Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
19 résultats taggé gang  ✕
DragonForce Ransomware Gang | From Hacktivists to High Street Extortionists https://www.sentinelone.com/blog/dragonforce-ransomware-gang-from-hacktivists-to-high-street-extortionists/
05/05/2025 18:28:30
QRCode
archive.org
thumbnail

DragonForce ransomware group is targeting major UK retailers. Learn about this evolving threat and what steps can be taken to mitigate risk.
In recent weeks, the DragonForce ransomware group has been targeting UK retailers in a series of coordinated attacks causing major service disruptions. Prominent retailers such as Harrods, Marks and Spencer, and the Co-Op have all reported ongoing incidents affecting payment systems, inventory, payroll and other critical business functions.

DragonForce has previously been attributed for a number of notable cyber incidents including attacks on Honolulu OTS (Oahu Transit Services), the Government of Palau, Coca-Cola (Singapore), the Ohio State Lottery, and Yakult Australia.

In this post, we offer a high-level overview of the DragonForce group, discuss its targeting, initial access methods, and payloads. We further provide a comprehensive list of indicators and defensive recommendations to help security teams and threat hunters better protect their organizations.

Background
DragonForce ransomware operations emerged in August 2023, primarily out of Malaysia (DragonForce Malaysia). The group originally positioned itself as a Pro-Palestine hacktivist-style operation; however, over time their goals have shifted and expanded.

The modern-day operation is focused on financial gain and extortion although the operation still targets government entities, making it something of a hybrid actor, both politically aligned and profit-motivated. The group operates a multi-extortion model, with victims threatened with data leakage via the group’s data leak sites, alongside reputational damage.

Recent DragonForce victims have included government institutions, commercial enterprises, and organizations aligned with specific political causes. The group is also known to heavily target law firms and medical practices. Notably, the group has targeted numerous entities in Israel, India, Saudi Arabia, and more recently several retail outlets in the United Kingdom.

Some components of the UK retail attacks have been attributed to an individual affiliated with the loose threat actor collective ‘The Com’, with claims that members are leveraging DragonForce ransomware. Our assessment indicates that the affiliate in question exhibits behavioral and operational characteristics consistent with those previously associated with The Com. However, due to the lack of strong technical evidence and shifting boundaries of The Com, that attribution remains inconclusive and subject to further analysis.

sentinelone EN 2025 DragonForce Ransomware Gang analysis
Threat Spotlight: Inside the World's Fastest Rising Ransomware Operator — BlackLock https://www.reliaquest.com/blog/threat-spotlight-inside-the-worlds-fastest-rising-ransomware-operator-blacklock/
19/02/2025 22:02:23
QRCode
archive.org
thumbnail

First observed in March 2024, “BlackLock” (aka El Dorado or Eldorado) has rapidly emerged as a major player in the ransomware-as-a-service (RaaS) ecosystem. By Q4 2024, it ranked as the 7th most prolific ransomware group on data-leak sites, fueled by a staggering 1,425% increase in activity from Q3. BlackLock uses a double extortion tactic—encrypting data while stealing sensitive information—to pressure victims with the threat of public exposure. Its ransomware is built to target Windows, VMWare ESXi, and Linux environments, though the Linux variant offers fewer features than its Windows counterpart.

reliaquest EN 2025 BlackLock Eldorado RaaS analysis ransomware gang
How a cybersecurity researcher befriended, then doxed, the leader of LockBit https://techcrunch.com/2024/08/09/how-a-cybersecurity-researcher-befriended-then-doxed-the-leader-of-lockbit-ransomware-gang/
12/08/2024 06:42:03
QRCode
archive.org
thumbnail

Jon DiMaggio used sockpuppet accounts, then his own identity, to infiltrate LockBit and gain the trust of its alleged admin, Dmitry Khoroshev.

techcrunch en 2024 LockBit JonDiMaggio doxing ransomware gang infiltration
Comment une nébuleuse, "The Comm", a engendré l’un des gangs les plus craints du moment, Scattered Spider https://www.usine-digitale.fr/article/comment-une-nebuleuse-the-comm-a-engendre-l-un-des-gangs-les-plus-craints-du-moment-scattered-spider.N2214764
19/06/2024 08:54:13
QRCode
archive.org
thumbnail

