Tag: nation state actors
81 articles

CISA Mandates Patching of Exploited Oracle Flaw by Saturday
Federal cyber authorities are sounding the alarm: a high-risk flaw in Oracle E-Business Suite, already being exploited by hackers, must be patched by Saturday to prevent takeover of vulnerable systems. Over 1,000 Internet-exposed instances are at risk, with more than half located in the United States.

Dutch Police Disrupts €100 Million Investment Fraud Ring
Dutch police have cracked down on a massive €100 million investment fraud ring, arresting multiple suspects, including a 46-year-old Israeli-Polish national with a notorious hacking past. The international sweep resulted in detentions across Cyprus, Greece, and Belgium, with authorities vowing to bring the alleged perpetrators to justice.

UK Authorities Charge Five in Russian Coms Fraud Crackdown
In a major crackdown on Russian Coms Fraud, UK authorities have charged five individuals linked to a notorious platform that enabled scammers to hide their identities and swindle victims by impersonating trusted institutions. The platform, shut down in 2024, had been facilitating these deceitful calls since 2020.

Armenian National Pleads Guilty to Ryuk Ransomware Conspiracy
Karen Serobovich Vardanyan, an Armenian national, has pleaded guilty to conspiracy charges for his role in a massive Ryuk ransomware scheme that raked in over $15 million in ransom payments from US-based organizations. The guilty plea marks a major win in the fight against cybercrime, as Vardanyan admitted to his part in the global extortion plot.

Ryuk Ransomware Operative Pleads Guilty, Faces 15-Year Sentence
A 34-year-old Armenian man, Karen Serobovich Vardanyan, has pleaded guilty to masterminding a brazen ransomware scheme that raked in around $15 million by infiltrating hundreds of computer networks and deploying Ryuk ransomware. Vardanyan's guilty plea comes after his extradition from Ukraine, where he was arrested in April 2025.

Hackers Exploit Microsoft Entra Passkey Enrollment in Voice Phishing Attacks
Hackers are using voice phishing attacks to trick Microsoft 365 users into enrolling a new Entra passkey, targeting multiple sectors including food and beverage, technology, and healthcare. They're registering domains with the word "passkey" to convincingly pose as legitimate Microsoft representatives.

Ransomware Negotiator Sentenced for Aiding BlackCat Extortions
A ransomware negotiator turned double agent, Angelo Martino, has been sentenced to 70 months in prison for betraying his clients and working with BlackCat to drive up ransoms for personal gain. Martino's shocking deceit involved selling out his clients' confidential negotiating positions to the very cybercriminals he was hired to thwart.

Accenture Breach Exposes Source Code, Heightens Supply Chain Risk
Accenture's recent data breach, where 35GB of sensitive data including source code was stolen, shines a spotlight on the hidden risks of working with major consulting and services firms. As a trusted partner to businesses and governments worldwide, Accenture's breach heightens concerns about supply chain vulnerabilities.

Ransomware Gang Exploits Supply Chain Attacks in New Partnership
Ransomware gangs are now operating like businesses, forming partnerships to supercharge their attacks - and a new alliance between Vect and TeamPCP is a prime example, combining massive credential theft with devastating ransomware-as-a-service operations. This unprecedented pairing puts organizations directly in the crosshairs.

US Extradites Alleged Scattered Spider Member
In a major cybercrime crackdown, US authorities have extradited a 19-year-old suspect, Peter Stokes, for allegedly being part of the notorious Scattered Spider gang that has wreaked havoc on US companies, extorting employees and causing millions in losses. Stokes, a dual US-Estonian citizen, was arrested in Finland with incriminating evidence and is now in federal custody awaiting cybercrime charges.

FortiBleed exposes link between ransomware gangs
A major breakthrough in the fight against ransomware has been uncovered, revealing a direct link between ransomware gangs and the recent FortiBleed attack. Researchers have found a single operator working with multiple ransomware groups, using infrastructure tied to FortiBleed.

Ousaban Trojan Targets Iberian Bank Users with Sophisticated PDF Lures
Meet the Ousaban Trojan, a sneaky malware targeting banking customers in Spain and Portugal with clever PDF tricks. This sophisticated threat steals logins, hijacks sessions, and even takes remote control of infected computers.

