Tag ransomware

Microsoft Flags Storm-0501 as a Significant Threat in Hybrid Cloud Ransomware Operations

September 27, 2024
Ransomware / Cloud Security

Microsoft has identified the cyber group Storm-0501 as a noteworthy threat, targeting key sectors such as government, manufacturing, transportation, and law enforcement in the United States. Their sophisticated, multi-stage attack strategy is designed to infiltrate hybrid cloud environments, allowing attackers to move laterally from on-premises systems to the cloud. This approach leads to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. According to Microsoft’s threat intelligence team, Storm-0501 operates as a financially driven cybercriminal organization, utilizing both commodity and open-source tools for their ransomware activities. Active since 2021, they initially focused on educational institutions with the Sabbath ransomware before transitioning to a ransomware-as-a-service (RaaS) model, distributing various ransomware variants including Hive, BlackCat (ALPHV), Hunters International, LockBit, and Embargo ransomware.

Microsoft Flags Storm-0501 as Significant Threat in Hybrid Cloud Ransomware Incidents On September 27, 2024, Microsoft announced a notable increase in ransomware attacks orchestrated by the threat actor known as Storm-0501, which has predominantly targeted integral sectors such as government, manufacturing, transportation, and law enforcement across the United States. This…

Read More

Microsoft Flags Storm-0501 as a Significant Threat in Hybrid Cloud Ransomware Operations

September 27, 2024
Ransomware / Cloud Security

Microsoft has identified the cyber group Storm-0501 as a noteworthy threat, targeting key sectors such as government, manufacturing, transportation, and law enforcement in the United States. Their sophisticated, multi-stage attack strategy is designed to infiltrate hybrid cloud environments, allowing attackers to move laterally from on-premises systems to the cloud. This approach leads to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. According to Microsoft’s threat intelligence team, Storm-0501 operates as a financially driven cybercriminal organization, utilizing both commodity and open-source tools for their ransomware activities. Active since 2021, they initially focused on educational institutions with the Sabbath ransomware before transitioning to a ransomware-as-a-service (RaaS) model, distributing various ransomware variants including Hive, BlackCat (ALPHV), Hunters International, LockBit, and Embargo ransomware.

Joint Global Operation Leads to Arrests and Sanctions Against LockBit Ransomware and Evil Corp Members

October 3, 2024
Cybercrime / Ransomware

A coordinated international law enforcement effort has resulted in four arrests and the shutdown of nine servers associated with the LockBit (also known as Bitwise Spider) ransomware operation, targeting a once-prominent financially motivated cybercriminal group. Key developments include the apprehension of a suspected LockBit developer in France while on vacation outside Russia, the arrest of two individuals in the UK linked to an affiliate, and the capture of an administrator of a bulletproof hosting service in Spain used by the gang, according to Europol. Additionally, authorities have identified a Russian national, Aleksandr Ryzhenkov (known by several aliases including Beverley and Corbyn_Dallas), as a high-ranking member of the Evil Corp cybercrime group and a LockBit affiliate. Sanctions have been imposed on seven individuals and two entities connected to the e-crime organization. “The United States, in collaboration with our allies…”

LockBit Ransomware and Evil Corp Members Arrested in Global Law Enforcement Operation On October 3, 2024, a coordinated international law enforcement operation resulted in the arrest of four individuals and the dismantling of nine servers associated with the LockBit ransomware group, also known as Bitwise Spider. This initiative represents a…

Read More

Joint Global Operation Leads to Arrests and Sanctions Against LockBit Ransomware and Evil Corp Members

