Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime, Geo Focus: Asia Report: North Korean Hacking Group Incorporates Ransomware into Cyber Operations Chris Riotta (@chrisriotta) • August 14, 2025 Image: Shutterstock Recent findings from South Korean cybersecurity researchers have revealed a robust cyberattack campaign attributed to the North Korean hacker group…
June 28, 2025
Cybercrime / Vulnerability
The U.S. Federal Bureau of Investigation (FBI) has reported that the notorious cybercrime group Scattered Spider is expanding its focus to the airline industry. The agency is actively collaborating with aviation and industry partners to address these threats and assist affected organizations. “These perpetrators exploit social engineering tactics, often impersonating employees or contractors to trick IT help desks into granting unauthorized access,” the FBI stated on X. “Their methods frequently include bypassing multi-factor authentication (MFA), such as persuading help desk services to add unauthorized MFA devices to compromised accounts.” Scattered Spider is also known to target third-party IT providers, increasing the risk of attacks on trusted vendors and contractors. These incidents often lead to data theft, extortion, and ransomware. In a statement released…
FBI Issues Alert on Scattered Spider’s Growing Attacks Against Airlines Through Social Engineering On June 28, 2025, the Federal Bureau of Investigation (FBI) issued a warning regarding the cybercrime group known as Scattered Spider, which has notably expanded its attack vector to include the aviation sector. In light of this…
June 28, 2025
Cybercrime / Vulnerability
The U.S. Federal Bureau of Investigation (FBI) has reported that the notorious cybercrime group Scattered Spider is expanding its focus to the airline industry. The agency is actively collaborating with aviation and industry partners to address these threats and assist affected organizations. “These perpetrators exploit social engineering tactics, often impersonating employees or contractors to trick IT help desks into granting unauthorized access,” the FBI stated on X. “Their methods frequently include bypassing multi-factor authentication (MFA), such as persuading help desk services to add unauthorized MFA devices to compromised accounts.” Scattered Spider is also known to target third-party IT providers, increasing the risk of attacks on trusted vendors and contractors. These incidents often lead to data theft, extortion, and ransomware. In a statement released…
In a concerning development, a significant data breach linked to the Allianz Life ransomware attack has exposed nearly 3 million records from over a million individuals. This sensitive information, which includes names, addresses, phone numbers, dates of birth, Tax Identification Numbers, and social security numbers, has emerged on public internet…
Scattered Spider Compromises VMware ESXi to Launch Ransomware Against Critical U.S. Infrastructure
July 28, 2025
Cyber Attack / Ransomware
The infamous cybercrime group Scattered Spider is targeting VMware ESXi hypervisors in a series of attacks against the retail, airline, and transportation sectors in North America. According to an in-depth analysis by Google’s Mandiant team, “The group’s core tactics remain unchanged and do not depend on software exploits. Instead, they employ a strategic playbook that primarily involves phone calls to IT help desks.” The actors are described as aggressive and innovative, particularly adept at using social engineering to bypass even robust security systems. Their operations are precision-driven campaigns focused on the most critical systems and data of their victims. Also known as 0ktapus, Muddled Libra, Octo Tempest, and UNC3944, these threat actors have a track record of executing sophisticated social engineering tactics to gain initial access to target environments, subsequently employing a “living-off-the-land” (LotL) strategy by leveraging trusted administrative tools.
