#lockbit — Public Fediverse posts

Data Extortion Groups Intensify Pressure On Global Aerospace Supply Chains

Cyber threats targeting the global aviation and aerospace sector are rapidly evolving, with ransomware, identity-based intrusions, and platform-level disruptions becoming dominant attack vectors. The interconnected nature of this ecosystem, combined with time-sensitive operations and complex third-party dependencies, makes it highly attractive to threat actors. Shared airport IT platforms represent critical single points of failure, as demonstrated by the September 2025 ransomware attack on Collins Aerospace MUSE system that disrupted major European airports including Heathrow, Brussels, Berlin, and Dublin. Major ransomware groups like LockBit and Cl0p maintain heavy focus on aviation suppliers, while advanced persistent threat groups including Refined Kitten, Wicked Panda, and Fancy Bear conduct strategic espionage targeting intellectual property, aircraft design data, and military aviation intelligence. Emerging threats include vulnerabilities in regional airports, aviation SaaS platforms, and satellite ...

Pulse ID: 69fb173ad966425db9cad018
Pulse Link: https://otx.alienvault.com/pulse/69fb173ad966425db9cad018
Pulse Author: AlienVault
Created: 2026-05-06 10:26:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cl0p #CyberSecurity #Espionage #Europe #Extortion #InfoSec #LockBit #Military #OTX #OpenThreatExchange #RAT #RansomWare #SupplyChain #bot #AlienVault

Data Extortion Groups Intensify Pressure On Global Aerospace Supply Chains

Cyber threats targeting the global aviation and aerospace sector are rapidly evolving, with ransomware, identity-based intrusions, and platform-level disruptions becoming dominant attack vectors. The interconnected nature of this ecosystem, combined with time-sensitive operations and complex third-party dependencies, makes it highly attractive to threat actors. Shared airport IT platforms represent critical single points of failure, as demonstrated by the September 2025 ransomware attack on Collins Aerospace MUSE system that disrupted major European airports including Heathrow, Brussels, Berlin, and Dublin. Major ransomware groups like LockBit and Cl0p maintain heavy focus on aviation suppliers, while advanced persistent threat groups including Refined Kitten, Wicked Panda, and Fancy Bear conduct strategic espionage targeting intellectual property, aircraft design data, and military aviation intelligence. Emerging threats include vulnerabilities in regional airports, aviation SaaS platforms, and satellite ...

Pulse ID: 69fb173ad966425db9cad018
Pulse Link: https://otx.alienvault.com/pulse/69fb173ad966425db9cad018
Pulse Author: AlienVault
Created: 2026-05-06 10:26:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cl0p #CyberSecurity #Espionage #Europe #Extortion #InfoSec #LockBit #Military #OTX #OpenThreatExchange #RAT #RansomWare #SupplyChain #bot #AlienVault

Data Extortion Groups Intensify Pressure On Global Aerospace Supply Chains

Cyber threats targeting the global aviation and aerospace sector are rapidly evolving, with ransomware, identity-based intrusions, and platform-level disruptions becoming dominant attack vectors. The interconnected nature of this ecosystem, combined with time-sensitive operations and complex third-party dependencies, makes it highly attractive to threat actors. Shared airport IT platforms represent critical single points of failure, as demonstrated by the September 2025 ransomware attack on Collins Aerospace MUSE system that disrupted major European airports including Heathrow, Brussels, Berlin, and Dublin. Major ransomware groups like LockBit and Cl0p maintain heavy focus on aviation suppliers, while advanced persistent threat groups including Refined Kitten, Wicked Panda, and Fancy Bear conduct strategic espionage targeting intellectual property, aircraft design data, and military aviation intelligence. Emerging threats include vulnerabilities in regional airports, aviation SaaS platforms, and satellite ...