October 3, 2024
Cybercrime / Ransomware

A coordinated international law enforcement effort has resulted in four arrests and the shutdown of nine servers associated with the LockBit (also known as Bitwise Spider) ransomware operation, targeting a once-prominent financially motivated cybercriminal group. Key developments include the apprehension of a suspected LockBit developer in France while on vacation outside Russia, the arrest of two individuals in the UK linked to an affiliate, and the capture of an administrator of a bulletproof hosting service in Spain used by the gang, according to Europol. Additionally, authorities have identified a Russian national, Aleksandr Ryzhenkov (known by several aliases including Beverley and Corbyn_Dallas), as a high-ranking member of the Evil Corp cybercrime group and a LockBit affiliate. Sanctions have been imposed on seven individuals and two entities connected to the e-crime organization. “The United States, in collaboration with our allies…”

North Korean Hackers Initiate New Cyber Attack Against South Korea

Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime, Geo Focus: Asia Report: North Korean Hacking Group Incorporates Ransomware into Cyber Operations Chris Riotta (@chrisriotta) • August 14, 2025 Image: Shutterstock Recent findings from South Korean cybersecurity researchers have revealed a robust cyberattack campaign attributed to the North Korean hacker group…

Read MoreNorth Korean Hackers Initiate New Cyber Attack Against South Korea

FBI Alerts on Scattered Spider’s Growing Attacks Targeting Airlines Through Social Engineering

June 28, 2025
Cybercrime / Vulnerability

The U.S. Federal Bureau of Investigation (FBI) has reported that the notorious cybercrime group Scattered Spider is expanding its focus to the airline industry. The agency is actively collaborating with aviation and industry partners to address these threats and assist affected organizations. “These perpetrators exploit social engineering tactics, often impersonating employees or contractors to trick IT help desks into granting unauthorized access,” the FBI stated on X. “Their methods frequently include bypassing multi-factor authentication (MFA), such as persuading help desk services to add unauthorized MFA devices to compromised accounts.” Scattered Spider is also known to target third-party IT providers, increasing the risk of attacks on trusted vendors and contractors. These incidents often lead to data theft, extortion, and ransomware. In a statement released…

FBI Issues Alert on Scattered Spider’s Growing Attacks Against Airlines Through Social Engineering On June 28, 2025, the Federal Bureau of Investigation (FBI) issued a warning regarding the cybercrime group known as Scattered Spider, which has notably expanded its attack vector to include the aviation sector. In light of this…

Read More

FBI Alerts on Scattered Spider’s Growing Attacks Targeting Airlines Through Social Engineering

June 28, 2025
Cybercrime / Vulnerability

The U.S. Federal Bureau of Investigation (FBI) has reported that the notorious cybercrime group Scattered Spider is expanding its focus to the airline industry. The agency is actively collaborating with aviation and industry partners to address these threats and assist affected organizations. “These perpetrators exploit social engineering tactics, often impersonating employees or contractors to trick IT help desks into granting unauthorized access,” the FBI stated on X. “Their methods frequently include bypassing multi-factor authentication (MFA), such as persuading help desk services to add unauthorized MFA devices to compromised accounts.” Scattered Spider is also known to target third-party IT providers, increasing the risk of attacks on trusted vendors and contractors. These incidents often lead to data theft, extortion, and ransomware. In a statement released…

Scattered Spider Compromises VMware ESXi to Launch Ransomware Against Critical U.S. Infrastructure

July 28, 2025
Cyber Attack / Ransomware

The infamous cybercrime group Scattered Spider is targeting VMware ESXi hypervisors in a series of attacks against the retail, airline, and transportation sectors in North America. According to an in-depth analysis by Google’s Mandiant team, “The group’s core tactics remain unchanged and do not depend on software exploits. Instead, they employ a strategic playbook that primarily involves phone calls to IT help desks.” The actors are described as aggressive and innovative, particularly adept at using social engineering to bypass even robust security systems. Their operations are precision-driven campaigns focused on the most critical systems and data of their victims. Also known as 0ktapus, Muddled Libra, Octo Tempest, and UNC3944, these threat actors have a track record of executing sophisticated social engineering tactics to gain initial access to target environments, subsequently employing a “living-off-the-land” (LotL) strategy by leveraging trusted administrative tools.

