DeceptiveDevelopment is a North Korea-aligned group using sophisticated social engineering—fake recruiter profiles and the ClickFix technique—to deliver multiplatform malware like BeaverTail, InvisibleFerret, WeaselStore, TsunamiKit, Tropidoor, and AkdoorTea targeting developers and crypto-related projects. Research links their operations to North Korean IT worker fraud campaigns (WageMole), showing shared tools, stolen identities, and operational overlap between malware-driven campaigns and employment-fraud schemes. #DeceptiveDevelopment #TsunamiKit
Tag: DARK WEB
This report details a North Korea-linked campaign called Contagious Interview, which uses multi-platform malware and social engineering tactics to target cryptocurrency developers globally. The campaign involves fake job offers and malicious programming exercises to deliver malware like BeaverTail, WeaselStore, Tropidoor, and AkdoorTea, linked to Lazarus Group tools. #ContagiousInterview #LazarusGroup…
The Qilin ransomware group has claimed to breach and leak data from multiple international companies, employing double-extortion tactics. The leaked information includes sensitive financial, personal, and corporate data from victims in Chile and Cyprus. #QilinRansomware #DoubleExtortion #OfficePro #MPMImportsLTD…
A ransomware attack on Swedish IT company Miljödata led to the theft of personal data affecting around 25 private companies and 200 Swedish municipalities. Volvo Group North America is now notifying employees about the breach involving their personal and Social Security information. #DataCarry #Miljödata #VolvoGroup #Ransomware #DataBreach…
A threat actor claims to have compromised Hamdard Pakistan, a leading herbal medicine company, during a cyberattack on September 24, 2025. The breach allegedly involved the exfiltration of 6,000 records containing sensitive personal data related to job applications. #HamdardPakistan #DataBreach…
KaruHunters claims to have leaked a dataset from Hamdard Pakistan, exposing sensitive customer information. The breach involves approximately 6,000 records, highlighting a significant data security incident. #HamdardPakistan #DataBreach…
A threat actor named Ghidra claims to have breached the LCBO database, exposing sensitive data of over 165,000 users. This incident highlights the vulnerability of the Liquor Control Board of Ontario’s data security measures. #Ghidra #LCBODataBreach…
A threat actor named 888 claims to have leaked data from UBX, a Tanzanian hybrid IT integrator and managed service provider. The leaked information reportedly includes sensitive data related to UBX’s partnerships with Microsoft, Cisco, and IBM. #UBX #DataLeak #888 #Tanzania #CyberThreat…
This article discusses India’s evolving Digital Personal Data Protection (DPDP) Act 2023 and its implications for breach management, enforcement, and compliance. It emphasizes the importance of rapid detection, continuous monitoring, and proactive measures to meet the regulatory timelines and avoid hefty penalties. #DPDP #CyberBreaches…
An alleged leak of a classified Algerian eSIM policy directive has surfaced on a public forum, claiming to be a confidential government document. The document is offered for sale through Telegram, raising concerns about potential sensitive information exposure. #AlgerianGovernment #eSIMPolicy #DataLeak…
An alleged data sale involves over 20 million records from Indonesia’s Ministry of Education, Research and Technology, hosted at kemdikbud.go.id. The seller claims the dataset includes sensitive information such as confidential letters and financial records, with the breach reportedly occurring on August 18, 2025. #KemdikbudData #IndonesiaDataBreach…
On 19–20 September 2025, multiple major European airports (Heathrow, Brussels, Berlin) experienced severe disruptions to check-in, boarding, and baggage systems after an attack on Collins Aerospace’s MUSE platform, forcing manual operations, delays, and cancellations. CYFIRMA assesses Alixsec, Scattered Spider, and Rhysida as plausible actors based on prior targeting and operational history. #CollinsAerospace #MUSE #Alixsec #Rhysida
A threat actor claims to have infiltrated the Electoral Court of Uruguay and is selling a database containing over 622,000 records on the dark web. The data includes highly sensitive personal information such as IDs, birth certificates, and images. #UruguayElectoralCourt #DarkWebData #DataBreach #CyberThreats…
Threat actor AgSlowly is allegedly selling a large dataset stolen from Fortis Healthcare, one of India’s leading hospital networks. The dataset, totaling 21.8 GB, is marketed at $1000 and includes multiple CSV database tables. #FortisHealthcare #AgSlowly…
Dire Wolf surfaced in May 2025 as a financially motivated ransomware group that rapidly claimed dozens of victims across Asia, Europe, and North America using a double-extortion model and a Tor leak site for pressure. The group uses a Go-based, UPX-packed payload that encrypts files with ChaCha20/Curve25519, leaves a HowToRecoveryFiles.txt ransom note, and marks files with the .Dire Wolf extension. #DireWolf #HowToRecoveryFiles.txt