The Federal Bureau of Investigation (FBI) and partners are releasing this joint advisory to disseminate known RansomHub ransomware IOCs and TTPs. These have been identified through FBI threat response activities and third-party reporting as recently as August 2024.
RansomHub is a ransomware-as-a-service variant—formerly known as Cyclops and Knight—that has established itself as an efficient and successful service model (recently attracting high-profile affiliates from other prominent variants such as LockBit and ALPHV). Since its inception in February 2024, RansomHub has encrypted and exfiltrated data from at least 210 victims representing the water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services, commercial facilities, critical manufacturing, transportation, and communications critical infrastructure sectors.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Disrupted phishing service was after Microsoft 365 credentials
September 18, 2025
Microsoft and Cloudflare have disrupted a Phishing-as-a-Service operation, known as RaccoonO365. The primary goal of RaccoonO365 (or Storm-2246 as Microsoft calls it) was to rent out a phishing toolkit that specialized in stealing Microsoft 365 credentials. They were successful in at least 5,000 cases, spanning 94 countries since July 2024. The operation provided the cybercriminals’ customers ...
- Node Package Manager Supply Chain Attack
September 18, 2025
On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer. With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has ...
- UK: Two teenagers charged over Transport for London cyber attack
September 18, 2025
Two teenagers have been charged in connection with a massive cyber attack which caused Transport for London (TfL) months of disruption. The National Crime Agency (NCA) says it believes the hack – which began on 31 August last year – was carried out by members of the cyber-criminal group, Scattered Spider. Thalha Jubair, 19, from east ...
- Google Releases Security Update for Chrome
September 18, 2025
Google has released version 140.0.7339.185/.186 for Chrome for Windows and Mac and 140.0.7339.185 for Chrome for Linux, which will roll out over the coming days/weeks. The updates address four high severity vulnerabilities, including CVE-2025-10585, which has an exploit in the wild. CVE-2025-10585 – Type Confusion in V8 – High severity CVE-2025-10500 – Use after free in Dawn ...
- “Shai-Hulud” Worm Compromises npm Ecosystem in Supply Chain Attack
September 17, 2025
Palo Alto Networks Unit 42 is investigating an active and widespread software supply chain attack targeting the Node Package Manager (npm) ecosystem. A novel, self-replicating worm, which is currently being tracked as “Shai-Hulud,” is responsible for the compromise of over 180 software packages. This attack represents a significant evolution in supply chain threats, leveraging automated propagation ...
- Samsung patches zero-day security flaw used to hack into its customers’ phones
September 16, 2025
Samsung says it has fixed a zero-day security vulnerability that is being used to hack into its customers’ phones. The phone maker said the security flaw, discovered in a software library for displaying images on Samsung devices, allows hackers to remotely plant malicious code on Samsung devices running Android 13 through the most recent version, Android ...