Pulse ID: 69fb173ad966425db9cad018
Pulse Link: https://otx.alienvault.com/pulse/69fb173ad966425db9cad018
Pulse Author: AlienVault
Created: 2026-05-06 10:26:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cl0p #CyberSecurity #Espionage #Europe #Extortion #InfoSec #LockBit #Military #OTX #OpenThreatExchange #RAT #RansomWare #SupplyChain #bot #AlienVault

Data Extortion Groups Intensify Pressure On Global Aerospace Supply Chains

Cyber threats targeting the global aviation and aerospace sector are rapidly evolving, with ransomware, identity-based intrusions, and platform-level disruptions becoming dominant attack vectors. The interconnected nature of this ecosystem, combined with time-sensitive operations and complex third-party dependencies, makes it highly attractive to threat actors. Shared airport IT platforms represent critical single points of failure, as demonstrated by the September 2025 ransomware attack on Collins Aerospace MUSE system that disrupted major European airports including Heathrow, Brussels, Berlin, and Dublin. Major ransomware groups like LockBit and Cl0p maintain heavy focus on aviation suppliers, while advanced persistent threat groups including Refined Kitten, Wicked Panda, and Fancy Bear conduct strategic espionage targeting intellectual property, aircraft design data, and military aviation intelligence. Emerging threats include vulnerabilities in regional airports, aviation SaaS platforms, and satellite ...

Pulse ID: 69fb173ad966425db9cad018
Pulse Link: https://otx.alienvault.com/pulse/69fb173ad966425db9cad018
Pulse Author: AlienVault
Created: 2026-05-06 10:26:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cl0p #CyberSecurity #Espionage #Europe #Extortion #InfoSec #LockBit #Military #OTX #OpenThreatExchange #RAT #RansomWare #SupplyChain #bot #AlienVault

Data Extortion Groups Intensify Pressure On Global Aerospace Supply Chains

Cyber threats targeting the global aviation and aerospace sector are rapidly evolving, with ransomware, identity-based intrusions, and platform-level disruptions becoming dominant attack vectors. The interconnected nature of this ecosystem, combined with time-sensitive operations and complex third-party dependencies, makes it highly attractive to threat actors. Shared airport IT platforms represent critical single points of failure, as demonstrated by the September 2025 ransomware attack on Collins Aerospace MUSE system that disrupted major European airports including Heathrow, Brussels, Berlin, and Dublin. Major ransomware groups like LockBit and Cl0p maintain heavy focus on aviation suppliers, while advanced persistent threat groups including Refined Kitten, Wicked Panda, and Fancy Bear conduct strategic espionage targeting intellectual property, aircraft design data, and military aviation intelligence. Emerging threats include vulnerabilities in regional airports, aviation SaaS platforms, and satellite ...

Pulse ID: 69fb173ad966425db9cad018
Pulse Link: https://otx.alienvault.com/pulse/69fb173ad966425db9cad018
Pulse Author: AlienVault
Created: 2026-05-06 10:26:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cl0p #CyberSecurity #Espionage #Europe #Extortion #InfoSec #LockBit #Military #OTX #OpenThreatExchange #RAT #RansomWare #SupplyChain #bot #AlienVault

LockBit 5.0 in Escalation: dalla Banca delle Banche Centrali Latinoamericane alle logistiche Europee

https://insicurezzadigitale.com/lockbit-5-0-in-escalation-dalla-banca-delle-banche-centrali-latinoamericane-alle-logistiche-europee/

Uptick in Bomgar RMM Exploitation

Since early April 2026, security researchers have observed a significant increase in attacks targeting Bomgar remote monitoring and management instances, exploiting CVE-2026-1731, a critical vulnerability disclosed in February. Threat actors have compromised Bomgar RMM to target downstream customers of MSPs and other service providers, affecting over 78 businesses in one incident alone. Attackers deploy LockBit ransomware, create privileged administrator accounts for persistence, install additional remote access tools like AnyDesk and ScreenConnect, and conduct domain reconnaissance. Some incidents involved attempts to disable security tools using BYOVD techniques. The attacks primarily target organizations running outdated Bomgar versions vulnerable to remote code execution, with compromised instances belonging to dental software companies and MSPs enabling widespread impact across their customer bases.

Pulse ID: 69e2bfe152d44136b3c83ec3
Pulse Link: https://otx.alienvault.com/pulse/69e2bfe152d44136b3c83ec3
Pulse Author: AlienVault
Created: 2026-04-17 23:18:57

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AnyDesk #CyberSecurity #InfoSec #LockBit #OTX #OpenThreatExchange #RAT #RansomWare #RemoteCodeExecution #ScreenConnect #Vulnerability #bot #AlienVault

Uptick in Bomgar RMM Exploitation

Since early April 2026, security researchers have observed a significant increase in attacks targeting Bomgar remote monitoring and management instances, exploiting CVE-2026-1731, a critical vulnerability disclosed in February. Threat actors have compromised Bomgar RMM to target downstream customers of MSPs and other service providers, affecting over 78 businesses in one incident alone. Attackers deploy LockBit ransomware, create privileged administrator accounts for persistence, install additional remote access tools like AnyDesk and ScreenConnect, and conduct domain reconnaissance. Some incidents involved attempts to disable security tools using BYOVD techniques. The attacks primarily target organizations running outdated Bomgar versions vulnerable to remote code execution, with compromised instances belonging to dental software companies and MSPs enabling widespread impact across their customer bases.

