DeadLock is a ransomware family discovered in July 2025. It is notable for not being associated with any known affiliate programs and for lacking a Data Leak Site (DLS). This, combined with the limited number of reported victims, has resulted in low exposure for the group. However, Group-IB specialists have discovered an interesting use of Polygon smart contracts for proxy server address rotation or distribution.
This finding warrants public attention, especially since the abuse of this specific blockchain for malicious purposes has not been widely reported. In addition, the recent discovery of similar techniques show that the abuse of smart contracts for malicious purposes could become an emerging trend.
Read more…
Source: Group IB
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- CISA catalog passes 1,000 known-to-be-exploited vulnerabilities. Celebration time, or is it?
October 11, 2023
On September 18, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) announced that its Known Exploited Vulnerabilities (KEV) catalog has reached the milestone of covering more than 1,000 vulnerabilities since its launch in November 2021. This may seem like a lot, but with over 25,000 new vulnerabilities released in 2022 alone, it helps organizations to ...
- Assessed Cyber Structure and Alignments of North Korea in 2023
October 10, 2023
Historically Mandiant has made assessments on the Democratic People’s Republic of Korea’s (DPRK) cyber program based on Mandiant responses to intrusions, defector accounts, and OSINT reporting, in conjunction with government disclosures of DPRK units and motivation information. These assessments were generalizations and as new activity, such as cryptocurrency-focused units, emerged it blended the efforts from DPRK ...
- How it works: The novel HTTP/2 ‘Rapid Reset’ DDoS attack
October 10, 2023
A number of Google services and Cloud customers have been targeted with a novel HTTP/2-based DDoS attack which peaked in August. These attacks were significantly larger than any previously-reported Layer 7 attacks, with the largest attack surpassing 398 million requests per second. The attacks were largely stopped at the edge of our network by Google’s ...
- Grayling: Previously unseen threat actor targets multiple organizations in Taiwan
October 10, 2023
A previously unknown advanced persistent threat (APT) group used custom malware and multiple publicly available tools to target a number of organizations in the manufacturing, IT, and biomedical sectors in Taiwan. A government agency located in the Pacific Islands, as well as organizations in Vietnam and the U.S., also appear to have been hit as ...
- ‘Gay furry hackers’ brag of second NATO break-in, steal and leak more data
October 10, 2023
On Sunday, the SiegedSec crew claimed it broke into six NATO web portals: the alliance’s Joint Advanced Distributed Learning e-learning website; the NATO Lessons Learned Portal, from which the gang said it stole 331 documents; the Logistics Network Portal (588 documents and other files); the Communities of Interest Cooperation Portal; the NATO Investment Division Portal ...
- Survey finds more than 50% of German companies victim of cyberattacks
October 10, 2023
A multi-country survey by the British insurer Hiscox shows that security authorities around the world are struggling in the fight against cybercrime. According to the Hiscox comparison with selected countries, German businesses are relatively frequent targets of hackers. The latest edition of the annual comparison of eight countries shows 53% of the companies surveyed reported cyberattacks. According ...

