CyberNiggers, a racist threat group, has resurfaced on Breach Forums with IntelBroker playing a central leadership role in its cyber operations. The piece outlines their targets (including GE and DARPA-linked data), recruitment dynamics, and how initial-access…
Tag: DARK WEB
On February 2, 2024, AnyDesk, a popular remote desktop software provider, announced that it had fallen victim to a cyberattack that compromised its production systems. The breach, orchestrated by malicious actors, has far-reaching implications for AnyDesk customers.The incident came to light when An…
ASEC uses a Linux SSH honeypot to monitor attacks against Linux systems and describes how threat actors install backdoor accounts or SSH keys via brute-force and dictionary attacks on poorly managed servers. The article covers backdoor account creation, root-p…
Telegram hosts public marketplaces where phishing kits, scampage generators, stolen credentials, bulletproof hosting, and mailer services are traded, enabling low-cost end-to-end phishing campaigns. The article demonstrates how attackers can assemble a full Ba…
Alpha ransomware is an emerging threat that operates a dedicated data leak site (DLS) on the Dark Web, named MYDATA, with six victims listed and ongoing development noted. The operation shows evolving tactics, including ransom notes, a victim login panel for n…
Albabat is a Rust-written ransomware family that spreads via rogue downloads (fake Windows activators and game cheats), encrypts user files with a .abbt extension, and drops ransom notes while attempting to stop key processes and services. FortiGuard Labs docu…
FortiGuard Labs analyzed a Phobos-family campaign that uses an XLAM document with embedded VBA to launch PowerShell, download Base64-encoded payloads from a Gitea repository, and deploy the FAUST ransomware via in-memory shellcode injection. The chain includes…
The Malek Team, an Iran-associated threat actor, has escalated cyber offensives against Israeli institutions, including a major breach at Ziv Medical Center and a data leak from Ono Academic College. The incidents involve massive data exfiltration and raise na…
INC Ransom is a new, highly sophisticated ransomware group targeting corporate networks with double extortion. Their operation blends spear-phishing and exploitation of CVE-2023-3519 in Citrix NetScaler with legitimate tools for recon, lateral movement, data s…
A colossal wave of stolen personal identifiable information (PII) from Thailand has crashed onto the shores of the dark web, marking a disturbing escalation in cybercriminal activities. This massive leak, unprecedented in its scale and audacity, has exposed the personal data of millions, casting a l…
WereWolves Ransomware is a Russian-speaking group that emerged in 2023 and has built a notable online presence while expanding its victim list to at least 23. They deploy a LockBit3 variant with double extortion, encrypting data and threatening to leak it publ…
Kroll found that DARKGATE v5.2.3 randomizes a nonstandard base64 alphabet per victim but uses a weak seed derived by summing the bytes of a 32‑byte hardware ID, making the per‑system alphabet trivial to brute force. Reimplementing DARKGATE’s shuffle and iterat…
The article profiles the Scattered Spider group, detailing its many aliases and its transition from phishing-based intrusions to ransomware and RaaS affiliations, including high-profile breaches at MGM Resorts, Caesars Entertainment, and Riot Games. It also di…
Keyhole is a multi-functional VNC/Backconnect component used extensively by IcedID/Anubis, expanding beyond typical backconnect tools. It loads a decoded core module, retrieves system information, hijacks browser profiles, injects into explorer.exe, and suppor…
FortiGuard Labs found attackers hijacking YouTube channels to distribute a Lumma Stealer variant via cracked-software videos that link to ZIP archives hosted on GitHub and MediaFire. The chain uses an LNK that launches PowerShell to fetch a SmartAssembly-obfus…