Contact
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search
LECS 320x100 1
LECS 970x120 1

Tag: dark web

RHC DarkLab Interview Stormous Ransomware. Between history, ideology, techniques and tactics

Redazione RHC 24/11/2024

The Stormous group represents a significant threat in the ransomware landscape: it has an established reputation for its targeted attacks and its overtly pro-Russian ideology. The group may have started operating in mid-2021, later becoming known for its aggressive presence on Telegram, its geopolitical motivations and its philosophy of attacking organisations perceived to be hostile to Russia, to which it declared its support, subsequently targeting the organisations of countries considered to be enemies, destabilising their organisations These include the United States, Western countries, India and Ukraine from 2022. However, their attacks in this way not only compromise the victims’ systems, but also

How Threat Actor make EDR’s harmless with a reboot

Alex Necula 22/11/2024

I became aware of this technique like 9 months ago, and now I see this on a attack in the wild conducted by Qilin Ransomware Gang, so it’s time to make it public. One of the most important security things in EDR’s is the possibility to intercept calls to the kernel. For this purpose, EDR’s vendors use MiniFilter Drivers that load on boot. But what happens when these drivers are forced disabled by attacker? The attacker can peacefully make kernel calls without being intercepted by EDR’s. When the Windows load a MiniFilter Driver , there is a order to load them ,

The Story Of Conti Ransomware – The War Within (Episode 2)

Alessio Stefan 22/11/2024

This is a continuation of the Conti story. You can read the previous part, which covered the group’s origins, in the previous article. We will now explore the internal components of the group and how their own ecosystem began to collapse. Wizard Spider is still full of surprises and in this episode we will unravel the most proibhited ones The Fool – Trick or Treat Mid-2021, Conti is dominating the headlines with consistent attacks and gaining ransoms from victims. The RaaS operation has been a big deal in the ecosystem, attracting the attention of everyone involved, including victims, affiliates, and law enforcement

IntelBroker Claims Tesla Charging Database Breach

Redazione RHC 20/11/2024

Recently, the threat actor known as IntelBroker , posted an alleged data breach. The post, which appeared on the BreachForums platform, claims that Tesla’s charging station database has been compromised and made available for download. At this time we cannot confirm the veracity of the news, as the organization has not yet released any official press release on its website regarding the incident. Therefore, this article should be considered as an “intelligence source”. Introduction on the violation The post, published on BreachForums, revealed that the Tesla charging station database has been made available for download. According to the announcement, the database contains approximately 116,000 records

IBM Hacked? Threat Actor ‘888’ Reveals Thousands of Employees’ Data Leak!

Luca Galuppi 31/10/2024

Recently, the notorious Threat Actor, identified by the nickname 888 , claimed to have breached IBM systems and stolen personal data belonging to the company’s employees. The leak, dated October 2024, allegedly resulted in the compromise of approximately 17,500 rows of data. At this time, we cannot confirm the veracity of the news, as the organization has not yet released any official press release on its website regarding the incident. Therefore, this article should be considered as ‘intelligence source’. Details of the Breach According to 888, the breach resulted in the data of approximately 17,500 individuals being compromised. The exfiltrated information is said to contain: names, mobile phone numbers, and international area

The Story Of Conti Ransomware – Origins and Evolution of the RaaS Model (Episode 1)

Alessio Stefan 30/09/2024

Ransomware, a malware designed to encrypt data making them restorable only with the use of a private key. Relatively simple math is all that threat actors out there needs to disrupt networks around the globe, once lock out you can get your plain data back just in one way : cripto payment. The real first Ransomware ever discovered was made by Joseph L. Popp Jr. with his malware called AIDS. Isolated in 1989, the program was stored inside a Floppy Disk with the label “AIDS Information Introductory”, sent in the email of 20,000 of WHO conference in Stockholm. Once opened the C:

Alleged SpaceX Database Breach Published on BreachForums

Pietro Melillo 21/09/2024

A recent post on a dark web forum has caught the attention of the international cybersecurity community. A user, identified by the nickname l33tfg, claimed to have published a supposed data leak from SpaceX, the aerospace company owned by Elon Musk. According to the post, the breach allegedly contains sensitive data including emails, password hashes, phone numbers, hosts, and IP addresses. While the news has not yet been officially confirmed by SpaceX or other verified sources, the incident could pose a serious threat to the organization and the security of its corporate data. Attack Overview: Attacker Profile and Motivations The post, dated

WhiteHouse.gov Data Breach: Threat Actors Leak Sensitive Information!

Redazione RHC 21/09/2024

Recently, a threat actor on a dark web forum has posted a claim regarding an alleged data breach involving WhiteHouse.gov. The post, made by a user named “l33tfg,” asserts that sensitive information from the White House’s official website has been leaked. According to the post, the data includes emails, names, phone numbers, hashes, and IP addresses. At the moment, we cannot confirm the veracity of this claim, as the organization has yet to release any official statement on its website regarding the incident. Therefore, this article should be considered as a source of intelligence. Details of the Alleged Breach In the forum

RHC interviews Qilin Ransomware! “Let’s play fair and wait for a worthy opponent on the field”

RHC Dark Lab 19/09/2024

Qilin (from Chinese :麒麟) is a legendary creature that appears in Chinese mythology and is said to appear with the imminent arrival or demise of a sage or illustrious ruler. The Qilin ransomware is a prime example of the growing complexity of cyber threats. Discovered in 2022, Qilin immediately attracted attention for its ability to target critical sectors such as healthcare and education, particularly in the regions of Africa and Asia. Written in Rust and C, Qilin offers an unprecedented level of customisation that sets it apart from most other ransomware. The operators behind this threat can change the extension of encrypted

A Threat Actors Posts Update on Luxottica’s 2021 Data Breach

Redazione RHC 25/07/2024

Recently, a threat actor in a clandestine forum posted an update on the 2021 data breach concerning the giant Luxottica, one of the world’s largest eyewear companies. According to the post, the breach allegedly exposed extensive personal information of millions of individuals. This article explores the details of the alleged breach based on information provided by the threat actor. At this time, we cannot confirm the veracity of the news, as the organization has not yet issued any official press release on its website regarding the incident. Therefore, this article should be considered an ‘intelligence source.’ Details of the Alleged Breach According

Category