Ursnif — 2 August 2021 campaign
Ursnif campaign of 2 August 2021: Italian-language phishing waves, payload delivery patterns and host indicators across the latest infection set.
Blog · research & analysis
Latest analysis
Read the analysis
Ransomware Evolution and Group Reorganization
Over the past year, ransomware and cyberattacks have experienced exponential growth. In 2020, the FBI reported a 400% increase in cyberattacks—incidents that have not only become more frequent but also more precise, accurate, and methodical. Below is an examination of the reorganization of several prominent criminal groups. BlackMatter A new ransomware gang named BlackMatter is … Read more
MedusaLocker ransomware
MedusaLocker ransomware family: encryption logic, file extension behaviour, network spread mechanics and operator profile inside the affiliate ecosystem.
New Malspam campaign deploying FickerStealer Malware
FickerStealer malspam wave: lure templates, document-based delivery, info-stealing capabilities and host-level indicators for endpoint detection.
LokiBot campaign — update of 26 July 2021
LokiBot campaign update: lure templates, payload delivery patterns, info-stealer capabilities and indicators across the latest waves observed in July 2021.
The most trending vulnerabilities among Cybercriminals
CVEs most actively exploited by criminal groups: targeting trends, time-to-exploit metrics and prioritisation guidance for vulnerability management programmes.
China APT: LuminousMoth
LuminousMoth: China-aligned APT operations against Southeast Asian government and telecom targets, USB-based propagation, custom backdoors and infrastructure overlaps.
New ransomware threat against ESXi Linux servers: HelloKitty
HelloKitty ransomware variant targeting VMware ESXi Linux hypervisors: encryption of virtual machine files, hypervisor-level impact and detection considerations.
REvil Kaseya — sample analysis
Technical analysis of the REvil ransomware sample dropped through the Kaseya VSA supply-chain compromise: code structure, encryption logic, and supply-chain risk lessons.
