Beyond the kill chain: What cybercriminals do with their money (Part 3)
In the third of our five-part series, Sophos X-Ops explores the more legally and ethically dubious business interests of financially motivated threat actors
Similar Posts
In Secret Meeting, China Acknowledged Role in U.S. Infrastructure Hacks
Bys sDustin Volz reports: Chinese officials acknowledged in a secret December meeting that Beijing was behind a widespread series of alarming cyberattacks on U.S. infrastructure, according to people familiar with the matter, underscoring how hostilities between the two superpowers are continuing to escalate. The Chinese delegation linked years of intrusions into computer networks at U.S. ports,…
An industry first: Sophos Firewall and NDR Essentials
Bys sSophos Firewall is once again pioneering new innovations.
Android Hit by 0-Click RCE Vulnerability in Core System Component
Bys sDivya reports: Google has released an urgent security alert addressing a critical remote code execution vulnerability affecting Android devices worldwide. The vulnerability, tracked as CVE-2025-48593, exists in Android’s System component and requires no user interaction for exploitation, making it an exceptionally dangerous threat. The flaw affects Android versions 13 through 16 and demands immediate attention from device……
DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack
Bys sMultiple threat activity clusters with ties to North Korea (aka Democratic People’s Republic of Korea or DPRK) have been linked to attacks targeting organizations and individuals in the Web3 and cryptocurrency space. “The focus on Web3 and cryptocurrency appears to be primarily financially motivated due to the heavy sanctions that have been placed on North…
DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea
Bys sThreat actors likely associated with the Democratic People’s Republic of Korea (DPRK) have been observed using GitHub as command-and-control (C2) infrastructure in multi-stage attacks targeting organizations in South Korea. The attack chain, per Fortinet FortiGuard Labs, involves obfuscated Windows shortcut (LNK) files acting as the starting point to drop a decoy PDF
Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence
Bys sA critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even after a password change. The flaw, assigned the CVE identifier CVE-2025-24859, carries a CVSS score of 10.0, indicating maximum severity. It affects all versions of Roller up to and…