DeadLock is a ransomware family discovered in July 2025. It is notable for not being associated with any known affiliate programs and for lacking a Data Leak Site (DLS). This, combined with the limited number of reported victims, has resulted in low exposure for the group. However, Group-IB specialists have discovered an interesting use of Polygon smart contracts for proxy server address rotation or distribution.
This finding warrants public attention, especially since the abuse of this specific blockchain for malicious purposes has not been widely reported. In addition, the recent discovery of similar techniques show that the abuse of smart contracts for malicious purposes could become an emerging trend.
Read more…
Source: Group IB
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Thailand: House of Representatives’ Website Hacked, Cyber Attack Investigation Underway
October 16, 2023
The House of Representatives’ website fell victim to a cyber attack on Sunday, October 15, 2023. The hackers, who go by the name 3MUSKETEERZ, managed to breach the website’s security and display a picture of a troll in the photo journal section. Additionally, the perpetrators altered the press releases and committee schedules featured on the site. ...
- Understanding DNS Tunneling Traffic in the Wild
October 13, 2023
Palo Alto Unit 42 researchers present a study on why and how domain name system (DNS) tunneling techniques are used in the wild. Motivated by their findings, they present a system to automatically attribute tunneling domains to tools and campaigns. Attackers adopt DNS tunneling techniques to bypass security policies in enterprise networks because most enterprises ...
- curl SOCKS5 heap overflow vulnerability
October 13, 2023
Client URL, or curl, and its library version libcurl are one of the most popular and integrated command line tools for data transfer. They support a wide range of protocols such as HTTP, HTTPS, SMTP and FTP and enable the user to make requests to a URL while handling all standard components of requests such ...
- Cyber attack targets Medical Aid for Palestinians’ website amid Israel-Hamas conflict
October 13, 2023
In the midst of the ongoing conflict between Israel and Hamas, the Medical Aid for Palestinians organisation has reported a cyber attack on their website, which has disrupted their relief efforts for Gaza. They have also issued a warning that their website may go offline due to these disruptions. Taking to X (formerly Twitter), they posted ...
- Update now! Atlassian Confluence vulnerability is being actively exploited
October 12, 2023
Microsoft Threat Intelligence has revealed that it has been tracking the active exploitation of a vulnerability in Atlassian Confluence software since September 14, 2023. At the time the attacks were first observed the vulnerability was a zero-day, meaning that no update was available, so defenders had “zero days” to patch the flaw. The vulnerability has since ...
- Akira ransomware overview
October 12, 2023
Akira is a relatively new ransomware variant with Windows and Linux versions that came out in April 2023. Like many attackers, the gang behind this variant only uses the ransomware to encrypt files after first breaking into a network and stealing data. This group also employs a double extortion tactic, demanding a ransom from victims ...

