Cybersecurity researchers have revealed that GLOBAL GROUP, a rebranded ransomware-as-a-service platform linked to BlackLock and Mamona, has targeted multiple sectors across various continents since June 2025. This operation heavily relies on initial access brokers and advanced AI-driven negotiation tools to maximize its impact and revenue. #BlackLock #Mamona #DragonForce #QilinRansomware #CyberThreats
Keypoints
- GLOBAL GROUP is a rebranding of earlier RaaS schemes BlackLock and Mamona, indicating an evolution in ransomware operations.
- The operation uses initial access brokers to compromise networks via vulnerabilities in Cisco, Fortinet, Palo Alto, and brute-force attacks on Microsoft Outlook and RDWeb portals.
- GLOBAL GROUP features an AI-powered negotiation portal and affiliate panel, offering an 85% revenue share to attract more cybercriminal partners.
- The group has targeted sectors including healthcare, oil and gas, industrial machinery, and large-scale BPO in Australia, Brazil, Europe, and the US.
- Despite a decline in ransomware incidents, high-profile attacks and geopolitical tensions continue to fuel cyber threats worldwide.
Read More: https://thehackernews.com/2025/07/newly-emerged-global-group-raas-expands.html