Red Hot Cyber, il blog italiano sulla sicurezza informatica
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Italian Spanish
Search
LECS 320x100 1
970x120

Author: Pietro Melillo

Linkc Ransomware: The New Cybercriminal Group Targeting Artificial Intelligence Data

Pietro Melillo 20/02/2025

In the DarkLab group’s underground analysis activity, we ventured onto an onion site that is apparently a Data Leak Site (DLS) of a new ransomware cyber gang. This new actor called Linkc, was the author of a recent heist against H2O.ai. Their Data Leak Site-a minimalist page devoid of any further information-leaks only the essentials: a leak of sensitive data and source code belonging to a company specialising in artificial intelligence. A New Group, Familiar Methods? Even though Linkc appears to be a brand-new group, their operation follows the well-known double extortion model: What’s novel in this case is the site’s extreme

Potential Compromise of a U.S. Military Database

Pietro Melillo 06/11/2024

A high-ranking user of BreachForums, known as “GOD,” is reportedly selling an alleged database belonging to the U.S. Military, which purportedly contains data on over 385,000 personnel and contractors. This database would have been acquired in November 2024 and is said to include critical personal and service-related information. Details of the Potential Breach If authentic, the database would contain various fields of sensitive data, which may be categorized under the following headers: At this time, we cannot confirm the veracity of this information, as the organization has not released an official press statement on its website regarding the incident. Therefore, this article

Hellcat Claims an Alleged Breach Against Schneider Electric

Pietro Melillo 04/11/2024

In recent hours, the ransomware group known as Hellcat has claimed responsibility for an alleged attack against Schneider Electric, a global leader in energy management and automation. This supposed breach was reported on Hellcat’s data leak site, where information was published suggesting unauthorized access to the company’s infrastructure. At this time, we cannot confirm the authenticity of this news, as the organization has not yet released an official press statement on its website regarding the incident. Therefore, this article should be considered as an ‘intelligence source.’ Details of the Possible Breach According to the Hellcat group, access was allegedly obtained through Schneider

Israeli Air Force Data Sale: A Suspected Leak Puts Sensitive Information at Risk

Pietro Melillo 02/11/2024

Recently, a cyber threat actor known as EagleStrike posted an announcement on a dark web forum, claiming to possess confidential data concerning the Israeli Air Force (IAF). According to the post, this collection of information includes critical details about both active and inactive pilots, as well as various Air Force employees. Leak Details The threat actor claims that the data gathered contains a variety of personal and professional information, including: This detailed information could pose a significant risk to the security of the personnel involved and to the operational integrity of the Air Force. Currently, we are unable to confirm the accuracy

Stormous claims an attack on NASA

Pietro Melillo 09/10/2024

In recent years, the landscape of cyber threats has been dominated by increasingly sophisticated ransomware groups. Among them, the ransomware group Stormous has gained notoriety for targeting high-profile organizations, including government entities and technology companies. On October 5, 2024, information concerning NASA and AOSense, an American startup that develops sensors based on quantum technologies, appeared on Stormous’ data leak site. These pieces of information, labeled as “victims” by the group, have not yet been officially confirmed by either NASA or AOSense but represent an important source of intelligence to be analyzed. The Stormous Ransomware Group Stormous is a cybercriminal group known for

Alleged SpaceX Database Breach Published on BreachForums

Pietro Melillo 21/09/2024

A recent post on a dark web forum has caught the attention of the international cybersecurity community. A user, identified by the nickname l33tfg, claimed to have published a supposed data leak from SpaceX, the aerospace company owned by Elon Musk. According to the post, the breach allegedly contains sensitive data including emails, password hashes, phone numbers, hosts, and IP addresses. While the news has not yet been officially confirmed by SpaceX or other verified sources, the incident could pose a serious threat to the organization and the security of its corporate data. Attack Overview: Attacker Profile and Motivations The post, dated

Arrest of Pavel Durov: Telegram Founder Detained in Paris

Pietro Melillo 25/08/2024

On August 24, 2024, French authorities arrested Pavel Durov, the founder and CEO of Telegram, at Le Bourget Airport. Durov, a 39-year-old Franco-Russian citizen, had just arrived from Azerbaijan on his private jet. Accompanied by his bodyguard and a woman, he was apprehended by officers from the Gendarmerie des Transports Aériens (GTA). The arrest warrant had been issued by the French National Directorate of Judicial Police. Charges and Motives French authorities accuse Durov of complicity in criminal activities conducted through Telegram. The main charges include terrorism, drug trafficking, and fraud. According to investigators, the Telegram platform does not adequately moderate content and

IntelBroker Takes Control of BreachForums: A New Chapter in Cybercrime Management

Pietro Melillo 22/08/2024

IntelBroker Takes Control of BreachForums: A New Chapter in Cybercrime Management IntroductionThe recent acquisition of BreachForums by IntelBroker marks a significant shift in the landscape of cybercrime. This transition of power occurs at a crucial time for the forum, which has recently experienced a period of stagnation and inefficiency under the previous administration. The arrival of IntelBroker as the new owner promises to renew and strengthen the platform, bringing with it a more active and engaged management style. IntelBroker is an individual (or group of criminal hackers) operating in the dark web, among underground resources such as XSS, BreachForums, and Exposed. They

Echelon Stealer: The Open Source Malware

Pietro Melillo 31/07/2024

Echelon Stealer is an infostealer malware that was first discovered in 2018 and is still active. Currently shared as an open-source tool on GitHub, Echelon Stealer offers various advanced features for extracting sensitive data. Despite being presented as an educational project, its potential for malicious use is significant. What is an Infostealer? An infostealer is a type of malware specifically designed to steal sensitive information from infected devices. These malware can gather a wide range of data, including: Infostealers are often distributed through phishing campaigns, malicious email attachments, compromised software downloads, and other social engineering techniques. Once installed, the infostealer collects data

The Ransomware Group Ransomexx Claims Attack on Liteon

Pietro Melillo 26/07/2024

On July 26, 2024, the ransomware group Ransomexx publicly claimed responsibility for an attack against Liteon, a giant in the electronic components sector. This attack is further evidence of the growing threat that cybercriminals pose to large companies. Below, we examine the details of the attack, its consequences, and the measures that companies can take to defend themselves against similar threats. Who is Liteon? Liteon Technology Corporation, based in Taiwan, is a world leader in the production of a wide range of electronic components. Founded in 1975, Liteon specializes in the development and manufacturing of optoelectronic devices, storage devices, and other electronic

Category