Pulse ID: 69e2bfe152d44136b3c83ec3
Pulse Link: https://otx.alienvault.com/pulse/69e2bfe152d44136b3c83ec3
Pulse Author: AlienVault
Created: 2026-04-17 23:18:57

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AnyDesk #CyberSecurity #InfoSec #LockBit #OTX #OpenThreatExchange #RAT #RansomWare #RemoteCodeExecution #ScreenConnect #Vulnerability #bot #AlienVault

Uptick in Bomgar RMM Exploitation

Since early April 2026, security researchers have observed a significant increase in attacks targeting Bomgar remote monitoring and management instances, exploiting CVE-2026-1731, a critical vulnerability disclosed in February. Threat actors have compromised Bomgar RMM to target downstream customers of MSPs and other service providers, affecting over 78 businesses in one incident alone. Attackers deploy LockBit ransomware, create privileged administrator accounts for persistence, install additional remote access tools like AnyDesk and ScreenConnect, and conduct domain reconnaissance. Some incidents involved attempts to disable security tools using BYOVD techniques. The attacks primarily target organizations running outdated Bomgar versions vulnerable to remote code execution, with compromised instances belonging to dental software companies and MSPs enabling widespread impact across their customer bases.

Pulse ID: 69e2bfe152d44136b3c83ec3
Pulse Link: https://otx.alienvault.com/pulse/69e2bfe152d44136b3c83ec3
Pulse Author: AlienVault
Created: 2026-04-17 23:18:57

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AnyDesk #CyberSecurity #InfoSec #LockBit #OTX #OpenThreatExchange #RAT #RansomWare #RemoteCodeExecution #ScreenConnect #Vulnerability #bot #AlienVault

Uptick in Bomgar RMM Exploitation

Since early April 2026, security researchers have observed a significant increase in attacks targeting Bomgar remote monitoring and management instances, exploiting CVE-2026-1731, a critical vulnerability disclosed in February. Threat actors have compromised Bomgar RMM to target downstream customers of MSPs and other service providers, affecting over 78 businesses in one incident alone. Attackers deploy LockBit ransomware, create privileged administrator accounts for persistence, install additional remote access tools like AnyDesk and ScreenConnect, and conduct domain reconnaissance. Some incidents involved attempts to disable security tools using BYOVD techniques. The attacks primarily target organizations running outdated Bomgar versions vulnerable to remote code execution, with compromised instances belonging to dental software companies and MSPs enabling widespread impact across their customer bases.

Pulse ID: 69e2bfe152d44136b3c83ec3
Pulse Link: https://otx.alienvault.com/pulse/69e2bfe152d44136b3c83ec3
Pulse Author: AlienVault
Created: 2026-04-17 23:18:57

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AnyDesk #CyberSecurity #InfoSec #LockBit #OTX #OpenThreatExchange #RAT #RansomWare #RemoteCodeExecution #ScreenConnect #Vulnerability #bot #AlienVault

Uptick in Bomgar RMM Exploitation

Since early April 2026, security researchers have observed a significant increase in attacks targeting Bomgar remote monitoring and management instances, exploiting CVE-2026-1731, a critical vulnerability disclosed in February. Threat actors have compromised Bomgar RMM to target downstream customers of MSPs and other service providers, affecting over 78 businesses in one incident alone. Attackers deploy LockBit ransomware, create privileged administrator accounts for persistence, install additional remote access tools like AnyDesk and ScreenConnect, and conduct domain reconnaissance. Some incidents involved attempts to disable security tools using BYOVD techniques. The attacks primarily target organizations running outdated Bomgar versions vulnerable to remote code execution, with compromised instances belonging to dental software companies and MSPs enabling widespread impact across their customer bases.

