#ics — Public Fediverse posts

https://www.wacoca.com/life/401754/ 保険業界は「経済価値ベースのソルベンシー比率」導入で何が変わるのか？有識者3人が徹底討論、内部モデル活用に課題も【鼎談前編】 | ダイヤモンド保険ラボ | ダイヤモンド・オンライン #AIR #ALM #ESR #Hoken #IAIS #ICS #Insurance #キャピタスコンサルティング #保険 #保険資本基準 #明治大学 #松山直樹 #森本祐司 #植村信保 #福岡大学 #経済価値ベースのソルベンシー比率 #経済価値ベースのソルベンシー規制 #資産集約型再保険 #金利上昇 #金融危機 #金融庁

https://www.wacoca.com/life/401754/ 保険業界は「経済価値ベースのソルベンシー比率」導入で何が変わるのか？有識者3人が徹底討論、内部モデル活用に課題も【鼎談前編】 | ダイヤモンド保険ラボ | ダイヤモンド・オンライン #AIR #ALM #ESR #Hoken #IAIS #ICS #Insurance #キャピタスコンサルティング #保険 #保険資本基準 #明治大学 #松山直樹 #森本祐司 #植村信保 #福岡大学 #経済価値ベースのソルベンシー比率 #経済価値ベースのソルベンシー規制 #資産集約型再保険 #金利上昇 #金融危機 #金融庁

The Gentleman Ransomware | Defense Evasion TTPs Uncovered

In April and May 2026, investigations revealed two incidents involving The Gentlemen ransomware-as-a-service operation, which has claimed over 400 victims across 70 countries since mid-2025. Both incidents demonstrated common tactics including Scheduled Tasks, PowerShell commands, and defense evasion techniques such as clearing Security, System, and Application Event Logs, disabling Microsoft Defender, and adding antivirus exclusions. A leaked internal database in early May exposed the operation's infrastructure, affiliate structure, and targeting of vulnerabilities like CVE-2024-55591. The attacks showed threat actors using RDP connections, disguised executables, SOCKS proxy connections for persistence, and domain-wide deployment via NETLOGON shares. Despite attempts to evade detection, sufficient forensic telemetry remained for analysis, revealing workstation names previously associated with Qilin ransomware and Lazarus infrastructure.

Pulse ID: 6a0f8f34dd916c38a643df30
Pulse Link: https://otx.alienvault.com/pulse/6a0f8f34dd916c38a643df30
Pulse Author: AlienVault
Created: 2026-05-21 23:03:16

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #Lazarus #Microsoft #MicrosoftDefender #OTX #OpenThreatExchange #PowerShell #Proxy #RAT #RDP #RansomWare #RansomwareAsAService #bot #AlienVault

The Gentleman Ransomware | Defense Evasion TTPs Uncovered

In April and May 2026, investigations revealed two incidents involving The Gentlemen ransomware-as-a-service operation, which has claimed over 400 victims across 70 countries since mid-2025. Both incidents demonstrated common tactics including Scheduled Tasks, PowerShell commands, and defense evasion techniques such as clearing Security, System, and Application Event Logs, disabling Microsoft Defender, and adding antivirus exclusions. A leaked internal database in early May exposed the operation's infrastructure, affiliate structure, and targeting of vulnerabilities like CVE-2024-55591. The attacks showed threat actors using RDP connections, disguised executables, SOCKS proxy connections for persistence, and domain-wide deployment via NETLOGON shares. Despite attempts to evade detection, sufficient forensic telemetry remained for analysis, revealing workstation names previously associated with Qilin ransomware and Lazarus infrastructure.

