Pierluigi Paganini
May 19, 2023
The Lemon Group cybercrime ring has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. A cybercrime group tracked has Lemon Group has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. Infected devices were used for multiple malicious activities, including traffic redirections through mobile proxies, info-stealing, click fraud, and […]
Pierluigi Paganini
May 17, 2023
The US government is offering a $10M reward for Russian national Mikhail Pavlovich Matveev (30) charged for his role in ransomware attacks The US Justice Department charged Russian national Mikhail Pavlovich Matveev (30), aka Wazawaka, m1x, Boriselcin, and Uhodiransomwar, for his alleged role in multiple ransomware attacks. The DoJ unsealed two indictments charging the man […]
Pierluigi Paganini
May 16, 2023
French electronics manufacturer Lacroix Group shut down three plants after a cyber attack, experts believe it was the victim of a ransomware attack. The French electronics manufacturer Lacroix Group shut down three facilities in France, Germany, and Tunisia in response to a cyber attack. The group designs and manufactures electronic equipment for its customers in […]
Pierluigi Paganini
May 16, 2023
China-linked APT group Mustang Panda employed a custom firmware implant targeting TP-Link routers in targeted attacks since January 2023. Since January 2023, Check Point Research monitored a series of targeted attacks aimed at European foreign affairs entities that have been linked to the China-linked cyberespionage group Mustang Panda (aka Camaro Dragon, RedDelta or “Bronze President). MustangPanda […]
Pierluigi Paganini
May 16, 2023
The Lancefly APT group is using a custom powerful backdoor called Merdoor in attacks against organizations in South and Southeast Asia. Symantec researchers reported that the Lancefly APT group is using a custom-written backdoor in attacks targeting organizations in South and Southeast Asia, as part of a long-running campaign. The highly-targeted attacks aim at organizations […]
Pierluigi Paganini
May 15, 2023
A previously unknown ransomware group known as RA Group is targeting companies in U.S. and South Korea with leaked Babuk source code. Cisco Talos researchers recently discovered a new ransomware operation called RA Group that has been active since at least April 22, 2023. The group has already compromised three organizations in the U.S. and […]
Pierluigi Paganini
May 15, 2023
DRM Dashboard Ransomware Monitor released the first quarterly report for the year 2023 about the activities of ransomware groups globally. DRM Dashboard Ransomware Monitor, an independent platform of cybersecurity monitoring, is pleased to release the quarterly the DRM-Report for the first quarter of 2023. This comprehensive report delves into the alarming rise of ransomware attacks […]
Pierluigi Paganini
May 14, 2023
FortiGuard Labs Researchers spotted new samples of the RapperBot botnet that support cryptojacking capabilities. FortiGuard Labs researchers have discovered new samples of the RapperBot bot that added cryptojacking capabilities. Researchers from FortiGuard Labs first discovered the previously undetected RapperBot IoT botnet in August, and reported that it is active since mid-June 2022. The bot borrows […]
Pierluigi Paganini
May 13, 2023
The CheckMate ransomware operators have been targeting the Server Message Block (SMB) communication protocol used for file sharing to compromise their victims’ networks. Unlike most ransom campaigns, CheckMate, discovered in 2022, has been quiet throughout its operations. To the best of our knowledge, it doesn’t operate a data leak site. That’s quite unusual for a […]
Pierluigi Paganini
May 12, 2023
U.S. CISA and FBI warned of attacks conducted by the Bl00dy Ransomware Gang against the education sector in the country. The FBI and CISA issued a joint advisory warning that the Bl00dy Ransomware group is actively targeting the education sector by exploiting the PaperCut remote-code execution vulnerability CVE-2023-27350. The Bl00dy ransomware has been active since May 2022, […]
Hacking / November 06, 2025
