Tag: FINANCIAL

Cryptojacking: When Hackers Hijack Your Cloud to Mine Money‍☠️
Cryptojacking attacks have surged, with attackers increasingly exploiting lesser-known AWS services to mine cryptocurrency at the expense of unsuspecting users. This article discusses the rise of cryptojacking, highlights the AmberSquid campaign, and outlines preventive measures to secure AWS accounts from such attacks. Affected: AWS users, cloud infrastructure, cryptojacking victims

Keypoints :

Cryptojacking involves cybercriminals using someone else’s computing resources to mine cryptocurrency.…
Read More
Summary: After a four-year investigation, law enforcement successfully apprehended a cybercriminal known by multiple aliases, including ALTDOS and Omid16B. The criminal, motivated by financial gain, executed various attacks on companies, primarily focusing on extortion through data breaches. Group-IB played a pivotal role in tracking the actor’s activities across different identities until his arrest in Thailand on February 26, 2025.…
Read More
VanHelsing, new RaaS in Town
VanHelsingRaaS is an emerging ransomware-as-a-service (RaaS) launched in March 2025, allowing affiliates to initiate ransomware attacks with a low deposit. It targets multiple platforms and has already infected several victims demanding significant ransom payments. The program’s rapid growth and sophisticated capabilities highlight the evolving ransomware threat.…
Read More

Victim: Precision Accounting Intl Country : Actor: killsec Source: http://ks5424y3wpr5zlug5c7i6svvxweinhbdcqcfnptkfcutrncfazzgz5id.onion/posts.php?pid=CIWSCO9aoCBcbTvzidlI3l1i Discovered: 2025-03-23 17:00:54.550305 Published: 2025-03-23 16:59:12.541340 Description : Precision Accounting International, a financial services firm, has recently fallen victim to a ransomware attack attributed to the malicious group known as KillSec. The incident has raised significant concerns regarding cybersecurity within the accounting industry, highlighting the increasing sophistication of cyber threats that target sensitive financial data.…
Read More
Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories’ CI/CD Secrets Exposed
Summary: A targeted supply chain attack involving the GitHub Action “tj-actions/changed-files” was first directed at Coinbase’s open-source projects but escalated into a wider attack compromising 218 repositories. The attacker was able to exploit the CI/CD process, manage tokens, and introduce malicious code without initially triggering significant alarms.…
Read More
Water and Sewerage Corporation Victim of Cyberattack, No Evidence of Client Data Compromise

Date Reported: 2025-03-20 Country: BHS | Bahamas Victim: La Water and Sewerage Corporation | Water and Sewerage Corporation Website: wsc.com.bs Information :The Water and Sewerage Corporation has been a victim of a cyberattack. Currently, there is no evidence that customer data has been compromised. The corporation advises clients to be cautious of suspicious email links.…
Read More
U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe
Summary: The U.S. Treasury Department has lifted sanctions against Tornado Cash, a cryptocurrency mixer previously linked to laundering money for the North Korean Lazarus Group. This decision follows a Fifth Circuit court ruling that questioned the authority of the Treasury’s Office of Foreign Assets Control (OFAC) to sanction entities like Tornado Cash, which utilizes immutable smart contracts.…
Read More

Victim: Aztec Municipal School District Country : US Actor: interlock Source: http://ebhmkoohccl45qesdbvrjqtyro2hmhkmh6vkyfyjjzfllm3ix72aqaid.onion/leaks.phphttp://5mk7t3hpdjei4ezymeog3kfsjmfxghvwr5ekerdilitafolstou5vpid.onion/index.php?p= Discovered: 2025-03-22 07:29:10.682140 Published: 2025-03-22 07:28:04.905862 Description : The Aztec Municipal School District, located in Aztec, New Mexico, United States, has fallen victim to a ransomware attack perpetrated by the cybercriminal group known as Interlock.…
Read More

Victim: www.accessfinanceonline.com Country : US Actor: ransomhub Source: http://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion/111192d5-95f1-40bd-948e-d5bb91180b8f/ Discovered: 2025-03-21 18:59:09.170501 Published: 2025-03-21 16:24:39.000000 Description : Access Finance Online, a financial services provider based in the United States, fell victim to a ransomware attack orchestrated by the cybercriminal group known as RansomHub. This incident highlights the increasing threat of ransomware targeting businesses in the financial sector, where sensitive financial data is particularly valuable.…
Read More
The Biggest Supply Chain Hack Of 2025: 6M Records For Sale Exfiltrated from Oracle Cloud Affecting over 140k Tenants
A significant data breach occurred involving a threat actor known as “rose87168,” who sold 6 million records extracted from Oracle Cloud’s SSO and LDAP systems. The compromised data includes sensitive credentials and key files, affecting over 140,000 tenants. The actor’s activities suggest they exploited a web application vulnerability, raising severe concerns regarding Oracle Cloud’s security.…
Read More

Victim: armetal.com Country : SA Actor: babuk2 Source: http:/bxwu33iefqfc3rxigynn3ghvq4gdw3gxgxna5m4aa3o4vscdeeqhiqad.onion/blog/d6c2af1136713d35a9c294992cbed89b7dd21acca7ff34b0549291a2eef5f4cd/ Discovered: 2025-03-21 19:49:28.800788 Published: 2025-03-21 19:48:21.415225 Description : Armetal.com, a company based in Saudi Arabia, has fallen victim to a ransomware attack attributed to the notorious Babuk2 actor. This cyber incident has raised significant concerns regarding data security and the resilience of organizations in the region, as attackers continue to employ sophisticated tactics to disrupt operations and extort sensitive information.…
Read More
Clearview AI settles class-action privacy lawsuit worth an estimated million
Summary: A federal judge has approved a settlement between Clearview AI and class action plaintiffs regarding privacy infringement allegations, valuing potential damages at over million. The settlement allows plaintiffs to have a stake in the company’s future value instead of receiving a lump sum payment. The case arose from Clearview’s practice of scraping facial images from the internet without consent, which violated Illinois’ Biometric Privacy Act.…
Read More

Victim: Cayman National Bank Country : KY Actor: killsec Source: http://ks5424y3wpr5zlug5c7i6svvxweinhbdcqcfnptkfcutrncfazzgz5id.onion/posts.php?pid=gCiAXzlog0OieRHNJmxy4V90 Discovered: 2025-03-21 15:45:27.027235 Published: 2025-03-21 15:44:02.838794 Description : Cayman National Bank, located in the Cayman Islands, recently fell victim to a ransomware attack attributed to the malicious actor known as KillSec. This cyber assault has raised significant concerns regarding the security measures in place at financial institutions, highlighting the evolving threats posed by sophisticated criminal organizations in the digital landscape.…
Read More
US Treasury removes sanctions on Tornado Cash after appellate court loss
Summary: Tornado Cash, a cryptocurrency mixer accused of laundering funds for North Korean hackers, has been removed from the U.S. sanctions list following a court ruling that the Treasury Department exceeded its authority. The decision acknowledges complex legal challenges associated with regulating digital assets. Despite the sanctions removal, concerns remain regarding the use of cryptocurrency for cybercrime.…
Read More

Victim: CS Plastics Country : BE Actor: akira Source: Discovered: 2025-03-21 11:46:41.809682 Published: 2025-03-21 00:00:00.000000 Description : CS Plastics, a Belgium-based company specializing in manufacturing machines and equipment for the plastic processing sector, has fallen victim to a ransomware attack orchestrated by the cybercriminal group Akira.…
Read More
Report: One Million Phishing-as-a-Service Attacks in Two Months Highlight a Fast-Evolving Threat
Summary: This content outlines how to recognize PhaaS (Phishing-as-a-Service) attacks, specifically focusing on detecting suspicious login pages and multi-factor authentication (MFA) anomalies. It emphasizes the importance of advanced email security solutions and employee training to combat these sophisticated threats. Additionally, it highlights the need for strong authentication measures to protect against credential theft and other cyber risks.…
Read More
Albabat Ransomware Group Potentially Expands Targets to Multiple OS, Uses GitHub to Streamline Operations
Trend Research has identified new versions of the Albabat ransomware targeting Windows, Linux, and macOS platforms. The group is utilizing GitHub to facilitate their ransomware operations. Organizations are advised to enhance security protocols and implement preventive measures to mitigate potential ransomware attacks. Affected: Windows, Linux, macOS

Keypoints :

New versions of Albabat ransomware have been discovered, indicating a potential expansion of targets.…
Read More

Victim: Standard Capital Securities (Pvt) Backoffice – Pakistan Stock Market Data Vault Country : PK Actor: babuk2 Source: http:/bxwu33iefqfc3rxigynn3ghvq4gdw3gxgxna5m4aa3o4vscdeeqhiqad.onion/blog/de0dc89e0f4664f6d02caa2089bc6175035d4fac821ea4afaf133681c2fc9ef9/ Discovered: 2025-03-21 01:22:50.633507 Published: 2025-03-21 01:21:43.515200 Description : Standard Capital Securities (Pvt) Backoffice, a participant in the Pakistan Stock Market Data Vault, recently fell victim to a ransomware attack orchestrated by the Babuk2 threat actor group.…
Read More