Pulse ID: 6a0f8f34dd916c38a643df30
Pulse Link: https://otx.alienvault.com/pulse/6a0f8f34dd916c38a643df30
Pulse Author: AlienVault
Created: 2026-05-21 23:03:16

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #Lazarus #Microsoft #MicrosoftDefender #OTX #OpenThreatExchange #PowerShell #Proxy #RAT #RDP #RansomWare #RansomwareAsAService #bot #AlienVault

The Gentleman Ransomware | Defense Evasion TTPs Uncovered

In April and May 2026, investigations revealed two incidents involving The Gentlemen ransomware-as-a-service operation, which has claimed over 400 victims across 70 countries since mid-2025. Both incidents demonstrated common tactics including Scheduled Tasks, PowerShell commands, and defense evasion techniques such as clearing Security, System, and Application Event Logs, disabling Microsoft Defender, and adding antivirus exclusions. A leaked internal database in early May exposed the operation's infrastructure, affiliate structure, and targeting of vulnerabilities like CVE-2024-55591. The attacks showed threat actors using RDP connections, disguised executables, SOCKS proxy connections for persistence, and domain-wide deployment via NETLOGON shares. Despite attempts to evade detection, sufficient forensic telemetry remained for analysis, revealing workstation names previously associated with Qilin ransomware and Lazarus infrastructure.

Pulse ID: 6a0f8f34dd916c38a643df30
Pulse Link: https://otx.alienvault.com/pulse/6a0f8f34dd916c38a643df30
Pulse Author: AlienVault
Created: 2026-05-21 23:03:16

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #Lazarus #Microsoft #MicrosoftDefender #OTX #OpenThreatExchange #PowerShell #Proxy #RAT #RDP #RansomWare #RansomwareAsAService #bot #AlienVault

The Gentleman Ransomware | Defense Evasion TTPs Uncovered

In April and May 2026, investigations revealed two incidents involving The Gentlemen ransomware-as-a-service operation, which has claimed over 400 victims across 70 countries since mid-2025. Both incidents demonstrated common tactics including Scheduled Tasks, PowerShell commands, and defense evasion techniques such as clearing Security, System, and Application Event Logs, disabling Microsoft Defender, and adding antivirus exclusions. A leaked internal database in early May exposed the operation's infrastructure, affiliate structure, and targeting of vulnerabilities like CVE-2024-55591. The attacks showed threat actors using RDP connections, disguised executables, SOCKS proxy connections for persistence, and domain-wide deployment via NETLOGON shares. Despite attempts to evade detection, sufficient forensic telemetry remained for analysis, revealing workstation names previously associated with Qilin ransomware and Lazarus infrastructure.

Pulse ID: 6a0f8f34dd916c38a643df30
Pulse Link: https://otx.alienvault.com/pulse/6a0f8f34dd916c38a643df30
Pulse Author: AlienVault
Created: 2026-05-21 23:03:16

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #Lazarus #Microsoft #MicrosoftDefender #OTX #OpenThreatExchange #PowerShell #Proxy #RAT #RDP #RansomWare #RansomwareAsAService #bot #AlienVault

The Gentleman Ransomware | Defense Evasion TTPs Uncovered

In April and May 2026, investigations revealed two incidents involving The Gentlemen ransomware-as-a-service operation, which has claimed over 400 victims across 70 countries since mid-2025. Both incidents demonstrated common tactics including Scheduled Tasks, PowerShell commands, and defense evasion techniques such as clearing Security, System, and Application Event Logs, disabling Microsoft Defender, and adding antivirus exclusions. A leaked internal database in early May exposed the operation's infrastructure, affiliate structure, and targeting of vulnerabilities like CVE-2024-55591. The attacks showed threat actors using RDP connections, disguised executables, SOCKS proxy connections for persistence, and domain-wide deployment via NETLOGON shares. Despite attempts to evade detection, sufficient forensic telemetry remained for analysis, revealing workstation names previously associated with Qilin ransomware and Lazarus infrastructure.

Pulse ID: 6a0f8f34dd916c38a643df30
Pulse Link: https://otx.alienvault.com/pulse/6a0f8f34dd916c38a643df30
Pulse Author: AlienVault
Created: 2026-05-21 23:03:16

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #Lazarus #Microsoft #MicrosoftDefender #OTX #OpenThreatExchange #PowerShell #Proxy #RAT #RDP #RansomWare #RansomwareAsAService #bot #AlienVault

Our team at DomainTools Investigations (DTI) took a deep dive into the ZionSiphon malware sample(“SCADA_SecurityPatch_v8.4.exe”) that’s been circling in sandboxes since 2025.

