The sale and purchase of unauthorized access to compromised enterprise networks has become a linchpin for cybercriminal operations, particularly in facilitating ransomware attacks.
Underground forums are sharing guidelines on breaching networks and selling the access they obtain, leaving the exploitation to other malicious actors. On underground criminal forums, these transactions allow actors with complementary skills to collaborate, amplifying the impact and reach of cyberattacks. The market for such access has grown notably, especially as ransomware operators increasingly employ double-extortion tactics.
Read more…
Source: Rapid7
Related:
- From cheats to exploits: Webrat spreading via GitHub
December 23, 2025
In early 2025, security researchers uncovered a new malware family named Webrat. Initially, the Trojan targeted regular users by disguising itself as cheats for popular games like Rust, Counter-Strike, and Roblox, or as cracked software. In September, the attackers decided to widen their net: alongside gamers and users of pirated software, they are now targeting inexperienced ...
- Hacktivists claim near-total Spotify music scrape
December 23, 2025
Anna’s Archive claims it obtained metadata for around 256 million tracks and audio files for roughly 86 million songs, totaling close to 300 TB. Reportedly, this represents about 99.9% of Spotify’s catalog and roughly 99.6% of all streams. Spotify says it has “identified and disabled the nefarious user accounts that engaged in unlawful scraping” and implemented ...
- France’s postal and banking services disrupted by suspected DDoS attack
December 23, 2025
France’s national postal and banking services were knocked offline by a suspected distributed denial-of-service (DDoS) attack on Monday, according to an announcement by La Poste. The postal service called the attack “a major network incident” that was disrupting “all of our information systems.” La Poste’s online mail and banking services, website, and mobile app are among ...
- North Korea-backed hackers launch newly detected cyberattack using HWP object linking and embedding code
December 22, 2025
A North Korea-linked cyber hacking group appears to have launched a new cyberattack campaign, code-named “Artemis,” that embeds malicious code inside computer files, a report showed Monday. The Genians Security Center (GSC), a South Korean cybersecurity institute, said in a report that it detected the operation believed to have been carried out by APT37, a Pyongyang-backed ...
- Romania: Around 1,000 systems compromised in ransomware attack on water agency
December 22, 2025
Romania’s cybersecurity agency confirms a major ransomware attack on the country’s water management administration has compromised around 1,000 systems, with work to remediate them still ongoing. Administrația Națională Apele Române (Romanian Waters) says its geographical information system applications servers, database servers, Windows workstations, Windows Servers, email and web servers, and domain name servers are all affected. ...
- Hackers hijacking WhatsApp accounts without any need to crack the authentication
December 21, 2025
Security researchers are warning WhatsApp users about a growing account hijacking technique that does not rely on breaking passwords or bypassing encryption. Attackers exploit WhatsApp’s legitimate device-linking feature to quietly attach their own browser to a victim’s account. Once linked, the attacker can read messages in real time, download shared media, and send messages that appear ...