Red Hot Cyber, il blog italiano sulla sicurezza informatica
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Italian Spanish
Search
Banner Mobile
970x120

Tag: dark web

Cloudflare Mitigates 7.3 Terabits Per Second Attack. Imagine 9350 HD Movies Downloaded in 45 Seconds

Redazione RHC 23/06/2025

In mid-May 2025, Cloudflare blocked the largest DDoS attack ever recorded: 7.3 terabits per second (Tbps). This event comes shortly after the release of the DDoS Threat Report for Q1 2025 on April 27, 2025, which highlighted attacks reaching 6.5 Tbps and 4.8 billion packets per second (pps). 37.4 terabytes isn’t a huge number by today’s standards, but downloading 37.4 terabytes in just 45 seconds is. That’s the equivalent of flooding the internet with over 9,350 HD movies or streaming 7,480 hours of uninterrupted high-definition video (nearly a year’s worth of back-to-back TV binge-watching) in just 45 seconds. If it were music,

Your VPN is a Trojan! Here are 17 Free Apps Made in China That Spy on You While Google and Apple Get Fat

Redazione RHC 23/06/2025

“If you don’t pay for the service, you are the product. This is true for social networks, but also for free VPNs: your data, your privacy, is often the real price to pay. Researchers at the Tech Transparency Projecthave reported that at least 17 free VPN apps with alleged ties to China are still available in the US versions of the Apple and Google stores, and big tech companies are managing to make money from these apps despite the risks to user privacy. The first investigation by TTP surfaced in April, revealing that the data of millions of users from more than two

RHC GhostSec interview: hacktivism in the shadows of terrorism and cyber conflict

RHC Dark Lab 12/06/2025

Ghost Security, also known as GhostSec, is a hacktivist group which emerged in the context of the cyber war against Islamic extremism. The first actions of the group date back to the aftermath of the attack on the Charlie Hebdo newsroom, January 2015. It is considered an offshoot of the Anonymous collective, from which it later partially broke away. GhostSec became known for its digital offensives against websites, social accounts and online infrastructure used by ISIS to spread propaganda and coordinate terrorist activities. The group claimed to have shut down hundreds of ISIS-affiliated accounts and helped thwart potential terrorist attacks by actively

Group-IB contributes to INTERPOL’s Operation Secure, leading to the arrest of 32 suspects linked to information stealer malware in Asia

Redazione RHC 11/06/2025

[Singapore; 11 June, 2025] Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, announced today that it has contributed to INTERPOL’s “Operation Secure”, which took down the infrastructure linked to information stealers (infostealers) in Asia that claimed more than 216,000 potential victims. The operation, which was conducted from January to April 2025, resulted in the arrest of 32 suspects, taking down more than 20,000 malicious IP addresses and domains, and the seizure of 41 servers containing over 100GB of data that were linked to the cybercriminal activities. During the course of Operation Secure, Group-IB’s Threat Intelligence team

RHC Interviews NOVA Ransomware – “Expect Dangerous Attacks. No One Is Safe.” | BLACKVIEW Series

RHC Dark Lab 02/06/2025

On May 10, 2025, the City of Pisa suffered a ransomware attack within their computer systems. The next day Nova claimed the attack and on the 21st of the same month threatened to publish 2TB of data stolen from the municipality’s servers. Nova RaaS appeared the first time in the April 2025 period making itself known for its direct and humiliating public communications to victims. From their DLS there does not appear to be a particular focus on specific sectors or states. Nova revamped predecessor RaLord by even going so far as to create a customized chat system for communications with their

Apple in the crosshairs: alleged data breach of the Cupertino giant published on XSS

Redazione RHC 14/05/2025

May 14, 2025 – In the early hours of this morning, an alarming post appeared on the Russian underground forum XSS , known to be a leading showcase for the buying and selling of compromised data: the Machine1337 group claimed responsibility for an alleged breach of Apple.com’s internal systems. The post, accompanied by the logo of the famous company and signed “Breached by Machine1337”, indicates that in February 2025 Apple would have been the victim of a data breach that would have led to the exposure of internal tools. According to what was declared by the malicious actor, 3,000 files were stolen, offered in samples with a download link. The entire package is put on

VanHelsing RaaS: An Expanding Ransomware-as-a-Service Model

Pietro Melillo 22/03/2025

The ransomware threat landscape is constantly evolving, with increasingly structured groups adopting sophisticated strategies to maximize profits. VanHelsing is a new player positioning itself in the Ransomware-as-a-Service (RaaS) market, a model that enables even cybercriminals with limited expertise to conduct advanced attacks using an automated platform. Following the February 23, 2025 announcement on an underground forum regarding the VanHelsing RaaS affiliate program, the ransomware group has officially published its first possible victim on its Data Leak Site (DLS). Less than a month after its launch, the appearance of the first compromised organization confirms that VanHelsing is now actively operating. Although the DLS

Babuk Locker 2.0: The New Ransomware Affiliate Program

Pietro Melillo 13/03/2025

Babuk, one of the most notorious ransomware groups in cybercrime, has launched the Babuk Locker 2.0 Affiliate Program 2025, an affiliate program for skilled hackers looking to profit from ransomware attacks. This program, published on their data leak site, introduces new advanced features and a more structured model for those wishing to join their criminal network. How the Program Works Babuk Locker 2.0 accepts affiliates from all over the world, regardless of language or origin, provided they have experience in penetration testing and compromising IT systems. Their goal is clear: maximize profits through targeted attacks and manage ransom payments more efficiently. The

NightSpire: A New Player in the Ransomware Landscape

Pietro Melillo 12/03/2025

During our reconnaissance into the underground world and criminal groups conducted by Red Hot Cyber’s threat intelligence laboratory DarkLab, we stumbled upon a Data Leak Site of a cyber gang never monitored before: NightSpire. NightSpire is a new ransomware group that has recently emerged on the cybercrime scene. Although no previous information is available about this actor, an analysis of their data leak site (DLS) and their communication provides some key insights into their strategy and operational methods. The group portrays itself as an unstoppable threat to businesses and promises to exploit every vulnerability to their advantage. Below, we analyze the details

Akira Ransomware: The New Threat Using Webcams as Entry Points

Pietro Melillo 07/03/2025

Akira represents one of the most recent ransomware threats capable of bypassing traditional organizational defense mechanisms. A recent case analyzed by the S-RM team highlighted how this group leveraged an unprotected webcam to deploy its payload, evading the defenses of an Endpoint Detection and Response (EDR) system. The Initial Modus Operandi The attack began with the compromise of the victim’s network through an internet-exposed remote access solution. Once inside, Akira deployed AnyDesk.exe, a remote management tool, to maintain control over the environment and proceed with data exfiltration. During the later stages of the attack, the attackers used the Remote Desktop Protocol (RDP)

Category