The Federal Bureau of Investigation (FBI) and partners are releasing this joint advisory to disseminate known RansomHub ransomware IOCs and TTPs. These have been identified through FBI threat response activities and third-party reporting as recently as August 2024.
RansomHub is a ransomware-as-a-service variant—formerly known as Cyclops and Knight—that has established itself as an efficient and successful service model (recently attracting high-profile affiliates from other prominent variants such as LockBit and ALPHV). Since its inception in February 2024, RansomHub has encrypted and exfiltrated data from at least 210 victims representing the water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services, commercial facilities, critical manufacturing, transportation, and communications critical infrastructure sectors.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Cyberattack on Brazil tech provider affects reserve accounts of some financial institutions
July 2, 2025
Brazil’s central bank said on Wednesday that technology services provider C&M Software, which serves financial institutions lacking connectivity infrastructure, had reported a cyberattack on its systems. The bank did not provide further details of the attack, but said in a statement that it ordered C&M to shut down financial institutions’ access to the infrastructure it operates. ...
- Windows Shortcut (LNK) Malware Strategies
July 2, 2025
Attackers are increasingly exploiting Windows shortcut (LNK) files for malware delivery. Palo Alto Unit 42 telemetry revealed 21,098 malicious LNK samples in 2023, which surged to 68,392 in 2024. In this article, Unit 42 researchers present an in-depth investigation of LNK malware, based on analysis of 30,000 recent samples. Windows shortcut files use the .lnk file ...
- Google Releases Security Updates for Chrome
July 1, 2025
Google has released updates to Chrome stable channels to address a high severity vulnerability. CVE-2025-6554 is a “type confusion” vulnerability in the V8 JavaScript browser engine. An attacker could exploit this vulnerability to perform arbitrary read/write by convincing a user to visit a malicious HTML page. Google is aware that an exploit for CVE-2025-6554 exists in ...
- Iran-linked hackers threaten to release Trump aides’ emails
July 1, 2025
Iran-linked hackers have threatened to disclose more emails stolen from U.S. President Donald Trump’s circle, after distributing a prior batch to the media ahead of the 2024 U.S. election. In online chats with Reuters on Sunday and Monday, the hackers, who go by the pseudonym Robert, said they had roughly 100 gigabytes of emails from the ...
- FBI: Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest
June 30, 2025
The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Security Agency (NSA) (hereafter referred to as the authoring agencies) strongly urge organizations to remain vigilant for potential targeted cyber activity against U.S. critical infrastructure and other U.S. entities by Iranian-affiliated cyber ...
- International Criminal Court hit with cyber security attack
June 30, 2025
The International Criminal Court has been targeted by a “sophisticated” cyberattack and is taking measures to limit any damage, the global tribunal announced Monday. The ICC, which also was hit by a cyberattack in 2023, said the latest incident had been contained but did not elaborate further on the impact or possible motive. “A Court-wide impact ...