From December 2023 to the present, QiAnXin Threat Intelligence Center observed that a ransomware written in rust language is very active on the Chinese Internet, and a large number of machines in China have been ransomed, with up to more than 20 victimized units only in the terminals of government and enterprises, which the researchers call Rast ransomware.
After a long time of tracking, QiAnXin Threat Intelligence Center have captured three versions of Rast ransomware, and the versions are still iterating. rast ransomware has a very special logic: after the ransomware is completed, it will upload the machine name and unique identifier of the local machine to the remote mysql database. Through reverse analysis the research team got the mysql database account password and statistics of victims in the database, and found that in just ten months more than 6,800 terminals were controlled.
Read more…
Source: QiAnXin Threat Intelligence Center
Related:
- Millions possibly affected by data breach at dermatology giant QualDerm
March 25, 2026
Dermatology management services giant QualDerm suffered a cyberattack in late 2025 which saw it lose sensitive personal and healthcare data on more than three million people. The company is now notifying affected individuals by mail, noting in a breach notification letter that between December 23 and 24, 2025, a threat actor managed to access “a limited ...
- AI Drives Cyber Attacks That Unfold in Minutes
March 24, 2026
Artificial intelligence is speeding up timelines for cyber attacks, a new report has found, creating what the authors call a widening “cybersecurity speed gap” between bad actors and defense efforts. The report from Booz Allen Hamilton, published this month, shows that cyber criminals are now moving from initial access to broader system compromise in less than ...
- Russian initial access broker who fed ransomware crews gets 81 months in US prison
March 24, 2026
A Russian national who sold the keys to corporate networks faces nearly seven years in a US prison after prosecutors tied his handiwork to a string of ransomware attacks costing victims millions of dollars. Aleksei Volkov, 26, was sentenced to 81 months behind bars for his role as an initial access broker, a behind-the-scenes operator who ...
- Google Authenticator: The Hidden Mechanisms of Passwordless Authentication
March 23, 2026
Passwordless authentication is often presented as the end of account takeover. But to understand the real threat landscape, we need to examine how passwordless is actually deployed in the real world. Attackers do not break protocols in theory. They target the most common implementations, the places where usability, scale and architecture intersect. Focusing on one of ...
- CVE-2026-3055: Citrix NetScaler ADC and NetScaler Gateway Out-of-Bounds Read
March 23, 2026
On March 23, 2026, Citrix published a security advisory for a critical vulnerability affecting their NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) products. This vulnerability, CVE-2026-3055, which is classified as an out-of-bounds read and holds a CVSS score of 9.3, allows unauthenticated remote attackers to leak potentially sensitive information from the appliance’s ...
- Phishing campaign abuses Microsoft Azure Monitor alerts
March 23, 2026
Microsoft Azure Monitor is the latest in the long line of legitimate tools being abused in phishing attacks. If you are used to getting notifications from this platform, be careful, as the emails are quite convincing and relatively difficult to spot. Microsoft Azure Monitor is a cloud-based service that collects and analyzes data from applications and ...