Cyber Crime

Pierluigi Paganini August 20, 2024
Ransomware payments rose from $449.1 million to $459.8 million

Blockchain analysis firm Chainalysis revealed that ransomware payments rose by approximately 2%, from $449.1 million to $459.8 million. Blockchain analysis firm Chainalysis revealed that while overall on-chain illicit activity has decreased by nearly 20% year-to-date, stolen funds and ransomware significantly increased. Stolen funds inflows almost doubled, rising from $857 million to $1.58 billion, and ransomware […]

Pierluigi Paganini August 20, 2024
Previously unseen Msupedge backdoor targeted a university in Taiwan

Experts spotted a previously undetected backdoor, dubbed Msupedge, that was employed in an attack against a university in Taiwan.  Broadcom Symantec researchers discovered a previously undetected backdoor, called Msupedge, that was employed in an attack targeting an unnamed university in Taiwan. The most notable feature of the backdoor is that it relies on DNS tunnelling […]

Pierluigi Paganini August 20, 2024
Toyota disclosed a data breach after ZeroSevenGroup leaked stolen data on a cybercrime forum

Toyota has confirmed a data breach after a threat actor leaked 240GB of data stolen from its infrastructure on a cybercrime forum. Toyota disclosed a data breach after a threat actor leaked an archive of 240GB of data stolen from its systems on a cybercrime forum, BleepingComputer reported. The threat actor ZeroSevenGroup claims to have […]

Pierluigi Paganini August 19, 2024
Researchers uncovered new infrastructure linked to the cybercrime group FIN7

Team Cymru, Silent Push and Stark Industries Solutions researchers uncovered a new infrastructure linked to the cybercrime group FIN7. Researchers from Team Cymru identified two clusters potentially linked to the cybercrime group FIN7. The team collaborated with the cybersecurity experts of Silent Push and Stark Industries Solutions who shared their findings. FIN7 is a Russian criminal group (aka Carbanak) […]

Pierluigi Paganini August 19, 2024
The Mad Liberator ransomware group uses social-engineering techniques

New cybercrime group Mad Liberator is targeting AnyDesk users and runs a fake Microsoft Windows update screen to conceal data exfiltrating. The Sophos X-Ops Incident Response team warned that a new ransomware group called Mad Liberator is exploiting the remote-access application Anydesk for their attacks. The group was also spotted running a fake Microsoft Windows update […]

Pierluigi Paganini August 18, 2024
Large-scale extortion campaign targets publicly accessible environment variable files (.env)

A large-scale extortion campaign compromised multiple organizations by exploiting publicly accessible environment variable files (.env). Palo Alto Unit 42 researchers uncovered a large-scale extortion campaign that successfully compromised and extorted multiple victim organizations by leveraging exposed environment variable files (.env files). The exposed files contained sensitive variables such as credentials belonging to various applications. This extortion […]

Pierluigi Paganini August 17, 2024
National Public Data confirms a data breach

Background check service National Public Data confirms a data breach that exploded millions of social security numbers and other sensitive information.  Background check service National Public Data confirms that a threat actor has breached its systems and had access to millions of social security numbers and other sensitive personal information.  According to a statement published […]

Pierluigi Paganini August 17, 2024
ValleyRAT malware is targeting Chinese-speaking users

FortiGuard Labs researchers uncovered an ongoing ValleyRAT malware campaign that is targeting Chinese-speaking users. ValleyRAT is a multi-stage malware that supports multiple techniques to monitor and control compromised devices. The malicious code is also used to deploy arbitrary plugins on the infected systems. A noteworthy characteristic of ValleyRAT malware is the heavy usage of shellcode […]

Pierluigi Paganini August 16, 2024
Russian national sentenced to 40 months for selling stolen data on the dark web

A Russian national was sentenced to over three years in prison for selling stolen information and credentials on a dark web marketplace. The 27-year-old Russian national Georgy Kavzharadze (also known as “George,” “TeRorPP,” “Torqovec,” and “PlutuSS”) has been sentenced to over three years in prison for selling financial information, login credentials, and other personal data on […]

Pierluigi Paganini August 16, 2024
Banshee Stealer, a new macOS malware with a monthly subscription price of $3,000

Russian cybercriminals are advertising a new macOS malware called Banshee Stealer with a monthly subscription price of $3,000. In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures. The malware authors claim it can steal a broad range of data from compromised systems, including browser […]