort a Bitcoin ransom or even find new victims to target, security researchers have found. Researchers at Cofense Phishing Defense Center discovered the...
LA County Hit with DoppelPaymer Ransomware Attack
The DoppelPaymer ransomware operators claim that they’ve hit a Los Angeles county with a ransomware attack – and are now leaking the city’s data online, according to a recent report. Impacted is the city of Torrance, a coastal U.S. city in the South Bay region of LA, which has a population of...
Ashley Madison Breach Extortion Scam Targets Hundreds
Nearly five years after the high-profile Ashley Madison data breach, hundreds of impacted website users are being targeted by a new extortion attack this past week. The 2015 data breach of the adultery website led to 32 million accounts being publicly dumped online, including victims’ names,...
Satan Ransomware Reborn to Torment Businesses
A ransomware with the un-snappy moniker of “5ss5c” has emerged on the scene and appears to be in active development. According to independent researcher Bart Blaze, the malware is the successor to the Satan ransomware, and its authors are still experimenting with focused targeting China, for now...
British Hacker Accused of Blackmailing healthcare Firms Extradited to U.S.
A British man suspected to be a member of 'The Dark Overlord ,' an infamous international hacking group, has finally been extradited to the United States after being held for over two years in the United Kingdom. Nathan Francis Wyatt , 39, appeared in federal court in St. Louis, Missouri, on...
Ransomware Attack Downs Hosting Service SmarterASP.NET
SmarterASP.NET, a popular web hosting provider with more than 440,480 customers, has been hit with a ransomware attack that took down its customers’ websites that were hosted by the company. The company on Monday said it is in the process of recovering impacted data. SmarterASP.NET offers shared...
Targeted Ransomware Attacks Hit Several Spanish Companies
Everis, one of the largest IT consulting companies in Spain, suffered a targeted ransomware attack on Monday, forcing the company to shut down all its computer systems until the issue gets resolved completely. Ransomware is a computer virus that encrypts files on an infected system until a ransom...
iNSYNQ Ransom Attack Began With Phishing Email
A ransomware outbreak that hit QuickBooks cloud hosting firm iNSYNQ in mid-July appears to have started with an email phishing attack that snared an employee working in sales for the company, KrebsOnSecurity has learned. It also looks like the intruders spent roughly ten days rooting around...
Binance KYC Data Leak — Crypto Exchange Sets $290,000 Bounty On Blackmailer
Malta-based cryptocurrency exchange Binance has become a victim of a ransom demand from a scammer who claimed to have hacked the KYC Know Your Customer data of thousands of its customers. The unknown attacker threatened the world's largest cryptocurrency exchange by volume to release KYC...
Threat spotlight: CrySIS, aka Dharma ransomware, causing a crisis for businesses
CrySIS, aka Dharma, is a family of ransomware that has been evolving since 2006. We have noticed that this ransomware has become increasingly active lately, increasing by a margin of 148 percent from February until April 2019. The uptick in detections may be due to CrySIS' effective use of multip...