During a September 2025 incident response investigation, Unit 42 discovered a rogue virtual machine (VM) which they believe with high confidence to be used by the cybercrime group Muddled Libra (aka Scattered Spider, UNC3944).
The contents of this rogue VM and activity from the attack provide valuable insight into the operational playbook of this threat actor. Muddled Libra created the VM after the group successfully gained unauthorized access to the target’s VMware vSphere environment.
Read more…
Source: Palo Alto Unit 42
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Major telco breach sees 6.2 million users have personal info leaked
February 13, 2026
Dutch telecommunications company Odido has confirmed suffering a cyberattack and losing sensitive data on millions of people. In a notice published on its website, the company says it “deeply regrets” the situation and is “fully committed” to limiting its impact. “Based on investigation, the incident concerns personal data from a customer contact system used by Odido,” ...
- World Leaks Ransomware Group Adds Stealthy, Custom Malware ‘RustyRocket’ to Attacks
February 12, 2026
World Leaks, the cyber-criminal data extortion group which has targeted some of the world’s biggest companies, has added a novel, never-before-seen malware to their arsenal, research by Accenture Cybersecurity has revealed. Accenture has named the malware ‘RustyRocket’. It allows World Leaks to stealthily maintain persistence on networks and forms a key part of the extortion groups’ ...
- Apple patches zero-day flaw that could let attackers take control of devices
February 12, 2026
Apple has released security updates for iPhones, iPads, Macs, Apple Watches, Apple TVs, and Safari, fixing, in particular, a zero-day flaw that is actively exploited in targeted attacks. Exploiting this zero-day flaw would allow cybercriminals to run any code they want on the affected device, potentially installing spyware or backdoors without the owner noticing. Installing these ...
- Hacker warns victims after leaking 6.8 billion emails online
February 12, 2026
A hacker claims to have obtained, and leaked, 6.8 billion unique email addresses – and although the claims are unverified at this time, initial reports indicate at least half of those emails are real. Researchers at Cybernews recently found a new post on a popular data leak forum created by a hacker with the alias Adkka72424 ...
- ISA warns of increasing cyber attacks against Israeli officials
February 11, 2026
The ISA and the National Cyber Directorate announced on Wednesday that they thwarted hundreds of cyberattack attempts over the past year carried out by Iranian intelligence operatives. According to the agencies, the attacks targeted senior government and defense officials, academics, journalists, and employees in the defense industry. A joint statement said a marked escalation in hostile ...
- RenEngine: When “free” comes at too high a price
February 11, 2026
Kaspersky researchers often describe cases of malware distribution under the guise of game cheats and pirated software. Sometimes such methods are used to spread complex malware that employs advanced techniques and sophisticated infection chains. In February 2026, researchers from Howler Cell announced the discovery of a mass campaign distributing pirated games infected with a previously unknown ...