Hunters International is a ransomware group that emerged in October 2023, leveraging Ransomware-as-a-Service (RaaS) to execute over 200 attacks across multiple industries worldwide. They specialize
Search Results for: hunters
Modern ransomware attacks have shifted to sophisticated double extortion tactics, where sensitive data is exfiltrated before encryption, increasing pressure on victims. The financial impact of
We analyze a recent incident by Bling Libra, the group behind ShinyHunters ransomware as they shift from data theft to extortion, exploiting AWS credentials.
The post Bling Libra’s Tactical Evolution: The Threat Actor Group Behind ShinyHunters Ransomware appeared first on Unit 42….
“`html Short Summary: Hunters International, a ransomware group that emerged in October 2023, has quickly become the 10th most active ransomware group in 2024. They
Within the obscured world of the Deep/Dark Web, where cybercrime flourishes amidst databases, initial access brokers, and a plethora of illegal activities, there exists a
Originating in the latter part of 2023, this Ransomware-as-a-Service (RaaS) operation has drawn attention due to its technical lineage and operational tactics resembling those of
In January 2023, the FBI collaborated with law enforcement agencies in Germany and the Netherlands to successfully dismantle one of the most notorious ransomware groups
Information stealing malware is on the rise. Cyble Research Labs recently discovered a new malware dubbed “AvD crypto stealer” on a cybercrime forum. Upon further
Today’s threat actors are increasingly sophisticated, necessitating proactive cybersecurity strategies like threat intelligence and threat hunting to defend against advanced adversaries. Operationalizing these practices within security operations enables organizations to detect unknown threats earlier and improve response times. #eSentire #ThreatHunting #ThreatIntelligence
Between May 28 and June 3, 2025, multiple high-severity vulnerabilities were actively exploited by various threat actors, including a China-linked APT group targeting diverse industries. Cyble Research & Intelligence Labs observed increased exploit attempts, malware campaigns, and critical infrastructure risks, emphasizing the urgency of patching and enhanced cybersecurity measures. #CVE-2024-56145 #CVE-2025-5419 #ChinaAPT #MiraiBotnet
StealC V2 is an advanced infostealer and malware downloader with enhanced stealth features, a JSON-based C2 protocol, and flexible payload delivery capabilities. It targets a broad range of victims worldwide while excluding systems in CIS countries, and employs hardware ID generation and multiple evasion techniques. #StealC #Plymouth #Themida
In mid-May 2025, eSentire’s Threat Response Unit detected active exploitation of a critical vulnerability (CVE-2025-4632) in Samsung MagicINFO 9 Server, allowing remote code execution and unauthorized access. The attackers deployed a disguised XMRig cryptominer and abused AnyDesk for persistence and remote control, bypassing security measures through automated scripts and defender exclusions. #CVE20254632 #SamsungMagicINFO #XMRig #AnyDesk
eSentire’s Threat Response Unit (TRU) has identified a surge in Tycoon 2FA Phishing-as-a-Service (PhaaS) cases, marking a significant evolution in phishing tactics targeting Microsoft 365
eSentire’s Threat Response Unit (TRU) has identified a sophisticated cyberattack utilizing SocGholish malware to collect system information and deploy a Python-based backdoor linked to the