Read our investigation here⬇️ http://dti.domaintools.com/research/threat-intelligence-report-zionsiphon
#Cybersecurity #ICS #Malware #InfoSec #DomainTools

Our team at DomainTools Investigations (DTI) took a deep dive into the ZionSiphon malware sample(“SCADA_SecurityPatch_v8.4.exe”) that’s been circling in sandboxes since 2025.

Read our investigation here⬇️ http://dti.domaintools.com/research/threat-intelligence-report-zionsiphon
#Cybersecurity #ICS #Malware #InfoSec #DomainTools

Our team at DomainTools Investigations (DTI) took a deep dive into the ZionSiphon malware sample(“SCADA_SecurityPatch_v8.4.exe”) that’s been circling in sandboxes since 2025.

Read our investigation here⬇️ http://dti.domaintools.com/research/threat-intelligence-report-zionsiphon
#Cybersecurity #ICS #Malware #InfoSec #DomainTools

Our team at DomainTools Investigations (DTI) took a deep dive into the ZionSiphon malware sample(“SCADA_SecurityPatch_v8.4.exe”) that’s been circling in sandboxes since 2025.

Read our investigation here⬇️ http://dti.domaintools.com/research/threat-intelligence-report-zionsiphon
#Cybersecurity #ICS #Malware #InfoSec #DomainTools

Our team at DomainTools Investigations (DTI) took a deep dive into the ZionSiphon malware sample(“SCADA_SecurityPatch_v8.4.exe”) that’s been circling in sandboxes since 2025.

Read our investigation here⬇️ http://dti.domaintools.com/research/threat-intelligence-report-zionsiphon
#Cybersecurity #ICS #Malware #InfoSec #DomainTools

The Evolution of ClickFix: From Cleartext to Server Side Polymorphism

The ClickFix campaign has evolved from basic disk-based infections to sophisticated, obfuscated attacks using fake CAPTCHA pages that trick victims into executing malicious PowerShell commands. Initial variants used cleartext commands downloading batch scripts to deploy DeerStealer InfoStealer. The campaign advanced to fileless execution using XOR encryption or Base64 compression, operating entirely in memory. The most dangerous evolution involves server-side polymorphism, where attacker infrastructure dynamically generates unique obfuscated payloads for each victim, delivering Vidar InfoStealer. Active since March 2026 with surging activity through May, the campaign utilizes approximately 4,500 live domains. Both XOR and Base64 variants execute payloads in memory, download executables from attacker infrastructure, and delete traces to evade forensics.

Pulse ID: 6a0d971608b49dfc89267777
Pulse Link: https://otx.alienvault.com/pulse/6a0d971608b49dfc89267777
Pulse Author: AlienVault
Created: 2026-05-20 11:12:22

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CAPTCHA #CyberSecurity #Encryption #ICS #InfoSec #InfoStealer #OTX #OpenThreatExchange #PowerShell #RAT #Vidar #bot #AlienVault

ASML, Tata Electronics Partner on India’s First 300-mm Fab

//php echo do_shortcode(‘[responsivevoice_button voice=”US English Male” buttontext=”Listen to Post”]’) ?> Netherlands-based Dutch lithography equipment maker ASML has signed a strategic partnership…
#Netherlands #Nederland #NL #Europe #Europa #EU #ASML #EUVlithography #fabequipment #ICs #semiconductors #wafercapacity #wafermanufacturing
https://www.europesays.com/netherlands/13296/

Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files

Pulse ID: 6a0ab6894e0fcb58e1a56bd0
Pulse Link: https://otx.alienvault.com/pulse/6a0ab6894e0fcb58e1a56bd0
Pulse Author: Tr1sa111
Created: 2026-05-18 06:49:45

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #OTX #OpenThreatExchange #RCE #bot #Tr1sa111

Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files

Pulse ID: 6a0ab6894e0fcb58e1a56bd0
Pulse Link: https://otx.alienvault.com/pulse/6a0ab6894e0fcb58e1a56bd0
Pulse Author: Tr1sa111
Created: 2026-05-18 06:49:45

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #OTX #OpenThreatExchange #RCE #bot #Tr1sa111

Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files

Pulse ID: 6a0ab6894e0fcb58e1a56bd0
Pulse Link: https://otx.alienvault.com/pulse/6a0ab6894e0fcb58e1a56bd0
Pulse Author: Tr1sa111
Created: 2026-05-18 06:49:45

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #OTX #OpenThreatExchange #RCE #bot #Tr1sa111

Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files

Pulse ID: 6a0ab6894e0fcb58e1a56bd0
Pulse Link: https://otx.alienvault.com/pulse/6a0ab6894e0fcb58e1a56bd0
Pulse Author: Tr1sa111
Created: 2026-05-18 06:49:45

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #OTX #OpenThreatExchange #RCE #bot #Tr1sa111

Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files

Pulse ID: 6a0ab6894e0fcb58e1a56bd0
Pulse Link: https://otx.alienvault.com/pulse/6a0ab6894e0fcb58e1a56bd0
Pulse Author: Tr1sa111
Created: 2026-05-18 06:49:45

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #OTX #OpenThreatExchange #RCE #bot #Tr1sa111

Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files

Pulse ID: 6a0ab6942ce25e7ca5b9ed54
Pulse Link: https://otx.alienvault.com/pulse/6a0ab6942ce25e7ca5b9ed54
Pulse Author: Tr1sa111
Created: 2026-05-18 06:49:56

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #OTX #OpenThreatExchange #RCE #bot #Tr1sa111

Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files

Pulse ID: 6a0ab6942ce25e7ca5b9ed54
Pulse Link: https://otx.alienvault.com/pulse/6a0ab6942ce25e7ca5b9ed54
Pulse Author: Tr1sa111
Created: 2026-05-18 06:49:56

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #OTX #OpenThreatExchange #RCE #bot #Tr1sa111

Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files

Pulse ID: 6a0ab6942ce25e7ca5b9ed54
Pulse Link: https://otx.alienvault.com/pulse/6a0ab6942ce25e7ca5b9ed54
Pulse Author: Tr1sa111
Created: 2026-05-18 06:49:56

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #OTX #OpenThreatExchange #RCE #bot #Tr1sa111

Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files

Pulse ID: 6a0ab6942ce25e7ca5b9ed54
Pulse Link: https://otx.alienvault.com/pulse/6a0ab6942ce25e7ca5b9ed54
Pulse Author: Tr1sa111
Created: 2026-05-18 06:49:56

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #OTX #OpenThreatExchange #RCE #bot #Tr1sa111

Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files

Pulse ID: 6a0ab6942ce25e7ca5b9ed54
Pulse Link: https://otx.alienvault.com/pulse/6a0ab6942ce25e7ca5b9ed54
Pulse Author: Tr1sa111
Created: 2026-05-18 06:49:56

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #OTX #OpenThreatExchange #RCE #bot #Tr1sa111

Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files

Pulse ID: 6a0ab698394234e08ec70977
Pulse Link: https://otx.alienvault.com/pulse/6a0ab698394234e08ec70977
Pulse Author: Tr1sa111
Created: 2026-05-18 06:50:00

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #OTX #OpenThreatExchange #RCE #bot #Tr1sa111

Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files

Pulse ID: 6a0ab698394234e08ec70977
Pulse Link: https://otx.alienvault.com/pulse/6a0ab698394234e08ec70977
Pulse Author: Tr1sa111
Created: 2026-05-18 06:50:00

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #OTX #OpenThreatExchange #RCE #bot #Tr1sa111

Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files

Pulse ID: 6a0ab698394234e08ec70977
Pulse Link: https://otx.alienvault.com/pulse/6a0ab698394234e08ec70977
Pulse Author: Tr1sa111
Created: 2026-05-18 06:50:00

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #OTX #OpenThreatExchange #RCE #bot #Tr1sa111

Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files

Pulse ID: 6a0ab698394234e08ec70977
Pulse Link: https://otx.alienvault.com/pulse/6a0ab698394234e08ec70977
Pulse Author: Tr1sa111
Created: 2026-05-18 06:50:00

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #OTX #OpenThreatExchange #RCE #bot #Tr1sa111

Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files

Pulse ID: 6a0ab698394234e08ec70977
Pulse Link: https://otx.alienvault.com/pulse/6a0ab698394234e08ec70977
Pulse Author: Tr1sa111
Created: 2026-05-18 06:50:00

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #OTX #OpenThreatExchange #RCE #bot #Tr1sa111

Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files

This analysis examines new obfuscation techniques employed by Gremlin stealer malware to conceal malicious payloads within embedded resources. A variant protected by sophisticated commercial packing utility uses instruction virtualization, transforming code into custom bytecode executed by a private virtual machine. The malware siphons sensitive information including payment card details, browser cookies, session tokens, cryptocurrency wallet data, and FTP/VPN credentials from compromised systems. It exfiltrates data to attacker-controlled servers at hxxp[:]194.87.92[.]109 for potential publication or sale. Recent iterations incorporate expanded Discord token extraction, active financial fraud through crypto clipper functionality that replaces cryptocurrency wallet addresses in real-time, and WebSocket-based session hijacking to bypass modern cookie protections. The malware employs advanced anti-analysis techniques including XOR-encoded payloads in .NET resource sections, identifier renaming, string encryp...

Pulse ID: 6a073a73501adf1f890b1a5e
Pulse Link: https://otx.alienvault.com/pulse/6a073a73501adf1f890b1a5e
Pulse Author: AlienVault
Created: 2026-05-15 15:23:31

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Cookies #CyberSecurity #Discord #FinancialFraud #ICS #InfoSec #Mac #Malware #NET #OTX #OpenThreatExchange #RAT #RCE #Troll #VPN #bot #cryptocurrency #AlienVault

Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files

This analysis examines new obfuscation techniques employed by Gremlin stealer malware to conceal malicious payloads within embedded resources. A variant protected by sophisticated commercial packing utility uses instruction virtualization, transforming code into custom bytecode executed by a private virtual machine. The malware siphons sensitive information including payment card details, browser cookies, session tokens, cryptocurrency wallet data, and FTP/VPN credentials from compromised systems. It exfiltrates data to attacker-controlled servers at hxxp[:]194.87.92[.]109 for potential publication or sale. Recent iterations incorporate expanded Discord token extraction, active financial fraud through crypto clipper functionality that replaces cryptocurrency wallet addresses in real-time, and WebSocket-based session hijacking to bypass modern cookie protections. The malware employs advanced anti-analysis techniques including XOR-encoded payloads in .NET resource sections, identifier renaming, string encryp...

Pulse ID: 6a073a73501adf1f890b1a5e
Pulse Link: https://otx.alienvault.com/pulse/6a073a73501adf1f890b1a5e
Pulse Author: AlienVault
Created: 2026-05-15 15:23:31

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Cookies #CyberSecurity #Discord #FinancialFraud #ICS #InfoSec #Mac #Malware #NET #OTX #OpenThreatExchange #RAT #RCE #Troll #VPN #bot #cryptocurrency #AlienVault

Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files

This analysis examines new obfuscation techniques employed by Gremlin stealer malware to conceal malicious payloads within embedded resources. A variant protected by sophisticated commercial packing utility uses instruction virtualization, transforming code into custom bytecode executed by a private virtual machine. The malware siphons sensitive information including payment card details, browser cookies, session tokens, cryptocurrency wallet data, and FTP/VPN credentials from compromised systems. It exfiltrates data to attacker-controlled servers at hxxp[:]194.87.92[.]109 for potential publication or sale. Recent iterations incorporate expanded Discord token extraction, active financial fraud through crypto clipper functionality that replaces cryptocurrency wallet addresses in real-time, and WebSocket-based session hijacking to bypass modern cookie protections. The malware employs advanced anti-analysis techniques including XOR-encoded payloads in .NET resource sections, identifier renaming, string encryp...

Pulse ID: 6a073a73501adf1f890b1a5e
Pulse Link: https://otx.alienvault.com/pulse/6a073a73501adf1f890b1a5e
Pulse Author: AlienVault
Created: 2026-05-15 15:23:31

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Cookies #CyberSecurity #Discord #FinancialFraud #ICS #InfoSec #Mac #Malware #NET #OTX #OpenThreatExchange #RAT #RCE #Troll #VPN #bot #cryptocurrency #AlienVault

Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files

This analysis examines new obfuscation techniques employed by Gremlin stealer malware to conceal malicious payloads within embedded resources. A variant protected by sophisticated commercial packing utility uses instruction virtualization, transforming code into custom bytecode executed by a private virtual machine. The malware siphons sensitive information including payment card details, browser cookies, session tokens, cryptocurrency wallet data, and FTP/VPN credentials from compromised systems. It exfiltrates data to attacker-controlled servers at hxxp[:]194.87.92[.]109 for potential publication or sale. Recent iterations incorporate expanded Discord token extraction, active financial fraud through crypto clipper functionality that replaces cryptocurrency wallet addresses in real-time, and WebSocket-based session hijacking to bypass modern cookie protections. The malware employs advanced anti-analysis techniques including XOR-encoded payloads in .NET resource sections, identifier renaming, string encryp...

Pulse ID: 6a073a73501adf1f890b1a5e
Pulse Link: https://otx.alienvault.com/pulse/6a073a73501adf1f890b1a5e
Pulse Author: AlienVault
Created: 2026-05-15 15:23:31

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Cookies #CyberSecurity #Discord #FinancialFraud #ICS #InfoSec #Mac #Malware #NET #OTX #OpenThreatExchange #RAT #RCE #Troll #VPN #bot #cryptocurrency #AlienVault

Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files

This analysis examines new obfuscation techniques employed by Gremlin stealer malware to conceal malicious payloads within embedded resources. A variant protected by sophisticated commercial packing utility uses instruction virtualization, transforming code into custom bytecode executed by a private virtual machine. The malware siphons sensitive information including payment card details, browser cookies, session tokens, cryptocurrency wallet data, and FTP/VPN credentials from compromised systems. It exfiltrates data to attacker-controlled servers at hxxp[:]194.87.92[.]109 for potential publication or sale. Recent iterations incorporate expanded Discord token extraction, active financial fraud through crypto clipper functionality that replaces cryptocurrency wallet addresses in real-time, and WebSocket-based session hijacking to bypass modern cookie protections. The malware employs advanced anti-analysis techniques including XOR-encoded payloads in .NET resource sections, identifier renaming, string encryp...

Pulse ID: 6a073a73501adf1f890b1a5e
Pulse Link: https://otx.alienvault.com/pulse/6a073a73501adf1f890b1a5e
Pulse Author: AlienVault
Created: 2026-05-15 15:23:31

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Cookies #CyberSecurity #Discord #FinancialFraud #ICS #InfoSec #Mac #Malware #NET #OTX #OpenThreatExchange #RAT #RCE #Troll #VPN #bot #cryptocurrency #AlienVault

📰 Industrial Sector Most Targeted by Ransomware, NCC Group Report Warns

A new NCC Group report reveals the industrial sector is the #1 target for ransomware, suffering 2,073 attacks in one year. The convergence of IT and OT is creating a perfect storm of risk for critical infrastructure. 🏭⚠️ #OTsecurity #ICS #Ransomware

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/ncc-group-report-warns-of-heightened-cyber-risk-to-ot-sector/?utm_source=mastodon&ut…

Thus Spoke…The Gentlemen

On May 4th, 2026, The Gentlemen RaaS administrator acknowledged that an internal backend database called Rocket had been leaked, exposing nine accounts including zeta88, the program's effective administrator. The leak revealed internal discussions detailing initial access methods through Fortinet and Cisco edge appliances, NTLM relay, and credential logs, along with the group's role divisions and toolsets. Evidence shows evaluation of CVEs including CVE-2024-55591, CVE-2025-32433, and CVE-2025-33073. Leaked ransom negotiations showed a successful payment of 190,000 USD. The group reused stolen data from a UK software consultancy to attack a Turkish company, employing dual-pressure tactics during negotiations. Analysis of ransomware samples identified eight distinct affiliate TOX IDs, indicating the administrator actively participates in infections alongside managing the RaaS program.