Pulse ID: 69e2bfe152d44136b3c83ec3
Pulse Link: https://otx.alienvault.com/pulse/69e2bfe152d44136b3c83ec3
Pulse Author: AlienVault
Created: 2026-04-17 23:18:57

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AnyDesk #CyberSecurity #InfoSec #LockBit #OTX #OpenThreatExchange #RAT #RansomWare #RemoteCodeExecution #ScreenConnect #Vulnerability #bot #AlienVault

#Schuldigitalisierung ohne #Cybersecurity: Ende Januar 2025 griff ein Ableger der #Lockbit-#Ransomware den rheinland-pfälzischen IT-Dienstleister Topackt an und verschlüsselte 45 Server. Über zwei Terabyte hochsensibler Schuldaten von mehr als 40 Schulen landeten schließlich im #Darknet.

Schulen und kommunale Einrichtungen werden von den Bundesländern in Sachen digitaler #Resilienz nach wie vor weitestgehend sich selbst überlassen - sollen aber massiv digitalisieren:

https://www.speyer.de/de/rathaus/medieninformationen/aktuelle-informationen/stadt-speyer-prueft-situation-nach-datenveroeffentlichung-aus-hackerangriff/

🇨🇱 LockBit 5.0 has now published all the information from Clínica Dávila (http://davila.cl). Remember that this medical institution was attacked by the Devman ransomware back in December last year. It appears that Devman sold a portion of the data to LockBit.

Now the question that arises: Has Clínica Dávila individually notified each patient about the attack it suffered from Devman back in December last year?

https://www.security-chu.com/2026/03/lockbit-filtra-los-datos-de-la-clinica-davila.html

#cybersecurity #ransomware #Chile #databreach #health #healthcare #lockbit #devman #research

🇨🇱 LockBit 5.0 has now published all the information from Clínica Dávila (http://davila.cl). Remember that this medical institution was attacked by the Devman ransomware back in December last year. It appears that Devman sold a portion of the data to LockBit.

Now the question that arises: Has Clínica Dávila individually notified each patient about the attack it suffered from Devman back in December last year?

https://www.security-chu.com/2026/03/lockbit-filtra-los-datos-de-la-clinica-davila.html

#cybersecurity #ransomware #Chile #databreach #health #healthcare #lockbit #devman #research

🇨🇱 LockBit 5.0 has now published all the information from Clínica Dávila (http://davila.cl). Remember that this medical institution was attacked by the Devman ransomware back in December last year. It appears that Devman sold a portion of the data to LockBit.

Now the question that arises: Has Clínica Dávila individually notified each patient about the attack it suffered from Devman back in December last year?

https://www.security-chu.com/2026/03/lockbit-filtra-los-datos-de-la-clinica-davila.html

#cybersecurity #ransomware #Chile #databreach #health #healthcare #lockbit #devman #research

🇨🇱 LockBit 5.0 has now published all the information from Clínica Dávila (http://davila.cl). Remember that this medical institution was attacked by the Devman ransomware back in December last year. It appears that Devman sold a portion of the data to LockBit.

Now the question that arises: Has Clínica Dávila individually notified each patient about the attack it suffered from Devman back in December last year?

https://www.security-chu.com/2026/03/lockbit-filtra-los-datos-de-la-clinica-davila.html

#cybersecurity #ransomware #Chile #databreach #health #healthcare #lockbit #devman #research

🇨🇱 LockBit 5.0 has now published all the information from Clínica Dávila (http://davila.cl). Remember that this medical institution was attacked by the Devman ransomware back in December last year. It appears that Devman sold a portion of the data to LockBit.

Now the question that arises: Has Clínica Dávila individually notified each patient about the attack it suffered from Devman back in December last year?

https://www.security-chu.com/2026/03/lockbit-filtra-los-datos-de-la-clinica-davila.html

#cybersecurity #ransomware #Chile #databreach #health #healthcare #lockbit #devman #research

Cyberzbóje w święta nie czekają na serniczka. Kolejna polska spółka ofiarą ransomware?

Zaledwie wczoraj informowaliśmy o potencjalnym kolejnym ataku grupy Safepay, a już dzisiaj trafiła do nas informacja nt. grupy Lockbit 5.0 i prawdopodobnym ataku na polską spółkę – Mosty Katowice Sp. z o.o. Firma to znany lider w branży projektowej i inżynieryjnej w Polsce, działający głównie w budownictwie infrastrukturalnym i usługach...

