In late January 2025, an MSP administrator fell victim to a sophisticated phishing email that mimicked an authentication alert for a remote management tool, leading
Search Results for: qilin
Qilin is a sophisticated ransomware group that emerged in July 2022, utilizing advanced tactics and exploiting vulnerabilities in popular software, notably demanding a high-profile ransom
This blog is part of my Tracking Adversaries blog series, whereby I perform a summary analysis of a particular adversary that has caught my attention
Qilin, also known as Agenda ransomware, represents a formidable threat in cybercrime. This ransomware, one of the known Ransomware-as-a-Service (RaaS) groups, is designed with adaptability
CVE-2025-31324 is a critical vulnerability in SAP NetWeaver Visual Composer that allows unauthorized remote code execution via arbitrary file uploads. Multiple threat actors, including Chinese APT groups and ransomware gangs, have actively exploited this flaw, while Darktrace has demonstrated early detection and containment of associated attacks. #CVE202531324 #SAPNetWeaver #KrustyLoader #UNC5221 #JuicyPotato
The report discusses persistent vulnerabilities in VPN infrastructures, specifically CVE-2018-13379 and CVE-2022-40684, which remain critical targets for cybercriminals and state-sponsored actors. The analysis highlights a
Introduction Interlock is a ransomware intrusion set first observed in September 2024 that conducts Big Game Hunting and double extortion campaigns. Interlock cannot be classified as a âRansomware-as-a-Serviceâ (RaaS) group, as no advertisements for recruiting affiliates or information about affiliates have been found as of March 2025. As many other ransomware groups, Interlock has a […]
La publication suivante Interlock ransomware evolving under the radar est un article de Sekoia.io Blog.
Ransomware attacks continue to be a significant threat worldwide, with victims facing average ransom demands of .5 million in 2024. A report has identified 10
The article discusses a sophisticated ransomware attack involving Qilin ransomware, which utilizes the technique of bring-your-own-vulnerable-driver (BYOVD) to bypass traditional Endpoint Detection and Response (EDR)
This report discusses the ongoing exploitation of older VPN vulnerabilities, particularly CVE-2018-13379 and CVE-2022-40684, highlighting how attackers, including cybercriminal and state-sponsored groups, continue to target
In February 2025, multiple significant cyber incidents revealed ongoing risks across various industries worldwide. Notable attacks included the Qilin ransomware incident at Lee Enterprises, which
This report provides an overview of the main actors involved in malicious campaigns impacting the financial sector in 2024. It follows up on a previous Sekoia report focusing on the emerging trends in the financial cyber threat landscape.
La publication suivante Cyber threats impacting the financial sector in 2024 – focus on the main actors est un article de Sekoia.io Blog.
Qilin ransomware, initially developed in Go and later in Rust, targets various platforms like Windows, Linux, and ESXi. In June 2024, a significant attack on