Beyond the kill chain: What cybercriminals do with their money (Part 4)
In the fourth of our five-part series, Sophos X-Ops explores threat actors’ real-world criminal business interests
Similar Posts
Ransomware Targets ESXi Systems via Stealthy SSH Tunnels for C2 Operations
Bys sCybersecurity researchers have found that ransomware attacks targeting ESXi systems are also leveraging the access to repurpose the appliances as a conduit to tunnel traffic to command-and-control (C2) infrastructure and stay under the radar. “ESXi appliances, which are unmonitored, are increasingly exploited as a persistence mechanism and gateway to access corporate networks widely,” Sygnia
DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects
Bys sThreat actors have been observed targeting Internet Information Services (IIS) servers in Asia as part of a search engine optimization (SEO) manipulation campaign designed to install BadIIS malware. “It is likely that the campaign is financially motivated since redirecting users to illegal gambling websites shows that attackers deploy BadIIS for profit,” Trend Micro researchers Ted…
Vane Viper Generates 1 Trillion DNS Queries to Power Global Malware and Ad Fraud Network
Bys sThe threat actor known as Vane Viper has been outed as a purveyor of malicious ad technology (adtech), while relying on a tangled web of shell companies and opaque ownership structures to deliberately evade responsibility. “Vane Viper has provided core infrastructure in widespread malvertising, ad fraud, and cyberthreat proliferation for at least a decade,” Infoblox…
⚡ Weekly Recap: Zero-Day Exploits, Insider Threats, APT Targeting, Botnets and More
Bys sCybersecurity leaders aren’t just dealing with attacks—they’re also protecting trust, keeping systems running, and maintaining their organization’s reputation. This week’s developments highlight a bigger issue: as we rely more on digital tools, hidden weaknesses can quietly grow. Just fixing problems isn’t enough anymore—resilience needs to be built into everything from the ground up.
Khalil Center’s impressively rapid incident response
HHS’s public breach tool added a listing today that was submitted by the Khalil Foundation (DBA Khalil Center). The center describes itself as a psychological and spiritual community wellness center advancing the professional practice of psychology rooted in Islamic principles. They are covered by HIPAA. On December 22, they notified HHS that 1153 individuals had…
Courts Are Still Willing To Dismiss Data Breach Lawsuits for Lack of Standing
Bys sRaika Casey and Alexis Opper of BakerHostetler write: In data breach litigation, courts generally find plaintiffs have standing such that their complaints may proceed past the pleading stage when it is alleged that sensitive information was impacted and there is an allegation of dark web exposure, misuse or fraud. However, a few courts have recently…