Tag: RAAS

Ransomware Groups Favor Repeatable Access Over Mass Exploits
Summary: Ransomware groups are evolving their tactics by focusing on targeting weak credentials rather than exploiting vulnerabilities, as highlighted in Travelers’ latest Cyber Threat Report. There was a noted surge in ransomware activity, particularly in Q4 2024, with a record number of victims. The report emphasizes the effectiveness of basic attack techniques, urging businesses to implement stronger security measures like multifactor authentication (MFA).…
Read More
⚡ THN Weekly Recap: New Attacks, Old Tricks, Bigger Impact
Summary: The evolving landscape of cyber threats raises critical concerns around cybersecurity resilience, particularly as state-sponsored groups and new ransomware tactics emerge. Notable events this week include charges against Chinese nationals for hacking and the dismantling of Garantex, a cryptocurrency exchange linked to money laundering. This edition explores the complexities of modern cyber threats and ongoing countermeasures by global law enforcement.…
Read More
‘Spearwing’ RaaS Group Ruffles Feathers in Cyber Threat Scene
Summary: The Medusa ransomware has emerged as a prominent tool for the threat group known as “Spearwing,” which has targeted nearly 400 victims since 2023. Their ransom demands can range from 0,000 to million, and they employ tactics such as double extortion to pressure victims. The group exploits unpatched vulnerabilities, particularly in Microsoft Exchange Servers, to gain access to networks and conduct attacks.…
Read More
US charges Garantex admins with money laundering, sanctions violations
Summary: The U.S. has charged Garantex crypto-exchange administrators with money laundering and violating sanctions, accusing them of laundering over billion since 2019 for criminal organizations. U.S. authorities have seized Garantex’s domains, servers, and frozen substantial funds linked to these illicit activities. The exchange has temporarily suspended operations following measures by Tether to block its digital wallets due to EU sanctions.…
Read More
Medusa Ransomware Attacks Increase
Summary: The Medusa ransomware has seen a significant rise in attacks, doubling in early 2025 compared to the previous year, according to Symantec. Utilizing a ransomware-as-a-service model, it targets various sectors globally while employing double-extortion tactics. With ransoms demanded between 0,000 and million, Medusa exploits vulnerabilities in systems like Microsoft Exchange and VMware ESXi.…
Read More
Medusa Ransomware Activity Continues to Increase
The article discusses the tools and tactics utilized by the Medusa ransomware group, Spearwing. It highlights various software and methods employed for data exfiltration, credential dumping, and maintaining persistence within victim networks. The consistency of their tactics suggests an organized operation, potentially indicating that Spearwing operates more as an individual group rather than a traditional Ransomware-as-a-Service (RaaS).…
Read More
Who are Hellcat Ransomware Group? | Bridewell
The Hellcat Ransomware Group is a newly identified Ransomware-as-a-Service (RaaS) threat group, recognized for targeting various organizations, especially in telecommunications and government sectors. Their operations reveal sophisticated tactics, including phishing, exploitation of public-facing applications, and deployment of PowerShell for maintaining persistence. The group has shown strong ties with other ransomware actors and employs unique methods for data exfiltration.…
Read More
Emulating the Relentless RansomHub Ransomware
RansomHub is a newly emerged Ransomware-as-a-Service (RaaS) operation targeting organizations globally, implementing a double-extortion model that encrypts and steals sensitive data. The encryptor, encoded in C++ or Go, presents challenges for security analysis due to its password requirement for execution. Potential links to previous ransomware groups like Knight and BlackCat/ALPHV are noted.…
Read More
Ransomware Builds Against Saudi Construction Firms
Summary: A ransomware attack by the DragonForce group has targeted Saudi construction firm Al Bawani, stealing approximately 6TB of sensitive data and highlighting increased cyber threats in the region. The attack underscores a concerning trend in which construction and real estate sectors are increasingly being targeted by cybercriminals, fueled by the proliferation of ransomware-as-a-service (RaaS) models.…
Read More
The New Ransomware Groups Shaking Up 2025
Summary: In 2024, global ransomware attacks surged to 5,414 incidents, marking an 11% increase from the previous year, with a notable spike in attacks during Q2 and Q4. The emergence of 46 new ransomware groups, especially RansomHub, has significantly transformed the ransomware landscape, with these groups adopting aggressive strategies and collaborations.…
Read More
Threat Context Monthly: Executive Intelligence Briefing for February 2025 – Black Basta, & M_A_G_A
This article highlights the recent activities of the Black Basta ransomware group, focusing on their internal operations and significant data leaks. Furthermore, it discusses another threat actor, M_A_G_A, who is engaged in distributing malware. The insights provided shed light on the evolving tactics and techniques employed by these cybercriminals.…
Read More

Victim: EQLOGISTICS.US Country : US Actor: clop Source: Discovered: 2025-02-27 17:53:52.014281 Published: 2025-02-27 17:53:47.666713 Description :Professional logistics company based in the United States Specializes in supply chain management Offers integrated warehousing and transportation services Services are scalable and customizable based on customer needs Aims to enhance customer efficiency and reduce costs Minimizes potential risks linked to logistics Operations reach global markets Notable player in the logistics industry

About Country: United States

– Cybersecurity Landscape: The US has a robust cybersecurity framework with multiple agencies, including CISA (Cybersecurity and Infrastructure Security Agency) and FBI focusing on safeguarding national infrastructure and responding to cyber threats.…

Read More

Victim: EMSON.COM Country : US Actor: clop Source: Discovered: 2025-02-27 17:54:20.985965 Published: 2025-02-27 17:54:14.478656 Description :EMSON.COM, formally E. Mishan and Sons, Inc., based in New York. Founded in 1946, with a focus on the direct response industry. Specializes in importing, marketing, and distributing consumer products.…
Read More

Victim: EZUPPRO.COM Country : US Actor: clop Source: Discovered: 2025-02-27 17:56:45.918790 Published: 2025-02-27 17:56:40.105678 Description :EZUPPRO.COM specializes in instant portable shelters. Product offerings include canopies, tents, and accessories. Catering to various events such as business trade shows, outdoor events, and home parties. Focus on durability, portability, and easy setup of products.…
Read More
Securonix Threat Labs Monthly Intelligence Insights – January 2025
The Monthly Intelligence Insights report for November 2024 by Securonix Threat Labs highlights critical cybersecurity threats, incidents, and responses, including notable breaches involving Cyberhaven and the exploitation of Ivanti vulnerabilities. Organizations are urged to enhance their security measures, such as updating software and implementing more vigilant monitoring systems.…
Read More

Victim: GOURMETTRADING.NET Country : US Actor: clop Source: Discovered: 2025-02-27 18:05:59.753085 Published: 2025-02-27 18:05:54.949706 Description :Gourmet Trading Company is based in California. The company was established in 1982. It is a global supplier and distributor of fresh produce. Specializes in supplying asparagus and blueberries, among other fruits and vegetables.…
Read More