Enfin une bonne nouvelle à propos de Scattered Spider, ce gang de cybercriminels actif depuis le printemps 2022 ? La presse espagnole vient d’annoncer l’arrestation d’un Anglais présenté comme l’un des leaders de ce groupe informel de pirates informatiques. Le jeune homme de 22 ans s'apprêtait à s’envoler vers l’Italie quand il a été arrêté à Palma de Majorque, dans l’archipel des Baléares.

usine-digitale FR 2024 Scattered-Spider Lapsus$ ALPHV/BlackCat alliance gang The-Comm
Researchers discover new ransomware gang ‘Muliaka’ attacking Russian businesses https://therecord.media/muliaka-ransomware-group-targeting-russian-businesses-conti?_hsenc=p2ANqtz-9_rrl-EsQRNWUkdDZu1p2oi9e3Mqew71pyTwU0pADQzCehJF9X5V-RjlZF5ymYmmVzPfkMwgQN-m7H6symSoAxW0gbow&_hsmi=302381143
13/04/2024 09:55:08
QRCode
archive.org
thumbnail

A previously unknown ransomware gang has been attacking Russian businesses with malware based on the leaked source code from the Conti hacking group.

The gang, which researchers at the Moscow-based cybersecurity company F.A.C.C.T. have dubbed “Muliaka," or Muddy Water in English, has left minimal traces from its attacks but has likely been active since at least December 2023.

therecord EN 2024 Muliaka ransomware gang Russia
Romania-linked ‘Rubycarp’ hackers look for cryptomining, phishing DDoS opportunities https://therecord.media/romania-linked-rubycarp-cryptomining-phishing?_hsenc=p2ANqtz-9HLeh2NKX9YD8v6Rfw_YGWT9zf3p7rORXktQ5wNPQyt1AHa2bq5Pj7rmBv1zUT1d8_YLC4QKFG2VDEEKJoZQrzHzqjfA&_hsmi=302087305
11/04/2024 09:08:18
QRCode
archive.org
thumbnail

Rubycarp has been in operation for at least a decade, and its campaigns appear to overlap with other cybercrime groups, according to researchers at Sysdig.

therecord EN 2024 Rubycarp gang Romania DDoS cryptomining
NoEscape gang continues to use DDoS to pressure reluctant victims to negotiate https://www.databreaches.net/noescape-gang-continues-to-use-ddos-to-pressure-reluctant-victims-to-negotiate/
19/11/2023 13:51:01
QRCode
archive.org

Over on SuspectFile, Marco A. De Felice reports that the NoEscape ransomware gang is threatening to release 1.5 TB of data from PruittHealth Network. De Felice...

databreaches.net EN 2023 gang NoEscape DDoS
Ukrainian activists hack Trigona ransomware gang, wipe servers https://www.bleepingcomputer.com/news/security/ukrainian-activists-hack-trigona-ransomware-gang-wipe-servers/
19/10/2023 20:10:09
QRCode
archive.org
thumbnail

A group of cyber activists under the Ukrainian Cyber Alliance banner has hacked the servers of the Trigona ransomware gang and wiped them clean after copying all the information available.

bleepingcomputer EN 2023 Ukrainian-Cyber-Alliance Trigona ransomware gang hacked
Unmasking the Darkrace Ransomware Gang https://blog.cyble.com/2023/06/08/unmasking-the-darkrace-ransomware-gang/
08/06/2023 14:14:32
QRCode
archive.org
thumbnail

Cyble analyses Darkrace Ransomware, a new ransomware group shares similarities with infamous LockBit Ransomware.

cyble 2023 EN Darkrace Ransomware Gang
Shining Light on Dark Power: Yet Another Ransomware Gang https://www.trellix.com/en-us/about/newsroom/stories/research/shining-light-on-dark-power.html
25/03/2023 21:11:57
QRCode
archive.org
thumbnail

Another day, another ransomware gang. The Dark Power ransomware gang is new on the block, and is trying to make a name for itself. This blog dives into the specifics of the ransomware used by the gang, as well as some information regarding their victim naming and shaming website, filled with non-paying victims and stolen data.

trellix EN 2023 DarkPower ransomware gang research
Gang leaks Lehigh Valley Health Network cancer patient photos as part of data hack https://www.lehighvalleylive.com/business/2023/03/gang-leaks-lehigh-valley-health-network-cancer-patient-photos-as-part-of-data-hack.html
08/03/2023 22:30:34
QRCode
archive.org
thumbnail

