From December 2023 to the present, QiAnXin Threat Intelligence Center observed that a ransomware written in rust language is very active on the Chinese Internet, and a large number of machines in China have been ransomed, with up to more than 20 victimized units only in the terminals of government and enterprises, which the researchers call Rast ransomware.
After a long time of tracking, QiAnXin Threat Intelligence Center have captured three versions of Rast ransomware, and the versions are still iterating. rast ransomware has a very special logic: after the ransomware is completed, it will upload the machine name and unique identifier of the local machine to the remote mysql database. Through reverse analysis the research team got the mysql database account password and statistics of victims in the database, and found that in just ten months more than 6,800 terminals were controlled.
Read more…
Source: QiAnXin Threat Intelligence Center
Related:
- Thousands of Facebook accounts stolen by phishing emails sent through Google
May 4, 2026
Researchers have uncovered a long-running phishing operation that abuses trusted Google services to hijack tens of thousands of Facebook accounts. The compromised Facebook accounts are mainly business and advertiser profiles, which criminals can monetize after gaining access and control. The attackers found a way to send phishing emails that come “through Google,” making them look legitimate ...
- Employees are now more dangerous to their company than external hackers
May 4, 2026
New data from Orange Cyberdefense has suggested the biggest risks companies face could now be coming from inside, with internal threats rising from 47% to 57% in the space of less than a year. For the first time ever, internal threats have become more common that external ones, with hacking remaining pretty steady at 31% of ...
- Hackers crawled Canadian streets with SMS blasters causing 13 million network disruptions
May 1, 2026
Authorities in Canada have disclosed details of a mobile cyber operation that relied on SMS blasters mounted inside vehicles moving through urban areas. Three suspects drove around downtown Toronto with these hidden devices running in their cars, impersonating cell towers. The Toronto Police Service confirmed that this marked the first operation of its kind ever recorded ...
- Pro-Iran crew turns DDoS into shakedown as Ubuntu com stays down
May 1, 2026
Canonical says its web infrastructure is under attack after a pro-Iran hacktivist group instructed its members to target the open source giant. “I can confirm that Canonical’s web infrastructure is under a sustained, cross-border Distributed Denial of Service (DDoS) attack” a Canonical spokesperson told The Register. “Our teams are working to restore full availability to all ...
- FBI: Hackers making millions from stolen cargo – losses ‘surged’ to nearly $725 million in 2025
May 1, 2026
The FBI has warned cybercriminals are increasingly targeting cargo shipments with hacking and impersonation tactics – and making a hefty profit doing so. With incidents rising 18% in 2025 and the average value per theft up around 36% (to $273,990) due to criminals targeting high-value goods, losses in the US and Canada alone hit around $725 ...
- ASD: Careful Adoption of Agentic AI Services
May 1, 2026
Agentic artificial intelligence (AI) systems increasingly operate across critical infrastructure and defence sectors and support mission-critical capabilities. As agentic AI systems play a growing operational role, it is crucial for defenders to implement security controls to protect national security and critical infrastructure from agentic AI-specific risks. Agentic AI can automate repetitive, well-defined and low-risk tasks. However, ...