News • Insights • Analysis
The Ministry of Defence is investigating claims that Russian hackers have stolen hundreds of sensitive military documents and published them on the dark web. The files hold details of eight RAF and Royal Navy bases as well as Ministry of Read More …
The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate Indicators of Compromise (IOCs) associated with recent malicious cyber activities by cyber criminal groups UNC6040 and UNC6395, responsible for a rising number of data theft and extortion intrusions. Read More …
Microsoft Threat Intelligence has observed financially motivated threat actor Storm-0501 continuously evolving their campaigns to achieve sharpened focus on cloud-based tactics, techniques, and procedures (TTPs). While the threat actor has been known for targeting hybrid cloud environments, their primary objective Read More …
Organizations continue to grapple with increasingly complex cyberthreats, as ransomware groups rapidly evolve their tactics. In a recent attack wave, the Warlock ransomware group exploited internet-exposed, unpatched on-premise Microsoft SharePoint servers, abusing newly discovered vulnerabilities to gain initial access to Read More …
Scattered Spider (also known as, UNC3944, Scatter Swine, Oktapus, Octo Tempest, Storm-0875, and Muddled Libra) engages in data extortion and several other criminal activities. Scattered Spider threat actors use multiple social engineering techniques—including push bombing—and subscriber identity module (SIM) swap Read More …
Unit 42 has tracked and responded to several waves of intrusion operations conducted by the cybercrime group we track as Muddled Libra (aka Scattered Spider, UNC3944) across different sectors in recent months. This article contains observations on Muddled Libra thus Read More …
Q2 2025 features many of the threat actors Rapid7 observed in Q1, with the top four leak site post groups quite a ways out in front of the rest. Qilin leads the pack by some distance, with SafePay and Akira Read More …
Between 14 and 17 July, a joint international operation, known as Eastwood and coordinated by Europol and Eurojust, targeted the cybercrime network NoName057(16). Law enforcement and judicial authorities from Czechia, France, Finland, Germany, Italy, Lithuania, Poland, Spain, Sweden, Switzerland, the Read More …
Unit 42 researchers uncovered a campaign by an initial access broker (IAB) to exploit leaked Machine Keys — cryptographic keys used on ASP.NET sites — to gain access to targeted organizations. IABs breach organizations and then sell that access to Read More …
The FBI and cybersecurity firms are warning that the prolific hacking group known as Scattered Spider is now targeting airlines and the transportation sector. In a brief statement on Friday shared with TechCrunch, the FBI said it had “recently observed” Read More …