MAL-2025-47720 Malicious code in raas-client-app (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in raas-client-app (npm)

--- -= Per source details. Do not edit below this line.=-...

Unmasking the new Chaos RaaS group attacks

Cisco Talos Incident Response Talos IR recently observed attacks by Chaos, a relatively new ransomware-as-a-service RaaS group conducting big-game hunting and double extortion attacks. Chaos RaaS actors initiated low-effort spam flooding, escalating to voice-based social engineering for access,...

Newly Emerged GLOBAL GROUP RaaS Expands Operations with AI-Driven Negotiation Tools

Cybersecurity researchers have shed light on a new ransomware-as-a-service RaaS operation called GLOBAL GROUP that has targeted a wide range of sectors in Australia, Brazil, Europe, and the United States since its emergence in early June 2025. GLOBAL GROUP was "promoted on the Ramp4u forum by the...

RansomHub Went Dark April 1; Affiliates Fled to Qilin, DragonForce Claimed Control

Cybersecurity researchers have revealed that RansomHub's online infrastructure has "inexplicably" gone offline as of April 1, 2025, prompting concerns among affiliates of the ransomware-as-a-service RaaS operation. Singaporean cybersecurity company Group-IB said that this may have caused affiliat...

Leaked Black Basta Chats Suggest Russian Officials Aided Leader's Escape from Armenia

The recently leaked trove of internal chat logs among members of the Black Basta ransomware operation has revealed possible connections between the e-crime gang and Russian authorities. The leak, containing over 200,000 messages from September 2023 to September 2024, was published by a Telegram...

Phobos: Stealthy Ransomware That Operated Under the Radar - Until Now

Phobos: Stealthy Ransomware That Operated Under the Radar - Until Now By Jambul Tologonov, John Fokker and Duy-Phuc Pham · November 20, 2024 On November 18th, the US Justice Department unsealed criminal charges against a Russian national for allegedly administering the sale, distribution, and...

Akira ransomware continues to evolve

Akira continues to cement its position as one of the most prevalent ransomware operations in the threat landscape, according to Cisco Talos' findings and analysis. Their success is partly due to the fact that they are constantly evolving. For example, after Akira already developed a new version o...

Threat Brief: Understanding Akira Ransomware

Overview Akira is a prolific ransomware that has been operating since March 2023 and has targeted multiple industries, primarily in North America, the UK, and Australia. It functions as a Ransomware as a Service RaaS and exfiltrates data prior to encryption, achieving double extortion. According ...

Key Group: another ransomware group using leaked builders

Key Group, or keygroup777, is a financially motivated ransomware group primarily targeting Russian users. The group is known for negotiating with victims on Telegram and using the Chaos ransomware builder. The first public report on Key Group's activity was released in 2023 by BI.ZONE, a...

DragonForce Ransomware Expands RaaS, Targets Firms Worldwide

DragonForce ransomware is expanding its RaaS operation and becoming a global cybersecurity threat against businesses. Companies must implement…...

Mallox ransomware: in-depth analysis and evolution

Mallox is a sophisticated and dangerous family of malicious software that has been causing significant damage to organizations worldwide. In 2023, this ransomware strain demonstrated an uptick in attacks, the overall number of discovered Mallox samples exceeding 700. In the first half of 2024, th...

The LockBit’s Attempt to Stay Relevant, Its Imposters and New Opportunistic Ransomware Groups

The LockBit’s Attempt to Stay Relevant, Its Imposters and New Opportunistic Ransomware Groups By Jambul Tologonov and John Fokker · April 11, 2024 The Trellix Advanced Research Center has recently observed an uptick of LockBit-related cyber activity surrounding vulnerabilities in ScreenConnect...

GhostSec’s joint ransomware operation and evolution of their arsenal

Cisco Talos observed a surge in GhostSec, a hacking groups malicious activities since this past year. GhostSec has evolved with a new GhostLocker 2.0 ransomware, a Golang variant of the GhostLocker ransomware. The GhostSec and Stormous ransomware groups are jointly conducting double extortion...

Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure

U.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure entities, outlining the various tactics and techniques the threat actors have adopted to deploy the file-encrypting malware. "Structured as a ransomware as a...

U.S. Offers $15 Million Bounty to Hunt Down LockBit Ransomware Leaders

The U.S. State Department has announced monetary rewards of up to $15 million for information that could lead to the identification of key leaders within the LockBit ransomware group and the arrest of any individual participating in the operation. "Since January 2020, LockBit actors have executed...

Play Ransomware Goes Commercial - Now Offered as a Service to Cybercriminals

The ransomware strain known as Play is now being offered to other threat actors "as a service," new evidence unearthed by Adlumin has revealed. "The unusual lack of even small variations between attacks suggests that they are being carried out by affiliates who have purchased the...

Crimeware and financial cyberthreats in 2024

At Kaspersky, we constantly monitor the financial cyberthreat landscape, which includes threats to financial institutions, such as banks, and financially motivated threats, such as ransomware, that target a broader range of industries. As part of our Kaspersky Security Bulletin, we try to predict...

CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks

The threat actors behind the Rhysida ransomware engage in opportunistic attacks targeting organizations spanning various industry sectors. The advisory comes courtesy of the U.S. Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, and the Multi-State...

GhostLocker - A “Work In Progress” RaaS

This post was also authored by Anna Širokova Executive Summary In recent years, there has been a noticeable uptick in threat actors venturing into the realm of Ransom-as-a-Service RaaS. Some have emerged as significant threats, while others have faded into obscurity. What makes the current...