Scattered Spider Breaches VMware ESXi to Launch Ransomware Attacks on Critical U.S. Infrastructure July 28, 2025 In a concerning escalation of cyber threats, the cybercriminal group known as Scattered Spider has been orchestrating targeted attacks on VMware ESXi hypervisors, primarily affecting sectors such as retail, airlines, and transportation across North…

Read More

Scattered Spider Compromises VMware ESXi to Launch Ransomware Against Critical U.S. Infrastructure

July 28, 2025
Cyber Attack / Ransomware

The infamous cybercrime group Scattered Spider is targeting VMware ESXi hypervisors in a series of attacks against the retail, airline, and transportation sectors in North America. According to an in-depth analysis by Google’s Mandiant team, “The group’s core tactics remain unchanged and do not depend on software exploits. Instead, they employ a strategic playbook that primarily involves phone calls to IT help desks.” The actors are described as aggressive and innovative, particularly adept at using social engineering to bypass even robust security systems. Their operations are precision-driven campaigns focused on the most critical systems and data of their victims. Also known as 0ktapus, Muddled Libra, Octo Tempest, and UNC3944, these threat actors have a track record of executing sophisticated social engineering tactics to gain initial access to target environments, subsequently employing a “living-off-the-land” (LotL) strategy by leveraging trusted administrative tools.

Stealthy New Ymir Ransomware Utilizes Memory Exploits to Target Corporate Networks

November 12, 2024
Cyber Attack / Cybercrime

Cybersecurity experts have identified a new ransomware variant, Ymir, which was deployed in an attack just two days after systems were compromised by RustyStealer, a type of credential-stealing malware. Kaspersky, a prominent Russian cybersecurity firm, noted that “Ymir ransomware features a distinctive mix of technical capabilities and tactics that bolster its effectiveness.” The attackers employed an unusual combination of memory management functions—malloc, memmove, and memcmp—to execute malicious code directly within system memory. This method diverges from the conventional execution flow found in common ransomware, significantly enhancing its stealth. Kaspersky reported observing this ransomware in an attack on an unnamed Colombian organization, with the threat actors leveraging stolen corporate credentials acquired through RustyStealer to gain unauthorized access.

New Ymir Ransomware Unveiled: A Stealthy Threat to Corporate Networks November 12, 2024 Cyber Attack / Cybercrime Cybersecurity experts have identified a newly emerged ransomware variant dubbed Ymir, which has been linked to a recent cyberattack. This attack occurred just two days after an initial compromise via a stealer malware…

Read More

Stealthy New Ymir Ransomware Utilizes Memory Exploits to Target Corporate Networks

November 12, 2024
Cyber Attack / Cybercrime

Cybersecurity experts have identified a new ransomware variant, Ymir, which was deployed in an attack just two days after systems were compromised by RustyStealer, a type of credential-stealing malware. Kaspersky, a prominent Russian cybersecurity firm, noted that “Ymir ransomware features a distinctive mix of technical capabilities and tactics that bolster its effectiveness.” The attackers employed an unusual combination of memory management functions—malloc, memmove, and memcmp—to execute malicious code directly within system memory. This method diverges from the conventional execution flow found in common ransomware, significantly enhancing its stealth. Kaspersky reported observing this ransomware in an attack on an unnamed Colombian organization, with the threat actors leveraging stolen corporate credentials acquired through RustyStealer to gain unauthorized access.

Ex-NSA Chief Paul Nakasone Issues a Caution to the Tech Industry

The recent shifts in the United States’ cybersecurity landscape illustrate a tumultuous period marked by significant policy changes under the Trump administration. The alterations to fiscal policy and foreign relations, coupled with widespread dismissals of federal staff, have left crucial cybersecurity priorities shrouded in uncertainty. This concern was evident at…

Read MoreEx-NSA Chief Paul Nakasone Issues a Caution to the Tech Industry