Threat Actors
Explore detailed profiles of cyber threat actors — from state-sponsored groups to independent hacker collectives — including their motives, methods, and operations.
-
U.S. Prosecutors Indict Cybersecurity Insiders Accused of BlackCat Ransomware Attacks
Federal prosecutors in the United States have indicted three individuals, including cybersecurity professionals, for allegedly hacking into the networks of five U.S. companies using BlackCat (also known as ALPHV) ransomware…
·
·
1–2 minutes -
U.S. Prosecutors Indict Three in BlackCat Ransomware Scheme
Federal prosecutors in the United States have indicted three individuals for allegedly operating as part of a BlackCat (ALPHV) ransomware operation, targeting five U.S. companies and extorting significant sums.
·
·
1–2 minutes -
Microsoft Discloses “SesameOp” Backdoor Abusing OpenAI API for Stealthy Command and Control
Microsoft has identified a novel backdoor, designated “SesameOp,” that employs OpenAI’s Assistants API for its command-and-control (C2) infrastructure. This technique allows threat actors to stealthily manage compromised systems and orchestrate…
·
·
2–3 minutes -
SleepyDuck Malware Evolves with Ethereum C2 Resilience
A new sophisticated remote access trojan, dubbed “SleepyDuck,” has been discovered in the Open VSX registry, a marketplace for IDE extensions. Initially published as a benign extension on October 31,…
·
·
1–2 minutes -
Malicious VSX Extension “SleepyDuck” Leverages Ethereum for Command and Control
A malicious VSX extension dubbed “SleepyDuck” has been discovered in the Open VSX registry, utilizing the Ethereum blockchain for its command and control (C2) infrastructure. Initially distributed as a legitimate…
·
·
2–3 minutes -
Remote Monitoring Tools Weaponized in Escalating Cargo Freight Hijacks
Threat actors are increasingly weaponizing legitimate remote monitoring and management (RMM) tools to hijack cargo freight, leading to significant disruptions in global supply chains. This sophisticated cyber-physical attack strategy involves…
·
·
2–4 minutes -
Alleged Jabber Zeus Coder ‘MrICQ’ Extradited to U.S.
Yuriy Igorevich Rybtsov, known online as “MrICQ” and an alleged developer for the Jabber Zeus cybercrime group, has been arrested in Italy and extradited to the United States. He faces…
·
·
3–4 minutes -
North Korean APT Utilizes AI Deepfakes in Remote Job Interview Infiltrations
North Korean state-sponsored hackers, identified as the Famous Chollima APT group, are employing real-time AI-powered facial filters during video job interviews to conceal their identities, targeting cryptocurrency and Web3 companies.
·
·
2–3 minutes -
Hezi Rash Emerges as New Kurdish Hacktivist Force, Linked to 350 DDoS Attacks
A new hacktivist collective, Hezi Rash, has rapidly become active, executing approximately 350 Distributed Denial-of-Service (DDoS) attacks within two months. Identifying as a ‘Kurdish national team,’ the group targets nations…
·
·
2–3 minutes -
APT28 Targets Financial Sector with New Carbanak Spear-Phishing Campaign
A recent spear-phishing campaign by APT28 (Fancy Bear) has targeted financial services, employing new social engineering tactics and a custom Carbanak malware variant. Cybersecurity Firm X reports that the campaign…
·
·
1–2 minutes
