Red Hot Cyber, il blog italiano sulla sicurezza informatica
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Italian Spanish
Search
UtiliaCS 320x100
UtiliaCS 970x120

Author: RHC Dark Lab

Salt Typhoon (RedMike): The Chinese Cyber Threat That’s Shaking the World

RHC Dark Lab 12/11/2025

In recent months, the Chinese hacking group known as Salt Typhoon has continued to make headlines for its aggressive and persistent cybersecurity tactics. Despite US sanctions and close government surveillance, Salt Typhoon has shown no signs of slowing down its activities, continuing to launch coordinated attacks against educational institutions and critical infrastructure globally. Salt Typhoon (RedMike): A Global Threat Recent reports indicate that the group targeted several telecommunications providers and universities in various countries, primarily the United States, the United Kingdom, and South Africa . These incursions allowed hackers to compromise crucial devices, extracting sensitive information such as scientific data and proprietary

RHC interviews ShinyHunters: “Systems can be repaired, but people remain vulnerable!”

RHC Dark Lab 17/09/2025

ShinyHunters is a group of threat actors that gained notoriety after the massive data breach against Salesforce, an incident that led Google to closely monitor them and assign them the code name UNC6240. The Salesforce breach would allow attackers to gain easy access to a large number of companies in a wide range of industries. In recent days, many companies have shared official statements about the breaches they have suffered, but many others have not yet made any public statements. The group recently gained notoriety after a massive data breach targeting Salesforce, an incident that prompted Google to closely monitor them and

RHC interviews Sector16, one of the most active hacktivist groups of 2025. “Let’s destroy the present for a better future”

RHC Dark Lab 11/07/2025

In recent months, two disturbing episodes have shaken public opinion and the Italian cybersecurity sector. The first concerned an Italian hospital, violated in its most sensitive heart: videos of patients and operating rooms ended up online, exposing not only the inadequacy of protection systems, but also the vulnerability of our own digital humanity. Other episodes, we have seen them hit the SCADA systems of hotels and other infrastructure, where full access to critical facilities has been obtained by two groups: Overflame and Sector16. The latter, Sector16, are the subject of our exclusive interview. A name that until recently was known only among

AKIRA emergency report: the ransomware that is breaching Italy

RHC Dark Lab 22/06/2025

Spring 2025 will be remembered as a turning point in our country’s cyber chronicle. As bulletins and technical releases follow one another, one fact emerges glaringly: AKIRA has entered the Italian scene heavily. And it has done so without knocking on the door. In the report we publish today, the result of the joint work of our community and the DarkLab subgroup, which specializes in Cyber Threat Intelligence. Analysis with a technical but operational slant on the new offensive campaign of AKIRA, the ransomware-as-a-service that has made its bones abroad and now plays at home hitting large and medium-sized companies all along

RHC GhostSec interview: hacktivism in the shadows of terrorism and cyber conflict

RHC Dark Lab 12/06/2025

Ghost Security, also known as GhostSec, is a hacktivist group which emerged in the context of the cyber war against Islamic extremism. The first actions of the group date back to the aftermath of the attack on the Charlie Hebdo newsroom, January 2015. It is considered an offshoot of the Anonymous collective, from which it later partially broke away. GhostSec became known for its digital offensives against websites, social accounts and online infrastructure used by ISIS to spread propaganda and coordinate terrorist activities. The group claimed to have shut down hundreds of ISIS-affiliated accounts and helped thwart potential terrorist attacks by actively

RHC Interviews NOVA Ransomware – “Expect Dangerous Attacks. No One Is Safe.” | BLACKVIEW Series

RHC Dark Lab 02/06/2025

On May 10, 2025, the City of Pisa suffered a ransomware attack within their computer systems. The next day Nova claimed the attack and on the 21st of the same month threatened to publish 2TB of data stolen from the municipality’s servers. Nova RaaS appeared the first time in the April 2025 period making itself known for its direct and humiliating public communications to victims. From their DLS there does not appear to be a particular focus on specific sectors or states. Nova revamped predecessor RaLord by even going so far as to create a customized chat system for communications with their

The Evil Purr – DarkLab Interview to HellCat Ransomware!

RHC Dark Lab 30/03/2025

HellCat ransomware appeared in the second half of 2024 with and it has attracted the attentions of analysts thanks to the humor within their public statements. We recall the attack to Schneider Electric in France where the group ended up to request a “baguette payment” in their DLS. HellCat group targets are high profile organizations (like Orange, Telefónica, Zurich Group and Pinger) with prolific TTPs which include Jira ticketing system abuses and exploitation of vulnerable public interfaces. One of their recent victims is Jaguar Land Rover that led to a data breach wich highlighted the risk when relying on legacy credentials. HellCat

Harley-Davidson Targeted by Cyber ​​Criminals: 888 Claims Data Breach

RHC Dark Lab 31/12/2024

Recently, a threat actor on an underground forum posted an alleged data breach. According to reports, the famous American company Harley-Davidson has been the victim of a data breach that has exposed thousands of sensitive information relating to its customers. At this time we cannot confirm the veracity of the news, as the organization has not yet released any official press release on its website regarding the incident. Therefore, this article should be considered as an “intelligence source”. Details of the alleged infringement According to the threat actor, the data breach would have taken place in December 2024 and would have exposed

RHC DarkLab Interviews Interlock Ransomware. “Don’t waste your energy and time. We will do it for you.”

RHC Dark Lab 02/12/2024

RHC DarkLab has always taken a unique and provocative approach in the fight against cyber threats, summed up by the motto: ‘One must know the Demons to learn how to counter them.’ This philosophy guides our ongoing commitment to understanding Threat Actors through face-to-face interviews to expose their techniques, tactics and procedures (TTPs) and improve the defences of those facing these insidious adversaries. Cyber gangs, such as Interlock, often present themselves with a mix of highly sophisticated motivations and skills, as demonstrated by recent attacks targeting seemingly secure systems such as FreeBSD. In many cases, they claim to act to fill gaps

RHC Interviews Lynx Ransomware. The cyber-gang offering Pentest services ensuring privacy

RHC Dark Lab 23/09/2024

In July 2024, the Lynx group burst into the RaaS world, which from the outset demonstrated above-average aggressiveness and success in attacks with a total of 22 victims featured on their Data Leak Site (also available in the clearnet). Lynx’s victim categories are mainly Construction (ex:/ Miller Boskus Lack Architects and True Blue Environmental), Finance (ex:/ Pyle Group) and Hotel (ex:/ Warwick Hotels & Resorts andRiverside Resort Hotel & Casino). Lynx performs double extortion techniques and a high frequency of attacks in the U.S. but also in the UK, Canada, and Australia. The group describes their activities as exclusively “financially motivated” and

Category