Russian nation-state group Sandworm is believed to be utilizing a novel backdoor to target organizations in Ukraine and other Eastern and Central European countries, according to WithSecure researchers. The previously unreported backdoor, dubbed ‘Kapeka’, has a high level of stealth and sophistication, designed to both serve as an early-stage toolkit for its operators, and also […]
The website used by the ransomware group believed to be responsible for the breach of one of the United States’s largest health care payment processors went down Friday amid reports that the incident has put major financial pressure on medical providers and made it difficult for consumers to get the medicine they need. It’s not […]
The stolen funds are believed to be linked to North Korean hacking groups, such as Lazarus, who use cryptocurrency cyberattacks to bypass international sanctions and finance their weapons development program.
Security researchers have uncovered a new malware variant believed to be associated with the BlueNoroff Advanced Persistent Threat (APT) group. BlueNoroff is known for its financially motivated campaigns, often targeting cryptocurrency exchanges, venture capital firms and banks. Writing in an advisory published today, Jamf Threat Labs said the discovery came during routine threat hunting, where […]
Researchers have discovered the infrastructure linked to a threat group called ShadowSyndicate, believed to have launched attacks using seven distinct ransomware families in the last year. Active since June 2022 or earlier, connections between this group and the developers of Cl0p, Play, Royal, and Cactus ransomware have been highlighted in a study by Group-IB and […]
ShadowSyndicate is believed to be an initial access broker (IAB) or an affiliate working with multiple ransomware operations, including Quantum, Nokoyawa, BlackCat/ALPHV, Clop, Royal, Cactus, and Play, based on evidence found by researchers.