The Federal Bureau of Investigation (FBI) and partners are releasing this joint advisory to disseminate known RansomHub ransomware IOCs and TTPs. These have been identified through FBI threat response activities and third-party reporting as recently as August 2024.
RansomHub is a ransomware-as-a-service variant—formerly known as Cyclops and Knight—that has established itself as an efficient and successful service model (recently attracting high-profile affiliates from other prominent variants such as LockBit and ALPHV). Since its inception in February 2024, RansomHub has encrypted and exfiltrated data from at least 210 victims representing the water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services, commercial facilities, critical manufacturing, transportation, and communications critical infrastructure sectors.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- CPU-Z, HWMonitor watering hole infection – a copy-pasted attack
April 10, 2026
On April 9, 2026, the website cpuidcom, hosting installers for popular system administration software CPU-Z, HWMonitor (HWMonitor Pro) and Perfmonitor 2, was compromised. Kaspersky researchers observed that starting from approximately April 9, 15:00 UTC, until about April 10, 10:00 UTC, the legitimate download URLs for installers of that software have been replaced with URLs to the ...
- ClickFix finds a new way to infect Macs
April 10, 2026
ClickFix campaigns are looking for alternatives now that many Mac users have been made aware of the dangers of pasting certain commands into Terminal. Researchers found that ClickFix has kept the same social engineering playbook but completely sidestepped Terminal by using the applescript:// URL scheme to auto‑open Script Editor with a ready‑to‑run script that pulls Atomic ...
- Hacker stole £700,000 from UK energy company by redirecting payment
April 9, 2026
British oil and gas company Zephyr Energy says someone stole £700,000 (close to $1 million) from one of its U.S.-based subsidiaries by redirecting a payment meant for a contractor into a hacker-controlled account. In a regulatory filing with the London Stock Exchange on Thursday, the company said it is “working with the corresponding banks and ...
- What Project Glasswing Means for Security Leaders
April 9, 2026
Anthropic’s Project Glasswing matters because it offers an early look at how quickly software flaws may soon be found, validated, and potentially turned into viable attack paths, even if that capability is currently limited to a closed partner program. Anthropic says its restricted Claude Mythos Preview model has already identified thousands of high-severity vulnerabilities, including flaws ...
- Fake Windows support website delivers password-stealing malware
April 9, 2026
A fake Microsoft support website is tricking people into downloading what looks like a normal Windows update. Instead, it installs malware designed to steal passwords, payment details, and account access. Because the file looks legitimate and avoids detection, it can slip past both users and security tools. Malwarebytes Labs researchers spotted the campaign at microsoft-updatesupport, a ...
- Hackers steal and leak sensitive LAPD police documents
April 8, 2026
Cybercriminals have allegedly stolen a large amount of sensitive internal documents from the Los Angeles Police Department and leaked the data online. The stolen data included police officer personnel files, internal affairs investigations, and discovery documents that can include unredacted criminal complaints and personal information, such as witness names and medical data, according to the Los ...