#Aktualności #Incydent #Lockbit #Ransomware

https://sekurak.pl/cyberzboje-w-swieta-nie-czekaja-na-serniczka-kolejna-polska-spolka-ofiara-ransomware/

LockBit 5.0 – nowa infrastruktura, publicznie dostępna lista zhakowanych firm i OPSEC grupy pod znakiem zapytania

Nie tak dawno na łamach Sekuraka pisaliśmy o sojuszu grup LockBit, DragonForce oraz Qilin i reaktywacji Lockbit 5.0 z zaawansowanym, wieloplatformowym malwarem, wykorzystującym m.in. silne szyfrowanie. Zgodnie z oceną badaczy z Trend Micro, powrót Lockbit stanowi realne zagrożenie oraz może skutkować zwiększoną częstotliwością ataków, o czym mieliśmy okazję się przekonać...

#Aktualności #Awareness #Lockbit #Opsec #OSINT #Ransomware

https://sekurak.pl/lockbit-5-0-nowa-infrastruktura-publicznie-dostepna-lista-zhakowanych-firm-i-opsec-grupy-pod-znakiem-zapytania/

OFAC + U.K. + Australia sanction Media Land LLC for providing bulletproof hosting to LockBit, BlackSuit, Play, Evil Corp & Black Basta.
Volosovik (Yalishanda), Zatolokin & Pankova named, along with ML Cloud, MLT & DC Kirishi.

Full report: https://www.technadu.com/russian-hosting-provider-media-land-sanctioned-for-supporting-lockbit-blacksuit-and-play-ransomware/613982/

Follow @technadu for continuous threat intel.
#CybersecurityNews #Ransomware #LockBit #ThreatIntel

UK Exposes Bulletproof Hosting Operator Linked to LockBit and Evil Corp https://hackread.com/uk-bulletproof-hosting-operator-lockbit-evil-corp/ #Cybersecurity #Bulletproof #CyberCrime #Ransomware #EvilCorp #FiveEyes #Hosting #LockBit #Russia #NCA

NEW - 🚨 The UK National Crime Agency (#NCA) has exposed and sanctioned Alexander Volosovik, aka “Yalishanda,” for running Russian bulletproof hosting operations linked to LockBit, Evil Corp and BlackBasta ransomware.

Read: https://hackread.com/uk-bulletproof-hosting-operator-lockbit-evil-corp/

#CyberSecurity #Ransomware #LockBit #EvilCorp #CyberCrime

"- 85 active ransomware and extortion groups observed in Q3 2025, reflecting the most decentralized ransomware ecosystem to date.

- 1,590 victims disclosed across 85 leak sites, showing high, sustained activity despite law-enforcement pressure.

- 14 new ransomware brands launched this quarter, proving how quickly affiliates reconstitute after takedowns.

- LockBit's reappearance with version 5.0 signals potential re-centralization after months of fragmentation."

https://thehackernews.com/2025/11/ransomwares-fragmentation-reaches.html

#CyberSecurity #Ransomware #Lockbit

Gemäß einer Analyse von Check Point Research weise das dritte Quartal 2025 das bislang dezentralisierteste Ransomware‑Ökosystem auf. Die Untersuchung habe 85 aktive Ransomware‑ und Erpressungsgruppen sowie 1 590 Opfer ergeben, die über 85 Leak‑Seiten publik gemacht worden seien. Und: LockBit mit Version 5.0 ist zurück, woraus ein neuer Trend zur Zentralisierung abgeleitet werden könnte.

https://maniabel.work/archiv/232
#Ransomware #Lockbit #infosec #infosecnews #BeDiS

Imagine someone selling hacked access like real estate—unwitting gateways to ransomware attacks worth millions. The Volkov case lifts the veil on this shadowy cyber trade. Curious how it all unfolds?

https://thedefendopsdiaries.com/the-critical-role-of-initial-access-brokers-lessons-from-the-volkov-case/

#initialaccessbroker
#ransomware
#cybercrime
#volkovcase
#yanluowang
#lockbit
#cryptocurrency
#cybersecuritytrends
#lawenforcement

Imagine someone selling hacked access like real estate—unwitting gateways to ransomware attacks worth millions. The Volkov case lifts the veil on this shadowy cyber trade. Curious how it all unfolds?

