Red Hot Cyber, il blog italiano sulla sicurezza informatica
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Italian Spanish
Search
320×100
TM RedHotCyber 970x120 042543

Tag: Threat Actors

RHC interviews ShinyHunters: “Systems can be repaired, but people remain vulnerable!”

RHC Dark Lab 17/09/2025

ShinyHunters is a group of threat actors that gained notoriety after the massive data breach against Salesforce, an incident that led Google to closely monitor them and assign them the code name UNC6240. The Salesforce breach would allow attackers to gain easy access to a large number of companies in a wide range of industries. In recent days, many companies have shared official statements about the breaches they have suffered, but many others have not yet made any public statements. The group recently gained notoriety after a massive data breach targeting Salesforce, an incident that prompted Google to closely monitor them and

Xi Jinping and the Chinese APT’s Ambition

Alessio Stefan 08/09/2025

The post-COVID macro political movements, including ongoing conflicts, have prompted a majority of states to shift their medium- to long-term political objectives. Clearly, a paradigm shift has been very common in the war sector, with Europe attempting to shift some of its member states’ resources, and the United States increasingly adopting a highly protectionist economic stance, using tariffs as a means of reducing trade deficits with key countries, including China. INTRO – The Silence of the Dragons The recent decisions taken by POTUS Donald Trump regarding the Chinese economic entity are nothing more than the continuation of decisions taken in the first

RHC interviews Sector16, one of the most active hacktivist groups of 2025. “Let’s destroy the present for a better future”

RHC Dark Lab 11/07/2025

In recent months, two disturbing episodes have shaken public opinion and the Italian cybersecurity sector. The first concerned an Italian hospital, violated in its most sensitive heart: videos of patients and operating rooms ended up online, exposing not only the inadequacy of protection systems, but also the vulnerability of our own digital humanity. Other episodes, we have seen them hit the SCADA systems of hotels and other infrastructure, where full access to critical facilities has been obtained by two groups: Overflame and Sector16. The latter, Sector16, are the subject of our exclusive interview. A name that until recently was known only among

What was the first ransomware in history? Discovering Trojan AIDS

Redazione RHC 09/07/2025

We often talk about ransomware on Red Hot Cyber and criminal cyber gangs. But who invented this dangerous cyber blackmail “weapon”? Today, ransomware attacks have become familiar to most people, especially given the escalation in recent years that has targeted Italian hospitals and critical infrastructure, such as the Colonial Pipeline of the United States of America. The first ransomware in history While today ransomware attacks occur through malware injected into systems from a phishing email or a malicious exposure of a company’s administrative tools (as we saw in the article on Ransomware as a Service), the first ransomware in history was distributed

What is ransomware? Let’s explore how RaaS works and what it means.

Redazione RHC 09/07/2025

Many people often want to understand the ransomware phenomenon precisely, its meaning, the methods of violation, and the crime that revolves around it, struggling to find information scattered across thousands of articles. This article aims to answer all these questions, providing a comprehensive, yet simple, guide to understanding this phenomenon as a whole. On the pages of every newspaper, we hear about huge cyber breaches, million-dollar ransoms, cyber gangs, RaaS, and cyber warfare. These are all words that can be very confusing for people who aren’t specialized in cyber security. With this article we want to explain what ransomware is, how the

North Korean Hackers on the Payroll: How Companies Paid Salaries to North Korean IT Specialists

Redazione RHC 02/07/2025

The US Department of Justice has announced the discovery ofa large-scale scheme in which fake IT specialists from the DPRK obtained jobs at American companies by posing as citizens of other countries. In fact, we at Red Hot Cyber have been talking about it for some time now that many companies were hiring North Korean employees, who were also interviewing for jobs through deepfake systems. North Korean programmers have reportedly obtained jobs at over 100 US companies using fake or stolen identities. In addition to the salary, they stole classified information and transferred it to Pyongyang’s servers. They were also interested in

The Race to 0day! China Advances in Offensive Cyberpower, While the US Is Forced to Chase

Redazione RHC 30/06/2025

China’s growing rise has prompted U.S. officials to strongly emphasize the need to improve its offensive cyber capabilities. However, some doubts remain about the ability to meet the challenge, given the heavy dependence on foreign suppliers and the lack of adequate cyber skills at the domestic level, which could negatively impact the availability of resources and manpower. Industry experts point out that China has now converted the East Asian security ecosystem into a unique opportunity for itself. Since 2016, Beijing has embarked on a strategy of purchasing and acquiring unique hacking tools, intended for military and intelligence purposes, precluding the United States

Critical Vulnerabilities Discovered in Hundreds of Brother and Other Printers

Redazione RHC 27/06/2025

Hundreds of printer models from Brother and other manufacturers (Fujifilm, Toshiba, Ricoh and Konica Minolta) have been found to be vulnerable to serious vulnerabilities discovered by researchers at Rapid7. For example, the printers come with a default administrator password that can be generated by remote attackers. In total, experts have identified eight different issues in Brother printers: CVE Description What does it affect? CVSS CVE-2024-51977 An unauthenticated attacker can cause the leak of sensitive information. HTTP (port 80), HTTPS (port 443), IPP (port 631) 5.3 points CVE-2024-51978 An unauthenticated attacker can generate a default password for the administrator. HTTP (port 80), HTTPS

Citrix: New Critical Vulnerability from 9.2 Affects NetScaler – Attacks Underway!

Redazione RHC 26/06/2025

Citrix has reported a new critical vulnerability in its NetScaler appliances, already actively exploited by attackers. The problem is identified with the identifier CVE-2025-6543 and affects the popular NetScaler ADC and NetScaler Gateway solutions used by companies for remote access and network perimeter protection. As reported in the official note from Citrix, exploits for this vulnerability have already been observed in real attacks. CVE-2025-6543 (CVSS score: 9.2) allows a remote, unauthenticated special request to be sent, resulting in device malfunction and unavailable operation. In particular, this isa complete disruption that can paralyze the functioning of the company’s infrastructure. The vulnerability affects versions of

Fox Kitten and Br0k3r: The Iranian Cyber Contractor Collaborating with Ransomware Gangs

Redazione RHC 26/06/2025

We continue our series of articles on IABs by writing about an Iranian cyber contractor that not only works as an initial access broker but also provides support to ransomware gangs to fill their and their own pockets with money. In a CISA report published in August 2024, CISA, the FBI and the DoD Cyber Crimes Division say that an Iranian group known as “Pioneer Kitten”, “Fox Kitten”, “UNC757”, “Parisite”, “RUBIDIUM” or “Lemon Sandstorm” has been successful in cyber crime by selling access to hackable corporate networks. The group has also operated under other names such as “Br0k3r” and “xplfinder” and has

Category