Tag: LEAK

RaaS Evolved: LockBit 3.0 vs LockBit 4.0
LockBit is a prominent ransomware strain operating since 2019, known for its aggressive tactics and Ransomware-as-a-Service model. The evolution of LockBit has seen the transition from version 3.0 to 4.0, introducing enhanced evasion techniques and impacting various organizations worldwide. Affected: organizations, cybersecurity sector

Keypoints :

LockBit ransomware has been operational since 2019, targeting diverse industries.…
Read More
Inside Hunters International Group: How a Retailer Became the Latest Ransomware Victim
Summary: In February 2025, the eSentire Threat Response Unit (TRU) uncovered a sophisticated ransomware campaign by the Hunters International group against a retail organization, utilizing vulnerabilities in FortiOS for initial access. The attack involved the creation of a super admin account, lateral movement within the network, and the deployment of a new variant of ransomware designed to evade detection and prevent data recovery.…
Read More
Unveiled the Threat Actors
This article explores various threat actors known for their significant cyber attacks, detailing their origins, techniques, and famous hacks. It categorizes these actors by their affiliations, such as state-sponsored and financially motivated groups, providing insight into their behaviors and methodologies. Affected: Government networks, financial institutions, healthcare, energy sector, retail, hospitality, media, technology, and more.…
Read More
New VanHelsing ransomware targets Windows, ARM, ESXi systems
Summary: A new multi-platform ransomware-as-a-service operation called VanHelsing has emerged, targeting various operating systems, including Windows and Linux. It allows affiliates to keep 80% of ransom payments and employs sophisticated encryption methods and stealth tactics in its operations. The ransomware has already been used in attacks against at least three victims, with ransoms set at 0,000.…
Read More
VanHelsing RaaS Launch: 3 Victims, K Entry Fee, Multi-OS, and Double Extortion Tactics
Summary: The VanHelsing ransomware-as-a-service (RaaS) operation emerged on March 7, 2025, quickly claiming multiple victims through a user-friendly platform that supports a variety of operating systems. The scheme employs double extortion tactics and allows affiliates to profit significantly while only prohibiting attacks on the Commonwealth of Independent States (CIS).…
Read More
⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More
Summary: Recent cyber threats highlight vulnerabilities in open-source tools, escalating ad fraud through mobile apps, and advanced ransomware tactics targeting critical defenses. Notably, attacks have leveraged AI, and a supply chain breach at Coinbase exemplifies these risks. A rise in stolen credentials further underscores the urgent need for improved cybersecurity measures.…
Read More
Cryptojacking: When Hackers Hijack Your Cloud to Mine Money‍☠️
Cryptojacking attacks have surged, with attackers increasingly exploiting lesser-known AWS services to mine cryptocurrency at the expense of unsuspecting users. This article discusses the rise of cryptojacking, highlights the AmberSquid campaign, and outlines preventive measures to secure AWS accounts from such attacks. Affected: AWS users, cloud infrastructure, cryptojacking victims

Keypoints :

Cryptojacking involves cybercriminals using someone else’s computing resources to mine cryptocurrency.…
Read More

Victim: Groupe des Industries M,étallurgiques Country : FR Actor: qilin Source: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=1f3f9aac-c9c4-370f-b95d-987f8cbbd21a Discovered: 2025-03-24 04:14:26.132142 Published: 2025-03-24 00:00:00.000000 Description : On March 30, the infamous ransomware group Qilin is set to publish sensitive data stolen from Groupe des Industries Métallurgiques (GIM), the key employers’ union for the metal industry in France, representing a majority of companies in this sector within the Paris region.…
Read More
Cloudflare now blocks all unencrypted traffic to its API endpoints
Summary: Cloudflare has ceased all HTTP connections for its API, now requiring secure HTTPS connections only. This change aims to eliminate the risks of sensitive data exposure through unencrypted requests, particularly on public networks. Consequently, any existing HTTP-based integrations will cease to function immediately, with Cloudflare recommending users transition to HTTPS.…
Read More

Victim: Importadora Monterrey SRL Country : MX Actor: sarcoma Source: Discovered: 2025-03-22 16:00:53.582090 Published: 2025-03-22 16:00:52.454622 Description : Importadora Monterrey SRL, a prominent steel solutions provider for civil construction based in Mexico, has fallen victim to a ransomware attack attributed to the cybercriminal group sarcoma. The company is renowned for offering high-quality steel products backed by ArcelorMittal, the world’s leading steel manufacturer.…
Read More

Victim: AHI Supply Country : US Actor: sarcoma Source: Discovered: 2025-03-22 16:00:57.810780 Published: 2025-03-22 16:00:56.756254 Description : AHI Supply, a prominent manufacturer and supplier of construction products in the US, experienced a ransomware attack orchestrated by the cybercriminal group Sarcoma. Established in 1982 and headquartered in Texas, AHI Supply is dedicated to providing high-quality construction solutions, including custom architectural products, masonry materials, and innovative cement lines.…
Read More

Victim: ICS Nett Country : US Actor: sarcoma Source: Discovered: 2025-03-22 16:01:02.487276 Published: 2025-03-22 16:01:01.355974 Description : ICS Nett, a US-based company founded in 2003 as a Small Disadvantaged Business (SDB) and Minority Business Enterprise (MBE), recently fell victim to a ransomware attack orchestrated by the cybercriminal group Sarcoma.…
Read More
New Ransomware Operator Exploits Fortinet Vulnerability Duo
Forescout Research has identified a new ransomware strain, dubbed SuperBlack, linked to the threat actor “Mora_001”, exploiting vulnerabilities in Fortinet devices. This threat actor is connected to the LockBit ransomware ecosystem and demonstrates sophisticated tactics including rapid ransomware deployment, user account creation across victim networks, and the use of modified LockBit tools.…
Read More
Operation FishMedley
The US Department of Justice has indicted employees of the Chinese contractor I‑SOON for conducting espionage campaigns, particularly targeting governments, NGOs, and think tanks through the FishMonger APT group. The campaign, termed Operation FishMedley, involved complex techniques and tools typically used by China-aligned threat actors, leading to the compromise of several organizations across various continents.…
Read More
Ransomware Group Claims Attack on Virginia Attorney General’s Office
Summary: The Cloak ransomware group has executed a cyberattack on the Virginia Attorney General’s Office, leading to significant disruptions in their computer systems and services. Following the attack, Cloak claimed responsibility and released purportedly stolen data on their leak site. This incident marks Cloak’s first confirmed attack in 2023, amid an increasing number of victims since the group’s emergence.…
Read More
In Other News: Critical Chrome Bug, Capital One Hacker Resententencing, Story of Expat Flaw
Summary: This week’s cybersecurity news roundup highlights key developments, including significant legal rulings, vulnerability disclosures, and actions against malicious activities. Notably, a former Uber security chief’s conviction was upheld, and critical security vulnerabilities were identified in popular software. The roundup aims to provide a broader understanding of the evolving cybersecurity landscape.…
Read More
DOTr HRIS System Compromised, Threat Actor Exposes Government Weaknesses
Summary: The Philippine Department of Transportation’s HRIS system has experienced a serious cybersecurity breach, compromising employee records and credentials. Hackers not only defaced the system but also criticized governmental cybersecurity policies, suggesting a lack of competence in protecting critical infrastructure. To date, there has been no response from the government regarding the breach, raising concerns about national cyber defense capabilities.…
Read More