https://thedefendopsdiaries.com/the-critical-role-of-initial-access-brokers-lessons-from-the-volkov-case/

#initialaccessbroker
#ransomware
#cybercrime
#volkovcase
#yanluowang
#lockbit
#cryptocurrency
#cybersecuritytrends
#lawenforcement

Imagine someone selling hacked access like real estate—unwitting gateways to ransomware attacks worth millions. The Volkov case lifts the veil on this shadowy cyber trade. Curious how it all unfolds?

https://thedefendopsdiaries.com/the-critical-role-of-initial-access-brokers-lessons-from-the-volkov-case/

#initialaccessbroker
#ransomware
#cybercrime
#volkovcase
#yanluowang
#lockbit
#cryptocurrency
#cybersecuritytrends
#lawenforcement

Imagine someone selling hacked access like real estate—unwitting gateways to ransomware attacks worth millions. The Volkov case lifts the veil on this shadowy cyber trade. Curious how it all unfolds?

https://thedefendopsdiaries.com/the-critical-role-of-initial-access-brokers-lessons-from-the-volkov-case/

#initialaccessbroker
#ransomware
#cybercrime
#volkovcase
#yanluowang
#lockbit
#cryptocurrency
#cybersecuritytrends
#lawenforcement

Защита от шифровальщиков. Как происходят атаки и что делать?

За последний год даже те, кто не связан с информационной безопасностью или ИТ-администрированием, узнали о хакерских атаках, в ходе которых уничтожаются или шифруются данные. Теоретически, массовая атака программ-вымогателей может временно парализовать важную инфраструктуру: остановить транспорт, лишить магазины, аптеки и АЗС возможности обслуживать клиентов. Хотя такая картина кажется гиперболизированной, она вполне возможна — особенно на фоне недавних событий и произошедших инцидентов. В статье расскажем о масштабах угрозы и о том, как организации могут противостоять атакам программ-вымогателей. На основе реальных расследований поделимся не только техническими деталями, но и практическими рекомендациями, которые помогут снизить риски и вовремя отреагировать на инцидент.

https://habr.com/ru/companies/jetinfosystems/articles/962282/

#кибербезопасность #ransomware #иб #информационная_безопасность #cybersecurity #расследование_инцидентов #soc #phishing #фишинг #lockbit

#CheckPoint Research identified #LockBit rapid resurgence after its disruption in 2024, with a dozen organizations hit in September 2025, half by the new LockBit 5.0 (“ChuongDong”) variant. The group is deploying attacks across #Windows, #Linux, and #ESXi environments in Europe, the Americas, and Asia. LockBit 5.0 adds multi-platform builds, stronger anti-analysis, faster encryption, and more.

https://blog.checkpoint.com/research/lockbit-returns-and-it-already-has-victims/

#CheckPoint Research identified #LockBit rapid resurgence after its disruption in 2024, with a dozen organizations hit in September 2025, half by the new LockBit 5.0 (“ChuongDong”) variant. The group is deploying attacks across #Windows, #Linux, and #ESXi environments in Europe, the Americas, and Asia. LockBit 5.0 adds multi-platform builds, stronger anti-analysis, faster encryption, and more.

https://blog.checkpoint.com/research/lockbit-returns-and-it-already-has-victims/

#CheckPoint Research identified #LockBit rapid resurgence after its disruption in 2024, with a dozen organizations hit in September 2025, half by the new LockBit 5.0 (“ChuongDong”) variant. The group is deploying attacks across #Windows, #Linux, and #ESXi environments in Europe, the Americas, and Asia. LockBit 5.0 adds multi-platform builds, stronger anti-analysis, faster encryption, and more.

https://blog.checkpoint.com/research/lockbit-returns-and-it-already-has-victims/

LockBit Returns — and It Already Has Victims
#LockBit
https://blog.checkpoint.com/research/lockbit-returns-and-it-already-has-victims/

I like my individualized mail addresses. I just received a phishing mail to update my data with a Swiss payment system (TWINT) - but it was sent to an address I created for a doctor's appointment system (Onedoc).
The message also contains my postal address from the time I created that account.