Pulse ID: 6a04aad1cd2da41f0087f85d
Pulse Link: https://otx.alienvault.com/pulse/6a04aad1cd2da41f0087f85d
Pulse Author: AlienVault
Created: 2026-05-13 16:46:09

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cisco #CyberSecurity #Edge #ICS #InfoSec #LUA #OTX #OpenThreatExchange #RAT #RaaS #RansomWare #Turkish #UK #bot #AlienVault

Thus Spoke…The Gentlemen

On May 4th, 2026, The Gentlemen RaaS administrator acknowledged that an internal backend database called Rocket had been leaked, exposing nine accounts including zeta88, the program's effective administrator. The leak revealed internal discussions detailing initial access methods through Fortinet and Cisco edge appliances, NTLM relay, and credential logs, along with the group's role divisions and toolsets. Evidence shows evaluation of CVEs including CVE-2024-55591, CVE-2025-32433, and CVE-2025-33073. Leaked ransom negotiations showed a successful payment of 190,000 USD. The group reused stolen data from a UK software consultancy to attack a Turkish company, employing dual-pressure tactics during negotiations. Analysis of ransomware samples identified eight distinct affiliate TOX IDs, indicating the administrator actively participates in infections alongside managing the RaaS program.

Pulse ID: 6a04aad1cd2da41f0087f85d
Pulse Link: https://otx.alienvault.com/pulse/6a04aad1cd2da41f0087f85d
Pulse Author: AlienVault
Created: 2026-05-13 16:46:09

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cisco #CyberSecurity #Edge #ICS #InfoSec #LUA #OTX #OpenThreatExchange #RAT #RaaS #RansomWare #Turkish #UK #bot #AlienVault

Thus Spoke…The Gentlemen

On May 4th, 2026, The Gentlemen RaaS administrator acknowledged that an internal backend database called Rocket had been leaked, exposing nine accounts including zeta88, the program's effective administrator. The leak revealed internal discussions detailing initial access methods through Fortinet and Cisco edge appliances, NTLM relay, and credential logs, along with the group's role divisions and toolsets. Evidence shows evaluation of CVEs including CVE-2024-55591, CVE-2025-32433, and CVE-2025-33073. Leaked ransom negotiations showed a successful payment of 190,000 USD. The group reused stolen data from a UK software consultancy to attack a Turkish company, employing dual-pressure tactics during negotiations. Analysis of ransomware samples identified eight distinct affiliate TOX IDs, indicating the administrator actively participates in infections alongside managing the RaaS program.

Pulse ID: 6a04aad1cd2da41f0087f85d
Pulse Link: https://otx.alienvault.com/pulse/6a04aad1cd2da41f0087f85d
Pulse Author: AlienVault
Created: 2026-05-13 16:46:09

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cisco #CyberSecurity #Edge #ICS #InfoSec #LUA #OTX #OpenThreatExchange #RAT #RaaS #RansomWare #Turkish #UK #bot #AlienVault

Thus Spoke…The Gentlemen

On May 4th, 2026, The Gentlemen RaaS administrator acknowledged that an internal backend database called Rocket had been leaked, exposing nine accounts including zeta88, the program's effective administrator. The leak revealed internal discussions detailing initial access methods through Fortinet and Cisco edge appliances, NTLM relay, and credential logs, along with the group's role divisions and toolsets. Evidence shows evaluation of CVEs including CVE-2024-55591, CVE-2025-32433, and CVE-2025-33073. Leaked ransom negotiations showed a successful payment of 190,000 USD. The group reused stolen data from a UK software consultancy to attack a Turkish company, employing dual-pressure tactics during negotiations. Analysis of ransomware samples identified eight distinct affiliate TOX IDs, indicating the administrator actively participates in infections alongside managing the RaaS program.

