16 matches found
Cops in Germany Claim They’ve ID’d the Mysterious Trickbot Ransomware Kingpin
The elusive boss of the Trickbot and Conti cybercriminal groups has been known only as “Stern.” Now, German law enforcement has published his alleged identity—and it’s a familiar face...
A Rebirth of a Cursed Existence? Examining ‘Babuk Locker 2.0’ Ransomware
Co-authored by Yaniv Allender and Anna Sirokova Introduction Ransomware remains a major threat, causing significant disruption and financial losses to organizations across various sectors. Cybercriminal groups behind these attacks constantly adapt their methods to maximize damage and profit. At...
ZDI-CAN-25373: Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns
Trend Zero Day Initiative™ ZDI uncovered both state-sponsored and cybercriminal groups extensively exploiting ZDI-CAN-25373 aka ZDI-25-148, a Windows .lnk file vulnerability that enables hidden command execution...
PlugX malware deleted from thousands of systems by FBI
The FBI says it has removed PlugX malware from thousands of infected computers worldwide. The move came after suspicion that cybercriminals groups under control of the People’s Republic of China PRC used a version of PlugX malware to control, and steal information from victims' computers. PlugX h...
Сrimeware and financial cyberthreats in 2025
Kaspersky's Global Research and Analysis Team constantly monitors known and emerging cyberthreats directed at the financial industry, with banks and fintech companies being the most targeted. We also closely follow threats that aim to infiltrate a wider range of industries, namely ransomware...
RIG Exploit Kit Now Infects Victims' PCs With Dridex Instead of Raccoon Stealer
The operators behind the Rig Exploit Kit have swapped the Raccoon Stealer malware for the Dridex financial trojan as part of an ongoing campaign that commenced in January 2022. The switch in modus operandi, spotted by Romanian company Bitdefender, comes in the wake of Raccoon Stealer temporarily...
Experts Sound Alarm on DCRat Backdoor Being Sold on Russian Hacking Forums
Cybersecurity researchers have shed light on an actively maintained remote access trojan called DCRat aka DarkCrystal RAT that's offered on sale for "dirt cheap" prices, making it accessible to professional cybercriminal groups and novice actors alike. "Unlike the well-funded, massive Russian...
Five Eyes Nations Warn of Russian Cyber Attacks Against Critical Infrastructure
The Five Eyes nations have released a joint cybersecurity advisory warning of increased malicious attacks from Russian state-sponsored actors and criminal groups targeting critical infrastructure organizations amidst the ongoing military siege on Ukraine. "Evolving intelligence indicates that the...
Nation-State Crosshairs: Australia, India & Japan
In The Nation-State Crosshairs: Australia, India & Japan By Trellix · March 28, 2022 Today Trellix and the Center for Strategic and International Studies CSIS released a global report, In the Crosshairs: Organizations and Nation-State Cyber Threats, examining security professionals’ mindsets...
Ransomware in the CIS
Introduction These days, when speaking of cyberthreats, most people have in mind ransomware, specifically cryptomalware. In 2020–2021, with the outbreak of the pandemic and the emergence of several major cybercriminal groups Maze, REvil, Conti, DarkSide, Avaddon, an entire criminal ecosystem took...
Researchers: Booming Cyber-Underground Market for Initial-Access Brokers
It’s well known that email is often the gateway for cybercriminals looking to infiltrate a corporate network. But rather than do the heavy lifting themselves, ransomware gangs are buying their way onto networks, partnering with other criminal groups that have already paved the way for entry with...
FIN6 and TrickBot Combine Forces in 'Anchor' Attacks
Researchers say, two cybercriminal groups, FIN6 and the operators of the TrickBot malware, have paired up together to target several organizations with TrickBot’s malware framework called “Anchor.” The two threat groups joining forces is a “new and dangerous twist” in an existing trend of...
GandCrab ransomware and Ursnif virus spreading via MS Word macros
Security researchers have discovered two separate malware campaigns, one of which is distributing the Ursnif data-stealing trojan and the GandCrab ransomware in the wild, whereas the second one is only infecting victims with Ursnif malware. Though both malware campaigns appear to be a work of two...
Apply MITRE’s ‘ATT&CK’ Model to Check Your Defenses
ARCHIVED STORY Apply MITRE’s ‘ATT&CK’ Model to Check Your Defenses By Trellix · June 18, 2018 Every week we read about adversaries attacking their targets as part of online criminal campaigns. Information gathering, strategic advantage, and theft of intellectual property are some of the...
Senate Considers Using Mob Law To Go After Cybercriminals
Members of the Senate Judiciary Committee listened as one of the nation’s top cyber cops asked for expanded powers to go after cybercriminal groups, including the use of statutes written to combat the mafia. But confronted with the prospect of a major face lift for the U.S.’s preeminent cyber...
Report: Google May Face $500m Fine Over Rogue Pharma Ads
The Wall Street Journal is reporting that search giant Google is close to reaching a settlement with the U.S. Justice Department over an investigation of the company’s policy of running ads from online pharmacies that operate outside U.S. borders and in violation of U.S. law. Google has not made ...