Lucene search
K

27 matches found

The Hacker News
The Hacker News
added 2026/04/21 6:18 p.m.12 views

SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation

Threat actors associated with The Gentlemen ransomware‑as‑a‑service RaaS operation have been observed attempting to deploy a known proxy malware called SystemBC. According to new research published by Check Point, the command-and-control C2 or C&C server linked to SystemBC has led to the discover...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/09/19 2:26 p.m.3 views

SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers

A proxy network known as REM Proxy is powered by malware known as SystemBC , offering about 80% of the botnet to its users, according to new findings from the Black Lotus Labs team at Lumen Technologies. "REM Proxy is a sizeable network, which also markets a pool of 20,000 Mikrotik routers and a...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/22 1:0 p.m.9 views

Credential Theft and Remote Access Surge as AllaKore, PureRAT, and Hijack Loader Proliferate

Mexican organizations are still being targeted by threat actors to deliver a modified version of AllaKore RAT and SystemBC as part of a long-running campaign. The activity has been attributed by Arctic Wolf Labs to a financially motivated hacking group called Greedy Sponge. It's believed to be...

6.9AI score
Exploits0
HackRead
HackRead
added 2025/02/11 1:0 p.m.13 views

SystemBC RAT Now Targets Linux, Spreading Ransomware and Infostealers

SystemBC RAT now targets Linux, enabling ransomware gangs like Ryuk & Conti to spread, evade detection, and maintain encrypted C2 traffic for stealthy cyberattacks...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/11/12 6:0 a.m.14 views

New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks

Cybersecurity researchers have flagged a new ransomware family called Ymir that was deployed in an attack two days after systems were compromised by a stealer malware called RustyStealer. "Ymir ransomware introduces a unique combination of technical features and tactics that enhance its...

9.8CVSS7.5AI score0.15593EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/08/14 5:13 p.m.23 views

Black Basta-Linked Attackers Target Users with SystemBC Malware

An ongoing social engineering campaign with alleged links to the Black Basta ransomware group has been linked to "multiple intrusion attempts" with the goal of conducting credential theft and deploying a malware dropper called SystemBC. "The initial lure being utilized by the threat actors remain...

6.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/08/12 1:0 p.m.78 views

Ongoing Social Engineering Campaign Refreshes Payloads

Executive Summary On June 20, 2024, Rapid7 identified multiple intrusion attempts by threat actors utilizing techniques, tactics, and procedures TTPs that are consistent with an ongoing social engineering campaign being tracked by Rapid7. Rapid7 observed a meaningful shift in the tools used by th...

8.8CVSS10AI score0.83277EPSS
Exploits8
The Hacker News
The Hacker News
added 2024/08/08 6:13 a.m.39 views

FBI and CISA Warn of BlackSuit Ransomware That Demands Up to $500 Million

The ransomware strain known as BlackSuit has demanded as much as $500 million in ransoms to date, with one individual ransom demand hitting $60 million. That's according to an updated advisory from the U.S. Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2024/07/05 8:40 a.m.16 views

GootLoader Malware Still Active, Deploys New Versions for Enhanced Attacks

The malware known as GootLoader continues to be in active use by threat actors looking to deliver additional payloads to compromised hosts. "Updates to the GootLoader payload have resulted in several versions of GootLoader, with GootLoader 3 currently in active use," cybersecurity firm Cybereason...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2024/01/25 2:23 p.m.32 views

SystemBC Malware's C2 Server Analysis Exposes Payload Delivery Tricks

Cybersecurity researchers have shed light on the command-and-control C2 server workings of a known malware family called SystemBC. "SystemBC can be purchased on underground marketplaces and is supplied in an archive containing the implant, a command-and-control C2 server, and a web administration...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/12/15 6:56 p.m.15 views

PikaBot distributed via malicious search ads

During this past year, we have seen an increase in the use of malicious ads malvertising and specifically those via search engines, to drop malware targeting businesses. In fact, browser-based attacks overall have been a lot more common if we include social engineering campaigns. Criminals have...

7.7AI score
Exploits0
Securelist
Securelist
added 2023/12/01 10:0 a.m.188 views

IT threat evolution Q3 2023

IT threat evolution in Q3 2023 IT threat evolution in Q3 2023. Non-mobile statistics IT threat evolution in Q3 2023. Mobile statistics Targeted attacks Unknown threat actor targets power generator with DroxiDat and Cobalt Strike Earlier this year, we reported on a new variant of SystemBC called...

9.3CVSS8.3AI score0.99945EPSS
Exploits80
hivepro
hivepro
added 2023/09/12 6:53 a.m.27 views

HijackLoader a Deceptive Modular Malware Loader

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new malware loader, HijackLoader, is swiftly gaining prominence within the cybercriminal sphere, being leveraged to disseminate an array of malicious malware strains, including DanaBot, SystemBC, and...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/09/11 6:23 a.m.54 views

New HijackLoader Modular Malware Loader Making Waves in the Cybercrime World

A new malware loader called HijackLoader is gaining traction among the cybercriminal community to deliver various payloads such as DanaBot, SystemBC, and RedLine Stealer. "Even though HijackLoader does not contain advanced features, it is capable of using a variety of modules for code injection a...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2023/08/11 9:40 a.m.46 views

New SystemBC Malware Variant Targets Southern African Power Company

An unknown threat actor has been linked to a cyber attack on a power generation company in southern Africa with a new variant of the SystemBC malware called DroxiDat as a precursor to a suspected ransomware attack. "The proxy-capable backdoor was deployed alongside Cobalt Strike Beacons in a sout...

7.1AI score
Exploits0
Securelist
Securelist
added 2023/08/10 10:0 a.m.46 views

Focus on DroxiDat/SystemBC

Recently we pushed a report to our customers about an interesting and common component of the cybercrime malware set - SystemBC. And, in much the same vein as the 2021 Darkside Colonial Pipeline incident, we found a new SystemBC variant deployed to a critical infrastructure target. This time, the...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/09 10:38 a.m.23 views

Gootkit Malware Adopts New Tactics to Attack Healthcare and Finance Firms

The Gootkit malware is prominently going after healthcare and finance organizations in the U.S., U.K., and Australia, according to new findings from Cybereason. The cybersecurity firm said it investigated a Gootkit incident in December 2022 that adopted a new method of deployment, with the actors...

0.8AI score
Exploits0
The Hacker News
The Hacker News
added 2022/11/08 1:40 p.m.16 views

New Laplas Clipper Malware Targeting Cryptocurrency Users via SmokeLoader

Cryptocurrency users are being targeted with a new clipper malware strain dubbed Laplas by means of another malware known as SmokeLoader. SmokeLoader, which is delivered by means of weaponized documents sent through spear-phishing emails, further acts as a conduit for other commodity trojans like...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2022/10/26 8:13 a.m.280 views

Vice Society Hackers Are Behind Several Ransomware Attacks Against Education Sector

A cybercrime group known as Vice Society has been linked to multiple ransomware strains in its malicious campaigns aimed at the education, government, and retail sectors. The Microsoft Security Threat Intelligence team, which is tracking the threat cluster under the moniker DEV-0832, said the gro...

7.8CVSS9.2AI score0.07304EPSS
Exploits2
The Hacker News
The Hacker News
added 2022/08/30 12:55 p.m.45 views

Hackers Use ModernLoader to Infect Systems with Stealers and Cryptominers

As many as three disparate but related campaigns between March and Jun 2022 have been found to deliver a variety of malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners onto compromised systems. "The actors use PowerShell, .NET assemblies, and HTA and VBS files to spread...

1.1AI score
Exploits0
Rows per page
Query Builder