#databreach #switzerland #Onedoc #Lockbit #twint #phishing

I like my individualized mail addresses. I just received a phishing mail to update my data with a Swiss payment system (TWINT) - but it was sent to an address I created for a doctor's appointment system (Onedoc).
The message also contains my postal address from the time I created that account.

#databreach #switzerland #Onedoc #Lockbit #twint #phishing

I like my individualized mail addresses. I just received a phishing mail to update my data with a Swiss payment system (TWINT) - but it was sent to an address I created for a doctor's appointment system (Onedoc).
The message also contains my postal address from the time I created that account.

#databreach #switzerland #Onedoc #Lockbit #twint #phishing

I like my individualized mail addresses. I just received a phishing mail to update my data with a Swiss payment system (TWINT) - but it was sent to an address I created for a doctor's appointment system (Onedoc).
The message also contains my postal address from the time I created that account.

#databreach #switzerland #Onedoc #Lockbit #twint #phishing

I like my individualized mail addresses. I just received a phishing mail to update my data with a Swiss payment system (TWINT) - but it was sent to an address I created for a doctor's appointment system (Onedoc).
The message also contains my postal address from the time I created that account.

#databreach #switzerland #Onedoc #Lockbit #twint #phishing

Kolejny sojusz przestępczy. Grupy LockBit, DragonForce i Qilin łączą siły

Nie tak dawno pisaliśmy o sojuszu trzech grup cyberprzestępczych, działających pod nazwą Scattered Lapsus$ Hunters, a już na horyzoncie pojawia się kolejne zagrożenie – powrót grupy LockBIt, tym razem we współpracy z DragonForce oraz Qilin. O LockBicie było głośno w 2024 r., kiedy to w ramach międzynarodowej operacji Cronos, udało...

#WBiegu #Awareness #Dragonforce #Lockbit #Qilin #Ransomware #Sojusz

https://sekurak.pl/kolejny-sojusz-przestepczy-grupy-lockbit-dragonforce-i-qilin-lacza-sily/

Kolejny sojusz przestępczy. Grupy LockBit, DragonForce i Qilin łączą siły

Nie tak dawno pisaliśmy o sojuszu trzech grup cyberprzestępczych, działających pod nazwą Scattered Lapsus$ Hunters, a już na horyzoncie pojawia się kolejne zagrożenie – powrót grupy LockBIt, tym razem we współpracy z DragonForce oraz Qilin. O LockBicie było głośno w 2024 r., kiedy to w ramach międzynarodowej operacji Cronos, udało...

#WBiegu #Awareness #Dragonforce #Lockbit #Qilin #Ransomware #Sojusz

https://sekurak.pl/kolejny-sojusz-przestepczy-grupy-lockbit-dragonforce-i-qilin-lacza-sily/

Kolejny sojusz przestępczy. Grupy LockBit, DragonForce i Qilin łączą siły

Nie tak dawno pisaliśmy o sojuszu trzech grup cyberprzestępczych, działających pod nazwą Scattered Lapsus$ Hunters, a już na horyzoncie pojawia się kolejne zagrożenie – powrót grupy LockBIt, tym razem we współpracy z DragonForce oraz Qilin. O LockBicie było głośno w 2024 r., kiedy to w ramach międzynarodowej operacji Cronos, udało...

#WBiegu #Awareness #Dragonforce #Lockbit #Qilin #Ransomware #Sojusz

https://sekurak.pl/kolejny-sojusz-przestepczy-grupy-lockbit-dragonforce-i-qilin-lacza-sily/

Kolejny sojusz przestępczy. Grupy LockBit, DragonForce i Qilin łączą siły

Nie tak dawno pisaliśmy o sojuszu trzech grup cyberprzestępczych, działających pod nazwą Scattered Lapsus$ Hunters, a już na horyzoncie pojawia się kolejne zagrożenie – powrót grupy LockBIt, tym razem we współpracy z DragonForce oraz Qilin. O LockBicie było głośno w 2024 r., kiedy to w ramach międzynarodowej operacji Cronos, udało...

#WBiegu #Awareness #Dragonforce #Lockbit #Qilin #Ransomware #Sojusz

https://sekurak.pl/kolejny-sojusz-przestepczy-grupy-lockbit-dragonforce-i-qilin-lacza-sily/

Kolejny sojusz przestępczy. Grupy LockBit, DragonForce i Qilin łączą siły

Nie tak dawno pisaliśmy o sojuszu trzech grup cyberprzestępczych, działających pod nazwą Scattered Lapsus$ Hunters, a już na horyzoncie pojawia się kolejne zagrożenie – powrót grupy LockBIt, tym razem we współpracy z DragonForce oraz Qilin. O LockBicie było głośno w 2024 r., kiedy to w ramach międzynarodowej operacji Cronos, udało...