RustDuck Botnet Evolves with Rust Rewrite to Evade Detection
Meet RustDuck, a sneaky botnet that's been evolving to evade detection since February 2026, tracked by researchers at QiAnXin's XLab. It gains a foothold by exploiting weak passwords, unpatched vulnerabilities, and targeting specific web software.

Ransomware Groups Adopt Corporate Structure to Extort Victims
Meet Black Basta, a ransomware group that operated like a corporate powerhouse, launching attacks on 520 victims across 39 industries and raking in at least $107 million in bitcoin payments. With a structured team, set schedules, and outsourced tasks, this syndicate's business model was surprisingly sophisticated.

Huntress Insider Leak Exposes Potential Security Breach
A shocking security breach at Huntress has come to light, with a former analyst claiming that a colleague may have compromised the company's integrity by passing sensitive law enforcement communications to a notorious cybercriminal. The explosive allegations have left many questions unanswered about the breach and its potential impact.

Authorities dismantle Evil Corp's SocGholish botnet infrastructure
In a major win for cybersecurity, international authorities have joined forces to dismantle the notorious SocGholish botnet infrastructure, a multi-stage malware kit that had been exploited for ransomware campaigns and espionage since 2017. This coordinated effort has successfully disabled the malware's control points and seized related infrastructure.

INC Ransomware Targets 830+ Victims, Expands as Major RaaS Threat
The INC ransomware group has rapidly grown into a major threat, claiming over 830 victims since August 2023, with US organizations making up more than 65% of those affected. Sectors such as legal services, manufacturing, and healthcare are among the most targeted, as INC expands its reach as a prominent Ransomware as a Service (RaaS) operation.

Hackers Exploit Tailscale for Persistent Access After C2 Takedown
Meet Poisson, a French-speaking hacker who left a digital trail of 339 commands over 33 days, revealing a clever exploit that allowed them to maintain persistent access to a small French automotive business even after a C2 takedown. The intruder's step-by-step playbook was surprisingly left in an open storage bucket, giving Cato Networks researchers a glimpse into their tactics.

ShinyHunters Breach Council of Europe in Oracle PeopleSoft Heist
The Council of Europe has fallen victim to a massive data breach, with hackers claiming to have stolen a whopping 297 GB of sensitive information, including HR records, payslips, and medical data, by exploiting a zero-day flaw in Oracle PeopleSoft. The ShinyHunters extortion group is behind the breach, boasting a haul of 429,000 files from the attack.

Anubis Ransomware Targets Adriatic Port, Exposes Maritime Security Gaps
A ransomware attack by the Anubis group on the Adriatic Port Authority exposed significant gaps in maritime security, putting sensitive employee records and critical infrastructure at risk. The breach, which occurred on December 11, 2025, resulted in the loss of around 2% of the authority's data, with some information making its way to the dark web.

FBI Disrupts AI-Powered Phishing Service with 1 Million URLs
In a major win for cyber safety, the FBI, Google, and Black Lotus Labs joined forces to dismantle Outsider Enterprise, a notorious phishing-as-a-service operation based in China that had been spreading fake text campaigns through 1 million URLs. This coordinated takedown seized key servers and accounts used by the threat actors.

Conti Ransomware Member Pleads Guilty to Cybercrimes
A longtime member of the notorious Conti ransomware group has pleaded guilty to cybercrimes in federal court, marking a major win for justice after the defendant's attacks caused millions of dollars in damage to people and businesses worldwide. Oleksii Oleksiyovych Lytvynenko, a 44-year-old Ukrainian national, admitted to developing malware and participating in Conti's ransomware campaign.

Google Disrupts Chinese Smishing Network Tied to AI-Generated Phishing Attacks
Google just took down a massive Chinese smishing network that used AI-generated phishing pages to scam millions of mobile users, and is now suing to dismantle the operation for good. The tech giant is teaming up with major carriers like AT&T, T-Mobile, and Verizon to block the fraudulent texts and shut down the Phishing-as-a-Service business.

Ukrainian Hacker Pleads Guilty in Conti Ransomware Case
Meet Oleksii Lytvynenko, a Ukrainian hacker who just pleaded guilty to his role in the notorious Conti ransomware case, which targeted over 1,000 victims worldwide and raked in a staggering $150 million in ransom payments. He's now facing up to 20 years in prison for his involvement.