Red Hot Cyber, il blog italiano sulla sicurezza informatica
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Italian Spanish
Search
Fortinet 320x100px
TM RedHotCyber 970x120 042543

Author: Alessio Stefan

Xi Jinping and the Chinese APT’s Ambition

Alessio Stefan 08/09/2025

The post-COVID macro political movements, including ongoing conflicts, have prompted a majority of states to shift their medium- to long-term political objectives. Clearly, a paradigm shift has been very common in the war sector, with Europe attempting to shift some of its member states’ resources, and the United States increasingly adopting a highly protectionist economic stance, using tariffs as a means of reducing trade deficits with key countries, including China. INTRO – The Silence of the Dragons The recent decisions taken by POTUS Donald Trump regarding the Chinese economic entity are nothing more than the continuation of decisions taken in the first

Paragon Spyware – Let’s talk about privacy and governments

Alessio Stefan 18/03/2025

Politics, information technology, and privacy. A triad continually seeking balance with a history of conflict that originates from the introduction of personal computers at the consumer level. Attempts by the U.S. government in preventing access to “strong enough” cryptography for foreign nationals and states were numerous from 1990 onward. Dubbed as the “Crypto Wars,” such attempts were aimed at maintaining an acceptable level to warrant potential decryption by government agencies for public security reasons. Out of this context came the Pretty Good Privacy (PGP) software that allowed authentication and private communications. The use of PGP was widely adopted by a large segment

The Story Of Conti Ransomware – The Last Ceremony (Final Episode)

Alessio Stefan 08/01/2025

This is the last episode of “The Story Of Conti Ransomware” series, we would finally reach the decline of the group and what this means for the current ransomware landscape. In the previous article group we have approached operations made by law enforcement (mainly the FBI) and by some vigilantes which didn’t liked Conti’s political positions. Conti is not dead, it’s still living. The Moon – Dostoevsky’s De(a)mons The Conti leak showed the world how “normal” a RaaS group of this size could be with the same organization of a “legit” company. But there is a message which we didn’t analyzed in

FBI responds to threats and announcement of LockBit 4.0

Alessio Stefan 22/12/2024

In the last month of 2024, LockBit has been exodusively talked about. The prominent news is the long-awaited release of the 4.0 program of the most famous RaaS in the scene. After the entire Operation Cronos series, which does not seem to be over yet, LockBit has been put to the test with an unprecedented digital crime-fighting experience executed by an international task force. In this article we will expand on the very latest updates trying to take stock and comment on these early (partial) conclusions of a real attrition that will impact the future of digital security and crime. For those

The Story Of Conti Ransomware – The War Within (Episode 2)

Alessio Stefan 22/11/2024

This is a continuation of the Conti story. You can read the previous part, which covered the group’s origins, in the previous article. We will now explore the internal components of the group and how their own ecosystem began to collapse. Wizard Spider is still full of surprises and in this episode we will unravel the most proibhited ones The Fool – Trick or Treat Mid-2021, Conti is dominating the headlines with consistent attacks and gaining ransoms from victims. The RaaS operation has been a big deal in the ecosystem, attracting the attention of everyone involved, including victims, affiliates, and law enforcement

Herm1t Interview – From VX Heaven to the war gates!

Alessio Stefan 04/11/2024

This is the story of Herm1t, founder of VX-Heaven, hacker – currently active in protecting Ukraine from 2014 –  and founder of RUH8 in fall 2015, told by means of an interview that sought to focus on its history, values and goals, while also trying to understand what are the most important elements that distinguish the ongoing cyber war between Russia and Ukraine. In our interview with Smelly, founder of VX-Underground, we explored a world committed to openly sharing as much malware-related data as possible. By amassing samples, papers, and articles into a centralised library, VX-Underground builds upon the legacy of VX-Heaven,

The Story Of Conti Ransomware – Origins and Evolution of the RaaS Model (Episode 1)

Alessio Stefan 30/09/2024

Ransomware, a malware designed to encrypt data making them restorable only with the use of a private key. Relatively simple math is all that threat actors out there needs to disrupt networks around the globe, once lock out you can get your plain data back just in one way : cripto payment. The real first Ransomware ever discovered was made by Joseph L. Popp Jr. with his malware called AIDS. Isolated in 1989, the program was stored inside a Floppy Disk with the label “AIDS Information Introductory”, sent in the email of 20,000 of WHO conference in Stockholm. Once opened the C:

Donald Trump’s campaign under attack! Documents and internal communications exfiltrated

Alessio Stefan 11/08/2024

After the European elections unfolded, geopolitical attentions shifted to the U.S. election campaign, one of the most dynamic in recent years recently with the Democrats’ recent changeover with Harris as the new nominee. There has been no shortage of controversy : Elon Musk has taken a sharp stance by releasing AI videos against candidate Harris, record fundraising for the Democrats’ campaign, and Trump injured by a gunshot during a rally. The latter has also been a major player within digital crime circles, some of the readers will recall the (alleged) attack in Fulton County by LockBit. LockBitSupp claimed to be in possession

NSO Group targeted! BlackMeta attacks Spyware maker’s central domain

Alessio Stefan 04/08/2024

The Pro-Palestinian group BlackMeta (or DarkMeta) announced on August 1, 2024, on their official telegram channel that they conducted a destructive attack on the NSO group’s infrastructure, including the central domain. Along with the site of the Israeli intelligence group, the Europol site also suffered the same treatment by undergoing a strong DDoS attack. On August 3, BlackMeta wanted to update the status of the attack by stating that both sites remained unreachable for at least 24 hours. The group also wanted to clarify the emergency mitigation methods initiated by Europol by bragging about their failures in the face of their attacks.

The Hackers Choice – 30 years of hacking without trying to get rich!

Alessio Stefan 16/07/2024

Imagine a time before firewalls and ubiquitous encryption, when the digital frontier was wide open for exploration. Hackers weren’t criminals, they were pioneers, fueled by an insatiable thirst for knowledge.  Unraveling the secrets of communication networks like GSM, pushing the boundaries of computer technology. These weren’t just technical feats, they were groundbreaking discoveries.  Forget online forums and instant messaging , these trailblazers forged connections in a world of limited resources. But how? What fueled their relentless curiosity? What environment fostered such groundbreaking innovation?  Prepare to journey back to a bygone era, where breakthroughs like Nmap fingerprinting emerged from the shadows, and passion

Category