Tag: RAAS

New Ransomware Operator Exploits Fortinet Vulnerability Duo
Forescout Research has identified a new ransomware strain, dubbed SuperBlack, linked to the threat actor “Mora_001”, exploiting vulnerabilities in Fortinet devices. This threat actor is connected to the LockBit ransomware ecosystem and demonstrates sophisticated tactics including rapid ransomware deployment, user account creation across victim networks, and the use of modified LockBit tools.…
Read More
Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates
Summary: The Medusa ransomware operation employs a malicious driver, ABYSSWORKER, in a BYOVD attack to disable anti-malware tools. This driver uses stolen certificates to pose as a legitimate system driver, allowing it to bypass security measures and enable detailed control over the attacker’s actions. Additionally, a new backdoor called Betruger has been associated with RansomHub, enhancing their ransomware’s capabilities without relying solely on traditional encrypting payloads.…
Read More
Leaked Black Basta Chats Suggest Russian Officials Aided Leader’s Escape from Armenia
Summary: Recent leaks of chat logs from the Black Basta ransomware group suggest possible ties to Russian authorities. The messages reveal insights into their operations, use of AI for malicious purposes, and development of new cybercrime tools, including a brute-forcing framework aimed at corporate networks. These findings complicate efforts for Black Basta to distance itself from past activities following internal and external pressures.…
Read More
Medusa Ransomware Hits Record Levels, FBI and CISA Provide Key Security Insights
The FBI and CISA have issued an advisory regarding the Medusa ransomware group, which has been increasingly active in 2025. The group has moved well beyond its previous year’s attack levels, particularly focusing on critical infrastructure sectors. This advisory details the group’s tactics, available indicators of compromise, and highlights the potential risks involved.…
Read More
SocGholish’s Intrusion Techniques Facilitate Distribution of RansomHub Ransomware
Trend Research’s analysis of SocGholish’s MaaS framework highlights its critical role in delivering RansomHub ransomware via compromised websites. Utilizing highly obfuscated JavaScript loaders, SocGholish evades detection and successfully executes malicious tasks. Notably, the framework propels initial access for ransomware attacks, mainly affecting government entities in the United States.…
Read More
Response to CISA Advisory (AA25-071A): #StopRansomware: Medusa Ransomware
This article discusses a cybersecurity advisory released on March 12, 2025, by the FBI, CISA, and MS-ISAC regarding the Medusa ransomware, detailing its methods, impacts, and tactics used. Medusa is a Ransomware-as-a-Service operation that targets Windows environments and has affected over 300 victims. The advisory provides insights into its tactics, techniques, and procedures (TTPs) to help organizations bolster their security measures.…
Read More
HellCat Ransomware: Exposing the TTPs of a Rising Ransomware Threat in 2025
HellCat Ransomware is a significant cyber extortion group that emerged in 2024, using advanced phishing techniques and exploiting vulnerabilities to target organizations. Their operations focus on data exfiltration and aggressive ransom demands, often collaborating with the Morpheus group. This article analyzes their tactics, techniques, and procedures to better understand their threat.…
Read More
This advisory details the tactics, techniques, and procedures (TTPs) associated with the Medusa ransomware variant. Medusa, operating as a ransomware-as-a-service (RaaS), has affected over 300 victims across various critical infrastructure sectors since its inception in June 2021. The advisory provides insights into initial access methods, lateral movement tactics, and a double extortion model employed by Medusa actors.…
Read More
Garantex crypto exchange admin arrested while on vacation
Summary: Indian authorities arrested Aleksej Besciokov, co-founder of the Russian Garantex crypto-exchange, under extradition law while he was on vacation in Varkala. Besciokov and his co-founder face charges in the U.S. for facilitating money laundering and other criminal activities through their exchange. Garantex has been implicated in significant illegal financial activities, leading to its domains seizure and the freezing of over million in funds.…
Read More
Ransomware Groups Favor Repeatable Access Over Mass Exploits
Summary: Ransomware groups are evolving their tactics by focusing on targeting weak credentials rather than exploiting vulnerabilities, as highlighted in Travelers’ latest Cyber Threat Report. There was a noted surge in ransomware activity, particularly in Q4 2024, with a record number of victims. The report emphasizes the effectiveness of basic attack techniques, urging businesses to implement stronger security measures like multifactor authentication (MFA).…
Read More
⚡ THN Weekly Recap: New Attacks, Old Tricks, Bigger Impact
Summary: The evolving landscape of cyber threats raises critical concerns around cybersecurity resilience, particularly as state-sponsored groups and new ransomware tactics emerge. Notable events this week include charges against Chinese nationals for hacking and the dismantling of Garantex, a cryptocurrency exchange linked to money laundering. This edition explores the complexities of modern cyber threats and ongoing countermeasures by global law enforcement.…
Read More
‘Spearwing’ RaaS Group Ruffles Feathers in Cyber Threat Scene
Summary: The Medusa ransomware has emerged as a prominent tool for the threat group known as “Spearwing,” which has targeted nearly 400 victims since 2023. Their ransom demands can range from 0,000 to million, and they employ tactics such as double extortion to pressure victims. The group exploits unpatched vulnerabilities, particularly in Microsoft Exchange Servers, to gain access to networks and conduct attacks.…
Read More