A ransomware gang has posted photos of Lehigh Valley Health Network cancer patients on the dark web after the health network refused to pay a ransom last month following a cyberattack.

lehighvalleylive EN 2023 Health patient hospital photos ransomware gang ALPHV BlackCat
Ransomware gang gives decryptor to Toronto’s SickKids Hospital https://www.itworldcanada.com/article/breaking-news-ransomware-gang-gives-decryptor-to-torontos-sickkids-hospital/519841
01/01/2023 22:31:11
QRCode
archive.org
thumbnail

In a New Year's Eve apology, the LockBit ransomware gang has expressed regret for attacking Toronto's Hospital for Sick Children and sent a free decryptor so files can be unscrambled. According to Brett Callow, a B.C.-based threat analyst for Emsisoft, the gang posted a message on its site claiming the attack was the work of an affiliate and violated their rules.

itworldcanada EN 2023 canada Hospital LockBit ransomware gang affiliate regret
#StopRansomware: Daixin Team https://www.cisa.gov/uscert/ncas/alerts/aa22-294a
24/10/2022 21:52:46
QRCode
archive.org

Actions to take today to mitigate cyber threats from ransomware: • Install updates for operating systems, software, and firmware as soon as they are released. • Require phishing-resistant MFA for as many services as possible. • Train users to recognize and report phishing attempts.

cisa EN 2022 US uscert csirt cert threat ransomware #StopRansomware alert Daixin-Team gang health
TommyLeaks and SchoolBoys: Two sides of the same ransomware gang https://www.bleepingcomputer.com/news/security/tommyleaks-and-schoolboys-two-sides-of-the-same-ransomware-gang/
24/10/2022 07:02:48
QRCode
archive.org
thumbnail

Two new extortion gangs named 'TommyLeaks' and 'SchoolBoys' are targeting companies worldwide. However, there is a catch — they are both the same ransomware gang.

bleepingcomputer EN 2022 TommyLeaks SchoolBoys ransomware extortion gang
Cyberattaques: «Il s'agit davantage de terrorisme que de crime organisé» https://www.letemps.ch/economie/cyberattaques-sagit-davantage-terrorisme-crime-organise
02/06/2022 19:32:06
QRCode
archive.org
thumbnail

Les autorités russes vont relâcher les membres du gang de cybercriminels Revil, et même les embaucher pour leur propre compte. Stéphane Duguin, directeur du CyberPeace Institute de Genève, commente ce rebondissement

letemps FR 2022 Revil cyberwar Russie gang crime-organisé cybercriminels
Lapsus$: Two UK teenagers charged with hacking for gang https://www.bbc.com/news/technology-60953527
02/04/2022 11:51:11
QRCode
archive.org
thumbnail

The actions of the relatively new group have led to an international police hunt.

bbc Lapsus$ teenagers gang EN 2022 arrest police UK
Ukrainian Researcher Leaks Conti Ransomware Gang Data https://www.bankinfosecurity.com/ukrainian-researcher-leaks-conti-ransomware-gang-data-a-18620
01/03/2022 08:49:19
QRCode
archive.org
thumbnail

A Ukrainian cybersecurity researcher has released a huge batch of data that came from the internal systems of the Conti ransomware gang. The researcher released the

Ukraine bankinfosecurity Conti ransomware dataleak EN 2022 gang chat logs
Anonymous hacktivists, ransomware groups get involved in Ukraine-Russia conflict https://www.zdnet.com/article/anonymous-hacktivists-ransomware-groups-get-involved-in-ukraine-russia-conflict/
26/02/2022 11:23:41
QRCode
archive.org
thumbnail

Experts expressed concerns about the influx of non-government cyber groups taking sides in the Russian invasion of Ukraine.

zdnet EN 2022 Conti announce cyberwar Russia gang criminals
Conti ransomware group announces support of Russia, threatens retaliatory attacks https://www.cyberscoop.com/conti-ransomware-russia-ukraine-critical-infrastructure/
26/02/2022 11:09:44
QRCode
archive.org
thumbnail

An infamous ransomware group with potential ties to Russian intelligence and known for attacking health care providers and hundreds of other targets posted a warning Friday saying it was “officially announcing a full support of Russian government.”

cyberscoop Conti attribution intelligence Russia gang EN 2022 announce
4259 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio