The DragonForce ransomware group has gained notoriety for targeting UK retailers like Marks & Spencer and Co-op, stealing customer data and deploying encryptors. The attack on a managed service provider exploited vulnerabilities in the SimpleHelp RMM platform, highlighting the risks faced by MSPs and their customers. #DragonForce #SimpleHelp #REvil #Kaseya #MSPattacks #retailcyberattack
Tag: RAAS
A managed service provider (MSP) and its clients were compromised through the exploitation of vulnerabilities in SimpleHelp remote management software, leading to a DragonForce ransomware attack. The threat actors used chained bugs to gain full system access, exfiltrate data, and deploy ransomware, affecting multiple organizations. #DragonForce #SimpleHelpVulnerabilities…
A recent targeted attack exploited vulnerabilities in a remote monitoring tool to deploy DragonForce ransomware and exfiltrate data through a double extortion tactic. Sophos MDR successfully thwarted the attack on one client using advanced detection, but other affected organizations lacked such protection. #DragonForce #SimpleHelp #RansomHub #ScatteredSpider…
DragonForce is a ransomware strain that evolved from a pro-Palestine hacktivist group into a financially motivated Ransomware-as-a-Service (RaaS) operation using custom payloads based on Conti V3. It utilizes a double extortion approach, advanced post-exploitation tools, and Bring Your Own Vulnerable Driver (BYOVD) techniques, with AttackIQ providing detailed emulations to help organizations…
The VanHelsing ransomware-as-a-service operation has leaked its source code, including the Windows encryptor and affiliate panel, after an attempted sale by an alleged hacker. This leak could enable cybercriminals to customize and deploy new variants, impacting multiple systems such as Windows, Linux, BSD, ARM, and ESXi. #VanHelsing #Ransomware #Cybersecurity #SourceCodeLeak
A recent leak of the LockBit ransomware group’s internal database has exposed detailed information about their operations, affiliates, targets, and payment methods. This breach could significantly impact the group’s future activities and law enforcement efforts. Affected: LockBit ransomware group, victim organizations, cybersecurity and law enforcement agencies…
Scattered Spider is a financially motivated threat actor specializing in cloud-focused social engineering and access brokering, likely enabling DragonForce ransomware attacks against UK retail organizations. Their evolving collaboration model with ransomware groups illustrates increasing compartmentalization within cybercrime ecosystems, impacting #UKRetail #DragonForce #ScatteredSpider.
Google warns that the hacking group behind recent UK retail cyberattacks is now targeting US companies, emphasizing ongoing threats to the retail sector. The group uses sophisticated social engineering, extortion, and ransomware tactics to compromise high-profile organizations.Affected: US retailers, UK retailers…
Andrei Tarasov, a Russian-born cybercriminal, has a complex history involving exploit kits, malware development, and international law enforcement actions. Despite recent arrests and extradition issues, he remains active in the cybercrime community, operating under aliases and reflecting on his time in detention.Affected: Cybercriminal networks, law enforcement agencies, victims of malware and…
VanHelsing is a ransomware-as-a-service operation that targets multiple platforms using sophisticated encryption algorithms and a double extortion scheme. AttackIQ has developed an emulation-based attack graph to help organizations validate their security controls against VanHelsing’s tactics and techniques. #VanHelsing #AttackIQ…
Ransomware has become a highly advanced and coordinated threat, exploiting legitimate IT tools and innovative business models like RaaS to increase attack frequency and reach. Building a comprehensive backup and recovery strategy is essential for organizations to withstand and quickly recover from such attacks. Affected: Organizations, IT systems, backup infrastructure…
The DragonForce ransomware group has shifted from hacktivism to a profit-driven Ransomware-as-a-Service model, impacting major UK retail organizations. Recent attacks on M&S, Co-op, and Harrods demonstrate their growing capabilities and the serious cybersecurity risks they pose.
Affected: M&S, Co-op, Harrods…
Moldovan authorities, with support from Dutch law enforcement, arrested a suspect linked to DoppelPaymer ransomware attacks targeting organizations in the Netherlands, including a major scientific institution. The operation involved searches, seizure of electronic devices, and the suspect remains in custody awaiting extradition. Affected: Dutch Research Council (NWO), organizations in the Netherlands…
Lumma Stealer is an evolving info-stealing malware-as-a-service exploited via trusted platforms like GitHub to harvest credentials, crypto wallets, and personal data using advanced evasion, scripting,