Scattered Spider Breaches VMware ESXi to Launch Ransomware Attacks on Critical U.S. Infrastructure July 28, 2025 In a concerning escalation of cyber threats, the cybercriminal group known as Scattered Spider has been orchestrating targeted attacks on VMware ESXi hypervisors, primarily affecting sectors such as retail, airlines, and transportation across North…
Scattered Spider Compromises VMware ESXi to Launch Ransomware Against Critical U.S. Infrastructure
July 28, 2025
Cyber Attack / Ransomware
The infamous cybercrime group Scattered Spider is targeting VMware ESXi hypervisors in a series of attacks against the retail, airline, and transportation sectors in North America. According to an in-depth analysis by Google’s Mandiant team, “The group’s core tactics remain unchanged and do not depend on software exploits. Instead, they employ a strategic playbook that primarily involves phone calls to IT help desks.” The actors are described as aggressive and innovative, particularly adept at using social engineering to bypass even robust security systems. Their operations are precision-driven campaigns focused on the most critical systems and data of their victims. Also known as 0ktapus, Muddled Libra, Octo Tempest, and UNC3944, these threat actors have a track record of executing sophisticated social engineering tactics to gain initial access to target environments, subsequently employing a “living-off-the-land” (LotL) strategy by leveraging trusted administrative tools.
Google Data Breach: Business User Information Compromised In a recent announcement, Google confirmed that a cyberattack attributed to the ShinyHunters ransomware group has led to unauthorized access of business user data within its corporate databases. The breach specifically targeted a Salesforce system that stores contact information for small and medium-sized…
Stealthy New Ymir Ransomware Utilizes Memory Exploits to Target Corporate Networks
November 12, 2024
Cyber Attack / Cybercrime
Cybersecurity experts have identified a new ransomware variant, Ymir, which was deployed in an attack just two days after systems were compromised by RustyStealer, a type of credential-stealing malware. Kaspersky, a prominent Russian cybersecurity firm, noted that “Ymir ransomware features a distinctive mix of technical capabilities and tactics that bolster its effectiveness.” The attackers employed an unusual combination of memory management functions—malloc, memmove, and memcmp—to execute malicious code directly within system memory. This method diverges from the conventional execution flow found in common ransomware, significantly enhancing its stealth. Kaspersky reported observing this ransomware in an attack on an unnamed Colombian organization, with the threat actors leveraging stolen corporate credentials acquired through RustyStealer to gain unauthorized access.
New Ymir Ransomware Unveiled: A Stealthy Threat to Corporate Networks November 12, 2024 Cyber Attack / Cybercrime Cybersecurity experts have identified a newly emerged ransomware variant dubbed Ymir, which has been linked to a recent cyberattack. This attack occurred just two days after an initial compromise via a stealer malware…
Stealthy New Ymir Ransomware Utilizes Memory Exploits to Target Corporate Networks
November 12, 2024
Cyber Attack / Cybercrime
Cybersecurity experts have identified a new ransomware variant, Ymir, which was deployed in an attack just two days after systems were compromised by RustyStealer, a type of credential-stealing malware. Kaspersky, a prominent Russian cybersecurity firm, noted that “Ymir ransomware features a distinctive mix of technical capabilities and tactics that bolster its effectiveness.” The attackers employed an unusual combination of memory management functions—malloc, memmove, and memcmp—to execute malicious code directly within system memory. This method diverges from the conventional execution flow found in common ransomware, significantly enhancing its stealth. Kaspersky reported observing this ransomware in an attack on an unnamed Colombian organization, with the threat actors leveraging stolen corporate credentials acquired through RustyStealer to gain unauthorized access.
The recent shifts in the United States’ cybersecurity landscape illustrate a tumultuous period marked by significant policy changes under the Trump administration. The alterations to fiscal policy and foreign relations, coupled with widespread dismissals of federal staff, have left crucial cybersecurity priorities shrouded in uncertainty. This concern was evident at…
Data Breach Notification, Data Security, Fraud Management & Cybercrime Interlock Claims to Possess 1.5TB of DaVita’s Data Amid Rising Costs Marianne Kolbasuk McGee (HealthInfoSec) • August 6, 2025 Image: DaVita Inc. DaVita Inc., a leading provider in kidney dialysis services globally, recently reported to regulators that a cyberattack occurring in…
Surge in Cybercrime: Alarming Trends in Ransomware and Infostealer Attacks Recent research highlights a significant escalation in cybercrime activity throughout 2025, characterized by substantial increases across various types of threats. Notably, there has been a staggering 800% rise in credential theft attributed to information-stealing malware, defining identity theft as a…
