Today > | 3 Medium | 2 Low vulnerabilities - You can now download lists of IOCs here!
6 attack reports | 0 vulnerabilities
The Cyber Anarchy Squad (C.A.S) is a hacktivist group targeting Russian and Belarusian organizations since 2022. They exploit vulnerabilities in public services and use free tools to inflict maximum damage. The group employs rare remote access Trojans like Revenge RAT and Spark RAT, alongside commo…
The Head Mare hacktivist group has escalated its campaign against Russian targets using the PhantomCore backdoor. The group employs deceptive ZIP archives containing malicious LNK files and executables disguised as archive files to deploy PhantomCore. This C++-compiled backdoor, which replaces earl…
The Termite ransomware, a rebranded version of Babuk, recently targeted supply chain management platform Blue Yonder. This new strain employs advanced tactics, including double extortion, to maximize its impact. Upon execution, it terminates services, deletes shadow copies, empties the recycle bin,…
The Crypt Ghouls group is targeting Russian businesses and government agencies with ransomware attacks. They utilize a toolkit including utilities like Mimikatz, XenAllPasswordPro, PingCastle, and others. The group employs LockBit 3.0 and Babuk ransomware as final payloads. Initial access is often …
The Dark Angels ransomware group, active since April 2022, operates with sophisticated strategies targeting large companies for substantial ransom demands. They focus on stealthy attacks, avoiding outsourcing to third-party brokers. The group uses various ransomware payloads, including Babuk and Re…
Head Mare is a hacktivist group targeting companies in Russia and Belarus since 2023. They use phishing campaigns exploiting the CVE-2023-38831 vulnerability in WinRAR for initial access. Their toolkit includes custom malware like PhantomDL and PhantomCore, as well as publicly available tools like …