Red Hot Cyber, il blog italiano sulla sicurezza informatica
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Italian Spanish
Search
2nd Edition GlitchZone RHC 320x100 2
TM RedHotCyber 970x120 042543

Tag: CTI

The Story Of Conti Ransomware – Origins and Evolution of the RaaS Model (Episode 1)

Alessio Stefan 30/09/2024

Ransomware, a malware designed to encrypt data making them restorable only with the use of a private key. Relatively simple math is all that threat actors out there needs to disrupt networks around the globe, once lock out you can get your plain data back just in one way : cripto payment. The real first Ransomware ever discovered was made by Joseph L. Popp Jr. with his malware called AIDS. Isolated in 1989, the program was stored inside a Floppy Disk with the label “AIDS Information Introductory”, sent in the email of 20,000 of WHO conference in Stockholm. Once opened the C:

RHC Interviews Lynx Ransomware. The cyber-gang offering Pentest services ensuring privacy

RHC Dark Lab 23/09/2024

In July 2024, the Lynx group burst into the RaaS world, which from the outset demonstrated above-average aggressiveness and success in attacks with a total of 22 victims featured on their Data Leak Site (also available in the clearnet). Lynx’s victim categories are mainly Construction (ex:/ Miller Boskus Lack Architects and True Blue Environmental), Finance (ex:/ Pyle Group) and Hotel (ex:/ Warwick Hotels & Resorts andRiverside Resort Hotel & Casino). Lynx performs double extortion techniques and a high frequency of attacks in the U.S. but also in the UK, Canada, and Australia. The group describes their activities as exclusively “financially motivated” and

Alleged SpaceX Database Breach Published on BreachForums

Pietro Melillo 21/09/2024

A recent post on a dark web forum has caught the attention of the international cybersecurity community. A user, identified by the nickname l33tfg, claimed to have published a supposed data leak from SpaceX, the aerospace company owned by Elon Musk. According to the post, the breach allegedly contains sensitive data including emails, password hashes, phone numbers, hosts, and IP addresses. While the news has not yet been officially confirmed by SpaceX or other verified sources, the incident could pose a serious threat to the organization and the security of its corporate data. Attack Overview: Attacker Profile and Motivations The post, dated

WhiteHouse.gov Data Breach: Threat Actors Leak Sensitive Information!

Redazione RHC 21/09/2024

Recently, a threat actor on a dark web forum has posted a claim regarding an alleged data breach involving WhiteHouse.gov. The post, made by a user named “l33tfg,” asserts that sensitive information from the White House’s official website has been leaked. According to the post, the data includes emails, names, phone numbers, hashes, and IP addresses. At the moment, we cannot confirm the veracity of this claim, as the organization has yet to release any official statement on its website regarding the incident. Therefore, this article should be considered as a source of intelligence. Details of the Alleged Breach In the forum

RHC interviews Qilin Ransomware! “Let’s play fair and wait for a worthy opponent on the field”

RHC Dark Lab 19/09/2024

Qilin (from Chinese :麒麟) is a legendary creature that appears in Chinese mythology and is said to appear with the imminent arrival or demise of a sage or illustrious ruler. The Qilin ransomware is a prime example of the growing complexity of cyber threats. Discovered in 2022, Qilin immediately attracted attention for its ability to target critical sectors such as healthcare and education, particularly in the regions of Africa and Asia. Written in Rust and C, Qilin offers an unprecedented level of customisation that sets it apart from most other ransomware. The operators behind this threat can change the extension of encrypted

IntelBroker Takes Control of BreachForums: A New Chapter in Cybercrime Management

Pietro Melillo 22/08/2024

IntelBroker Takes Control of BreachForums: A New Chapter in Cybercrime Management IntroductionThe recent acquisition of BreachForums by IntelBroker marks a significant shift in the landscape of cybercrime. This transition of power occurs at a crucial time for the forum, which has recently experienced a period of stagnation and inefficiency under the previous administration. The arrival of IntelBroker as the new owner promises to renew and strengthen the platform, bringing with it a more active and engaged management style. IntelBroker is an individual (or group of criminal hackers) operating in the dark web, among underground resources such as XSS, BreachForums, and Exposed. They

The Ransomware Group Ransomexx Claims Attack on Liteon

Pietro Melillo 26/07/2024

On July 26, 2024, the ransomware group Ransomexx publicly claimed responsibility for an attack against Liteon, a giant in the electronic components sector. This attack is further evidence of the growing threat that cybercriminals pose to large companies. Below, we examine the details of the attack, its consequences, and the measures that companies can take to defend themselves against similar threats. Who is Liteon? Liteon Technology Corporation, based in Taiwan, is a world leader in the production of a wide range of electronic components. Founded in 1975, Liteon specializes in the development and manufacturing of optoelectronic devices, storage devices, and other electronic

A Threat Actors Posts Update on Luxottica’s 2021 Data Breach

Redazione RHC 25/07/2024

Recently, a threat actor in a clandestine forum posted an update on the 2021 data breach concerning the giant Luxottica, one of the world’s largest eyewear companies. According to the post, the breach allegedly exposed extensive personal information of millions of individuals. This article explores the details of the alleged breach based on information provided by the threat actor. At this time, we cannot confirm the veracity of the news, as the organization has not yet issued any official press release on its website regarding the incident. Therefore, this article should be considered an ‘intelligence source.’ Details of the Alleged Breach According

RHC interviews RADAR and DISPOSSESSOR: “When it comes to security, the best defense is a good offense.”

RHC Dark Lab 25/07/2024

In our usual underground analysis activities, we came into contact with the cyber gang DISPOSSESSOR, which came to attention in February 2024 in the cyber threat landscape. Accessing their Data Leak Site (DLS) one immediately realizes a strong resemblance to that of the well-known cyber-gang LockBit, and even the number of views of individual posts, taking into account that it is a blog in the onion network, has nothing to envy the elite cyber-gang. This profound similarity suggests a possible reorganization by affiliates of the world’s longest-running cybergang, LockBit, in part because of the two Cronos operations, which saw law enforcement break

Exposed the Data of 3,379 Spanish Doctors! When Fraud Becomes “On-Target”

Redazione RHC 24/07/2024

Recently, a threat actor in an underground forum called Breach Forums published an alleged data breach. The post claims to have exposed the names, departments, and emails of 3,379 Spanish doctors. This information was shared by a user going by the name “jewwu.” At the moment, we cannot confirm the veracity of the news, as we have not had access to the actual data set. Therefore, this article should be considered as ‘intelligence source.’ Details of the Alleged Breach According to the forum post, the breached data includes names, departments, emails, and other personal details of the doctors. The post included a

Category