#WBiegu #Awareness #Dragonforce #Lockbit #Qilin #Ransomware #Sojusz

https://sekurak.pl/kolejny-sojusz-przestepczy-grupy-lockbit-dragonforce-i-qilin-lacza-sily/

🚨 Velociraptor DFIR exploited in LockBit ransomware attacks.

Huntress and Cisco Talos link Storm-2603 to a new campaign abusing outdated Velociraptor builds for privilege escalation, lateral movement, and ransomware deployment.

The crew reportedly used SharePoint exploits (ToolShell) and domain admin creation before dropping LockBit, Warlock, and Babuk payloads.

💬 Are open-source DFIR tools the next frontier for living-off-the-land tactics?

Follow @technadu for more cutting-edge cyber threat intelligence.

#CyberSecurity #DFIR #Velociraptor #Ransomware #LockBit #Warlock #Babuk #ThreatIntel #Storm2603 #Infosec #IncidentResponse #ThreatHunting #TechNadu #CyberAwareness

You might have heard about the #LockBit attack with #ransomware intrusion that succeeded without any advanced exploits or zero-day vulnerabilities. It used a stolen AnyDesk installer, credential reuse, and renamed PowerShell scripts that blended into routine activity. 😱 It's a good reminder of how fast common techniques can escalate into catastrophic outcomes. You can't afford to wait for encryption to begin. It's important to spot early signals, enrich context, and correlate activity into something actionable before ransomware takes hold.

We recommend three immediate actions for defenders looking to strengthen ransomware detection and response:
1️⃣ Secure remote access
2️⃣ Monitor PowerShell execution
3️⃣ Correlate activity early

Learn how you can capture log data, plus see how an intrusion has started, how an intrusion is spreading, and how to stop it before it ends in encryption. 👀 🙌 With a focus on visibility, correlation, and context, security teams can gain the clarity needed to respond decisively.

Learn more: https://graylog.org/post/how-graylog-helps-you-spot-lockbit-style-attacks-sooner/ #cybersecurity #SIEM

They’re turning the tables—hackers are hijacking Velociraptor (a tool meant to catch them) to launch sneaky ransomware and double-extortion attacks. Just when you thought defenders had it all figured out, the game has changed.

https://thedefendopsdiaries.com/attackers-weaponize-velociraptor-dfir-tool-in-ransomware-campaigns/

#velociraptor
#ransomware
#dfir
#cve20256264
#cybersecurity
#threatactors
#doubleextortion
#infosec
#lockbit
#babuk

They’re turning the tables—hackers are hijacking Velociraptor (a tool meant to catch them) to launch sneaky ransomware and double-extortion attacks. Just when you thought defenders had it all figured out, the game has changed.

https://thedefendopsdiaries.com/attackers-weaponize-velociraptor-dfir-tool-in-ransomware-campaigns/

#velociraptor
#ransomware
#dfir
#cve20256264
#cybersecurity
#threatactors
#doubleextortion
#infosec
#lockbit
#babuk

They’re turning the tables—hackers are hijacking Velociraptor (a tool meant to catch them) to launch sneaky ransomware and double-extortion attacks. Just when you thought defenders had it all figured out, the game has changed.

https://thedefendopsdiaries.com/attackers-weaponize-velociraptor-dfir-tool-in-ransomware-campaigns/

#velociraptor
#ransomware
#dfir
#cve20256264
#cybersecurity
#threatactors
#doubleextortion
#infosec
#lockbit
#babuk

They’re turning the tables—hackers are hijacking Velociraptor (a tool meant to catch them) to launch sneaky ransomware and double-extortion attacks. Just when you thought defenders had it all figured out, the game has changed.

https://thedefendopsdiaries.com/attackers-weaponize-velociraptor-dfir-tool-in-ransomware-campaigns/

#velociraptor
#ransomware
#dfir
#cve20256264
#cybersecurity
#threatactors
#doubleextortion
#infosec
#lockbit
#babuk