Red Hot Cyber, il blog italiano sulla sicurezza informatica
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Italian Spanish
Search
Enterprise BusinessLog 320x200 1
TM RedHotCyber 970x120 042543

Tag: cybercrime

Crazyhunter: The Ransomware with the Three-Dimensional Data Annihilation System That Redefines Data Destruction

Pietro Melillo 10/03/2025

In the reconnaissance of the world of the underground and criminal groups carried out by Red Hot Cyber’s DarkLab threat intelligence lab, we came across a Data Leak Site of a cyber gang that had never been monitored before: Crazyhunter. With a distinct identity and a manifesto that sets it apart from other cybercriminal actors, Crazyhunter presents itself as a sophisticated operation that focuses on attack speed, data destruction, and a highly structured criminal branding system. From the information gathered on their Data Leak Site (DLS), accessible through the Tor network, the group appears to adopt a methodical and aggressive approach, aimed

Akira Ransomware: The New Threat Using Webcams as Entry Points

Pietro Melillo 07/03/2025

Akira represents one of the most recent ransomware threats capable of bypassing traditional organizational defense mechanisms. A recent case analyzed by the S-RM team highlighted how this group leveraged an unprotected webcam to deploy its payload, evading the defenses of an Endpoint Detection and Response (EDR) system. The Initial Modus Operandi The attack began with the compromise of the victim’s network through an internet-exposed remote access solution. Once inside, Akira deployed AnyDesk.exe, a remote management tool, to maintain control over the environment and proceed with data exfiltration. During the later stages of the attack, the attackers used the Remote Desktop Protocol (RDP)

Possible breach at Ukraine’s Ministry of Foreign Affairs: the Qilin Ransomware group claims responsibility for the attack

Pietro Melillo 07/03/2025

The Qilin Ransomware group claims to have compromised the systems of Ukraine’s Ministry of Foreign Affairs, stealing private correspondence, personal information, and official decrees. According to the attackers, some of this data has already been sold to third parties. At the moment, it is not possible to confirm the veracity of these statements because the organization has not yet released any official press statement on its website regarding the incident. Consequently, the information presented in this article should be treated solely as an intelligence source. Details of the Alleged Breach Status of the Investigation Conclusions At present, the alleged breach claimed by

A New Dark Actor Enters the Criminal Underground. Discovering Skira Ransomware

Pietro Melillo 07/03/2025

During our reconnaissance into the underground world and criminal groups conducted by Red Hot Cyber’s threat intelligence laboratory DarkLab, we stumbled upon a Data Leak Site of a cyber gang never monitored before: Skira. Ransomware groups generally operate under the logic of “double extortion”: after gaining unauthorized access to an organization’s IT systems, they encrypt the data and simultaneously steal a copy. If the victim refuses to pay the ransom, the cybercriminals threaten not only to leave the systems inaccessible but also to publish the exfiltrated data. Skira fits into this scenario as a newly emerging group that, like many of its

Analysis of Recorded Future’s CVE Report – February 2025

Sandro Sana 05/03/2025

The monthly Recorded Future CVE report for February 2025 provides a detailed overview of current cybersecurity threats, highlighting a slight decline compared to the previous month. A total of 25 high-impact vulnerabilities were identified, down from 33 in January, yet the overall risk level remains high. Several of these vulnerabilities are already being actively exploited by cybercriminals, making a timely response from corporate security teams essential. One of the key aspects of this report is the ability to analyze the issue from two complementary perspectives: that of CEOs and that of IT managers and CISOs. On one hand, business leaders must understand

Linkc Ransomware: The New Cybercriminal Group Targeting Artificial Intelligence Data

Pietro Melillo 20/02/2025

In the DarkLab group’s underground analysis activity, we ventured onto an onion site that is apparently a Data Leak Site (DLS) of a new ransomware cyber gang. This new actor called Linkc, was the author of a recent heist against H2O.ai. Their Data Leak Site-a minimalist page devoid of any further information-leaks only the essentials: a leak of sensitive data and source code belonging to a company specialising in artificial intelligence. A New Group, Familiar Methods? Even though Linkc appears to be a brand-new group, their operation follows the well-known double extortion model: What’s novel in this case is the site’s extreme

Ransomware Gangs weaponize Windows Defender Application Control (WDAC) to disable EDR products.

Alex Necula 13/01/2025

In the past days we saw that Ransomware Gangs use WDAC to disable EDR products. I have known this type of attack for a year when a guy posts a similar technique on Twitter, but this is the first time that was used in Ransomware Attacks. So, it’s time to explain how it works and how to check it. First, the WDAC is a feature of Microsoft that is very similar to App Locker. We need to download Application Control Wizard from Microsoft webpage. After we install it, we can open it and define the policy. Here we can do two things,

The Story Of Conti Ransomware – The Last Ceremony (Final Episode)

Alessio Stefan 08/01/2025

This is the last episode of “The Story Of Conti Ransomware” series, we would finally reach the decline of the group and what this means for the current ransomware landscape. In the previous article group we have approached operations made by law enforcement (mainly the FBI) and by some vigilantes which didn’t liked Conti’s political positions. Conti is not dead, it’s still living. The Moon – Dostoevsky’s De(a)mons The Conti leak showed the world how “normal” a RaaS group of this size could be with the same organization of a “legit” company. But there is a message which we didn’t analyzed in

Harley-Davidson Targeted by Cyber ​​Criminals: 888 Claims Data Breach

RHC Dark Lab 31/12/2024

Recently, a threat actor on an underground forum posted an alleged data breach. According to reports, the famous American company Harley-Davidson has been the victim of a data breach that has exposed thousands of sensitive information relating to its customers. At this time we cannot confirm the veracity of the news, as the organization has not yet released any official press release on its website regarding the incident. Therefore, this article should be considered as an “intelligence source”. Details of the alleged infringement According to the threat actor, the data breach would have taken place in December 2024 and would have exposed

FBI responds to threats and announcement of LockBit 4.0

Alessio Stefan 22/12/2024

In the last month of 2024, LockBit has been exodusively talked about. The prominent news is the long-awaited release of the 4.0 program of the most famous RaaS in the scene. After the entire Operation Cronos series, which does not seem to be over yet, LockBit has been put to the test with an unprecedented digital crime-fighting experience executed by an international task force. In this article we will expand on the very latest updates trying to take stock and comment on these early (partial) conclusions of a real attrition that will impact the future of digital security and crime. For those

Category