Red Hot Cyber, il blog italiano sulla sicurezza informatica
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Italian Spanish
Search
2nd Edition GlitchZone RHC 320x100 2
Enterprise BusinessLog 970x120 1

Tag: cybercrime

Stormous claims an attack on NASA

Pietro Melillo 09/10/2024

In recent years, the landscape of cyber threats has been dominated by increasingly sophisticated ransomware groups. Among them, the ransomware group Stormous has gained notoriety for targeting high-profile organizations, including government entities and technology companies. On October 5, 2024, information concerning NASA and AOSense, an American startup that develops sensors based on quantum technologies, appeared on Stormous’ data leak site. These pieces of information, labeled as “victims” by the group, have not yet been officially confirmed by either NASA or AOSense but represent an important source of intelligence to be analyzed. The Stormous Ransomware Group Stormous is a cybercriminal group known for

The Story Of Conti Ransomware – Origins and Evolution of the RaaS Model (Episode 1)

Alessio Stefan 30/09/2024

Ransomware, a malware designed to encrypt data making them restorable only with the use of a private key. Relatively simple math is all that threat actors out there needs to disrupt networks around the globe, once lock out you can get your plain data back just in one way : cripto payment. The real first Ransomware ever discovered was made by Joseph L. Popp Jr. with his malware called AIDS. Isolated in 1989, the program was stored inside a Floppy Disk with the label “AIDS Information Introductory”, sent in the email of 20,000 of WHO conference in Stockholm. Once opened the C:

RHC Interviews Lynx Ransomware. The cyber-gang offering Pentest services ensuring privacy

RHC Dark Lab 23/09/2024

In July 2024, the Lynx group burst into the RaaS world, which from the outset demonstrated above-average aggressiveness and success in attacks with a total of 22 victims featured on their Data Leak Site (also available in the clearnet). Lynx’s victim categories are mainly Construction (ex:/ Miller Boskus Lack Architects and True Blue Environmental), Finance (ex:/ Pyle Group) and Hotel (ex:/ Warwick Hotels & Resorts andRiverside Resort Hotel & Casino). Lynx performs double extortion techniques and a high frequency of attacks in the U.S. but also in the UK, Canada, and Australia. The group describes their activities as exclusively “financially motivated” and

RHC interviews Qilin Ransomware! “Let’s play fair and wait for a worthy opponent on the field”

RHC Dark Lab 19/09/2024

Qilin (from Chinese :麒麟) is a legendary creature that appears in Chinese mythology and is said to appear with the imminent arrival or demise of a sage or illustrious ruler. The Qilin ransomware is a prime example of the growing complexity of cyber threats. Discovered in 2022, Qilin immediately attracted attention for its ability to target critical sectors such as healthcare and education, particularly in the regions of Africa and Asia. Written in Rust and C, Qilin offers an unprecedented level of customisation that sets it apart from most other ransomware. The operators behind this threat can change the extension of encrypted

RipperSec claims DDoS attack on Ferrari

Inva Malaj 11/08/2024

Recently the Hacktivist Group “RipperSec” claimed to have attacked Ferrari’s global site in the name of justice for Palestine. The hacktivist group known as ‘RipperSec’ claimed responsibility for a DDoS (Distributed Denial of Service) attack that put Ferrari’s global website partially out of service for a short time. In a post shared on social media, the group published a screenshot showing Ferrari’s site with a 500 error, highlighting the success of their attack. Currently, however, the site appears to be back online. The message from “RipperSec” is not only limited to claiming the attack, but also includes a strong political message, “Open

Echelon Stealer: The Open Source Malware

Pietro Melillo 31/07/2024

Echelon Stealer is an infostealer malware that was first discovered in 2018 and is still active. Currently shared as an open-source tool on GitHub, Echelon Stealer offers various advanced features for extracting sensitive data. Despite being presented as an educational project, its potential for malicious use is significant. What is an Infostealer? An infostealer is a type of malware specifically designed to steal sensitive information from infected devices. These malware can gather a wide range of data, including: Infostealers are often distributed through phishing campaigns, malicious email attachments, compromised software downloads, and other social engineering techniques. Once installed, the infostealer collects data

Ferrari avoids deepfake scam! An executive unmasks the CEO’s fake audio messages

Redazione RHC 29/07/2024

In an incident earlier this month, a Ferrari executive found himself receiving unusual messages that appeared to come from the company’s CEO, Benedetto Vigna. The messages came via WhatsApp, owned by Meta Inc. and suggested that a major acquisition was underway and that the executive’s assistance was needed. The messages from Vigna had a different phone number and profile picture than usual. Despite the convincing image of the CEO wearing glasses in front of the Ferrari prancing horse logo, the executive became suspicious. One message urged, ‘Be ready to sign the confidentiality agreement that our lawyer will send you as soon as

The Ransomware Group Ransomexx Claims Attack on Liteon

Pietro Melillo 26/07/2024

On July 26, 2024, the ransomware group Ransomexx publicly claimed responsibility for an attack against Liteon, a giant in the electronic components sector. This attack is further evidence of the growing threat that cybercriminals pose to large companies. Below, we examine the details of the attack, its consequences, and the measures that companies can take to defend themselves against similar threats. Who is Liteon? Liteon Technology Corporation, based in Taiwan, is a world leader in the production of a wide range of electronic components. Founded in 1975, Liteon specializes in the development and manufacturing of optoelectronic devices, storage devices, and other electronic

A Threat Actors Posts Update on Luxottica’s 2021 Data Breach

Redazione RHC 25/07/2024

Recently, a threat actor in a clandestine forum posted an update on the 2021 data breach concerning the giant Luxottica, one of the world’s largest eyewear companies. According to the post, the breach allegedly exposed extensive personal information of millions of individuals. This article explores the details of the alleged breach based on information provided by the threat actor. At this time, we cannot confirm the veracity of the news, as the organization has not yet issued any official press release on its website regarding the incident. Therefore, this article should be considered an ‘intelligence source.’ Details of the Alleged Breach According

RHC interviews RADAR and DISPOSSESSOR: “When it comes to security, the best defense is a good offense.”

RHC Dark Lab 25/07/2024

In our usual underground analysis activities, we came into contact with the cyber gang DISPOSSESSOR, which came to attention in February 2024 in the cyber threat landscape. Accessing their Data Leak Site (DLS) one immediately realizes a strong resemblance to that of the well-known cyber-gang LockBit, and even the number of views of individual posts, taking into account that it is a blog in the onion network, has nothing to envy the elite cyber-gang. This profound similarity suggests a possible reorganization by affiliates of the world’s longest-running cybergang, LockBit, in part because of the two Cronos operations, which saw law enforcement break

Category