Latest TrickBot cyber-gang activity
TrickBot operations update: infrastructure rebuilds, module evolution, partnership with ransomware affiliates and detection signals across recent campaigns.
Tag
ransomware
Read the analysis
FIN12: threat against Hospitals and Healthcare
FIN12 financially-motivated actor targeting healthcare: short dwell time, ransomware deployment patterns and operational priorities for hospital security teams.
Backdoor inside REvil Ransomware
Backdoor discovered inside the REvil ransomware affiliate build: developer access to victim payments, affiliate-trust implications and underground reactions.
REvil infrastructure back online
REvil ransomware infrastructure resurfaces after the July 2021 shutdown: leak site, payment portal status and tracking signals for the rebuilt operation.
Babuk ransomware source code leaked
Babuk ransomware source code leak: implications for clone development, copycat groups, detection-engineering opportunities and downstream variant tracking.
Atera software abused as a backdoor during Cyber-Attack
Threat actors weaponising Atera RMM agent for unauthorised remote access: living-off-the-land patterns, telemetry signals and post-compromise operator behaviour.
