The group initially threatened victims with European data breach fines but later offered to sell the entire operation, including domain names, breached company access, and databases.

The attack was not driven by military necessity but rather aimed to increase the psychological toll of the war, showcasing Russia’s focus on disrupting and degrading military readiness through cyber means.

SideCopy is employing phishing tactics and using compromised domains with reused IP addresses to distribute malicious files and deploy malware, including a Linux variant of the Ares RAT, indicating a multi-platform approach in their attacks.

An Iranian APT group known as Agrius has been targeting higher education and technology organizations in Israel with destructive attacks and wipers, including MultiLayer, PartialWasher, and BFG Agonizer, since January 2023.

Researchers identified Russian-linked Turla APT deploying an updated version of the Kazuar backdoor, suggesting a revival of the malware after years of inactivity with improved code structure and enhanced functionality. The new version of the Kazu…

Attackers are also extracting credentials from cloud service providers, marking the first documented instance of Looney Tunables exploitation. The group has a history of quickly adapting its tactics to exploit newly disclosed vulnerabilities.

The Russia-based criminal reshipping service SWAT USA Drop was hacked, exposing its operations and revealing the involvement of over 1,200 people in reshipping stolen goods purchased with stolen credit cards.

MuddyWater’s tactics have evolved over time, with the group now utilizing a new file-sharing service called Storyblok and a new command-and-control framework called MuddyC2Go.

The RansomedVC group, which recently claimed responsibility for several high-profile attacks, is now up for sale. The owner, citing personal reasons and a desire to avoid monitoring by federal agencies, is offering a 20% discount to a trusted buyer.

The campaign, which targets high-profile organizations in the Middle East, has been using the LIONTAIL malware framework installed on Windows servers. LIONTAIL uses Windows HTTP stack driver HTTP.sys to load memory-resident payloads.