With contributions from Shingo Matsugaya We delve into three of the most active ransomware families that dominated the first half of 2023: LockBit, Clop, and
Search Results for: clop
Insikt Group uncovered new infrastructure and infection methods employed by GrayAlpha, a cybercriminal group overlapping with FIN7, including custom loaders PowerNet and MaskBat leading to NetSupport RAT infections. The report highlights three primary infection vectors and emphasizes the importance of application allow-lists, employee training, and updated detection rules to combat these threats. #GrayAlpha #FIN7 #NetSupportRAT #PowerNet #MaskBat
Introduction Interlock is a ransomware intrusion set first observed in September 2024 that conducts Big Game Hunting and double extortion campaigns. Interlock cannot be classified as a “Ransomware-as-a-Service” (RaaS) group, as no advertisements for recruiting affiliates or information about affiliates have been found as of March 2025. As many other ransomware groups, Interlock has a […]
La publication suivante Interlock ransomware evolving under the radar est un article de Sekoia.io Blog.
This report provides an overview of the main actors involved in malicious campaigns impacting the financial sector in 2024. It follows up on a previous Sekoia report focusing on the emerging trends in the financial cyber threat landscape.
La publication suivante Cyber threats impacting the financial sector in 2024 – focus on the main actors est un article de Sekoia.io Blog.
The Cl0p ransomware group has targeted 43 organizations using exploits, notably the Cleo vulnerability. The majority of these targets were in the manufacturing, retail, and
The Clop ransomware group has exploited critical vulnerabilities (CVE-2024-50623 and CVE-2024-55956) in Cleo’s managed file transfer software, leading to unauthorized access and data exfiltration. Imperva
TA505 is a financially motivated cybercriminal group known for large-scale malware distribution and sophisticated phishing campaigns. Active since 2015, they utilize advanced social engineering tactics
This weekly threat intelligence report from RST Cloud summarizes 49 threat intelligence reports, highlighting various cyber threats and tactics used by different threat actors. Notable
The cyber threat landscape in 2025 is expected to be influenced by technological advancements, evolving cybercriminal tactics, and geopolitical tensions. Organizations need to enhance their
Short Summary: In August 2024, a series of cyber attacks, primarily by the RansomHub group, targeted various industries, including airport services and financial institutions, exposing
Short Summary The oil and gas extraction industry is increasingly vulnerable to cyberattacks due to its reliance on digital technologies and geopolitical tensions. A significant
Short Summary: The healthcare sector is increasingly targeted by cybercriminals, with data breaches costing an average of USD 9.77 million per incident. The rise of
Short Summary: In 2024, malware loaders have become a prevalent tool in cyberattacks, with loaders like SocGholish, GootLoader, and Raspberry Robin leading the charge. These