Pulse ID: 6a04aad1cd2da41f0087f85d
Pulse Link: https://otx.alienvault.com/pulse/6a04aad1cd2da41f0087f85d
Pulse Author: AlienVault
Created: 2026-05-13 16:46:09

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cisco #CyberSecurity #Edge #ICS #InfoSec #LUA #OTX #OpenThreatExchange #RAT #RaaS #RansomWare #Turkish #UK #bot #AlienVault

Thus Spoke…The Gentlemen

On May 4th, 2026, The Gentlemen RaaS administrator acknowledged that an internal backend database called Rocket had been leaked, exposing nine accounts including zeta88, the program's effective administrator. The leak revealed internal discussions detailing initial access methods through Fortinet and Cisco edge appliances, NTLM relay, and credential logs, along with the group's role divisions and toolsets. Evidence shows evaluation of CVEs including CVE-2024-55591, CVE-2025-32433, and CVE-2025-33073. Leaked ransom negotiations showed a successful payment of 190,000 USD. The group reused stolen data from a UK software consultancy to attack a Turkish company, employing dual-pressure tactics during negotiations. Analysis of ransomware samples identified eight distinct affiliate TOX IDs, indicating the administrator actively participates in infections alongside managing the RaaS program.

Pulse ID: 6a04aad1cd2da41f0087f85d
Pulse Link: https://otx.alienvault.com/pulse/6a04aad1cd2da41f0087f85d
Pulse Author: AlienVault
Created: 2026-05-13 16:46:09

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cisco #CyberSecurity #Edge #ICS #InfoSec #LUA #OTX #OpenThreatExchange #RAT #RaaS #RansomWare #Turkish #UK #bot #AlienVault

📰 Industrial Sector Most Targeted by Ransomware, NCC Group Report Warns

A new NCC Group report reveals the industrial sector is the #1 target for ransomware, suffering 2,073 attacks in one year. The convergence of IT and OT is creating a perfect storm of risk for critical infrastructure. 🏭⚠️ #OTsecurity #ICS #Ransomware

🔗 https://cyber.netsecops.io

Europe’s Photonics Push Runs Through Spain- EE Times

//php echo do_shortcode(‘[responsivevoice_button voice=”US English Male” buttontext=”Listen to Post”]’) ?> Europe has spent decades building world-class photonics research.…
#Spain #ES #Europe #Europa #EU #AIinfrastructure #Co-PackagedOptics #datacenters #EUchipsact #ICs #Optics&Photonics #Semiconductors #SovereignAI #Startups
https://www.europesays.com/spain/22533/

Iran-Linked Hackers Breached Korean Electronics Maker in Global Spying Campaign

Pulse ID: 6a0408708f3b49cc2cf1627a
Pulse Link: https://otx.alienvault.com/pulse/6a0408708f3b49cc2cf1627a
Pulse Author: Tr1sa111
Created: 2026-05-13 05:13:20

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #Iran #Korea #OTX #OpenThreatExchange #bot #Tr1sa111

Iran-Linked Hackers Breached Korean Electronics Maker in Global Spying Campaign

Pulse ID: 6a0408708f3b49cc2cf1627a
Pulse Link: https://otx.alienvault.com/pulse/6a0408708f3b49cc2cf1627a
Pulse Author: Tr1sa111
Created: 2026-05-13 05:13:20

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #Iran #Korea #OTX #OpenThreatExchange #bot #Tr1sa111

Iran-Linked Hackers Breached Korean Electronics Maker in Global Spying Campaign

Pulse ID: 6a0408708f3b49cc2cf1627a
Pulse Link: https://otx.alienvault.com/pulse/6a0408708f3b49cc2cf1627a
Pulse Author: Tr1sa111
Created: 2026-05-13 05:13:20

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #Iran #Korea #OTX #OpenThreatExchange #bot #Tr1sa111