The FIN7 gang has made a comeback with a new attack tactic involving Cl0p ransomware strains. It has previously utilized ransomware strains developed by various groups such as REvil and Maze. It uses Impacket and OpenSSH to infiltrate targeted networks…

Long-running cybercrime cartel FIN7, which has made use of ransomware variants developed by groups including REvil and Maze, has added another strain to its arsenal. This time, its the Cl0p ransomware.

Financially-motivated UNC3944 gang was found using phishing and SIM swapping attacks to hijack Microsoft Azure admin accounts and gain access to virtual machines to steal data from victim organizations. The threat actor gains initial access to an Azure…

A newly discovered campaign related to the Bad Magic APT involved use of a modular framework dubbed CloudWizard. Its features include taking screenshots, microphone recording, keylogging, and more.

Since 2021, Trend Micro has been tracking a different operation that appears to be linked to Triada. The group behind the campaign is tracked by the cybersecurity firm as Lemon Group and the malware preloaded on devices is called Guerrilla.

The group is swiftly expanding its operations. To date, it has compromised three organizations in the U.S. and one in South Korea across several business verticals, including manufacturing, wealth management, insurance providers, and pharmaceuticals.

Red Stinger, a newly discovered advanced persistent threat (APT) actor, has been found conducting targeted attacks in Ukraine since 2020. Military, transportation, and critical infrastructure entities were among their primary targets, along with organi…

A group of cybercriminals based in Israel has launched more than 350 business email compromise (BEC) campaigns over the past two years, targeting large multinational companies from around the world.

Multiple threat actors have capitalized on the leak of Babuk (aka Babak or Babyk) ransomware code in September 2021 to build as many as nine different ransomware families capable of targeting VMware ESXi systems.

While looking for activities from the usual suspects, one of our former coworkers at Malwarebytes Threat Intelligence Team discovered a new interesting lure that targeted the Eastern Ukraine region and reported that finding to the public.