Beyond the kill chain: What cybercriminals do with their money (Part 2)
In the second of our five-part series, Sophos X-Ops investigates the so-called ‘white’ (legitimate) business interests of threat actors
Similar Posts
New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images
Bys sCybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan was discovered targeting both the mobile operating systems. The malware has been found to conceal itself within seemingly benign apps, such as enterprise messengers and food delivery services, while
LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds
Bys sThe encrypted vault backups stolen from the 2022 LastPass data breach have enabled bad actors to take advantage of weak master passwords to crack them open and drain cryptocurrency assets as recently as late 2025, according to new findings from TRM Labs. The blockchain intelligence firm said evidence points to the involvement of Russian cybercriminal…
ThreatsDay Bulletin: AI Tools in Malware, Botnets, GDI Flaws, Election Attacks & More
Bys sCybercrime has stopped being a problem of just the internet — it’s becoming a problem of the real world. Online scams now fund organized crime, hackers rent violence like a service, and even trusted apps or social platforms are turning into attack vectors. The result is a global system where every digital weakness can be…
How to Reduce Phishing Exposure Before It Turns into Business Disruption
Bys sWhat happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click? That is the gap many SOCs still struggle with: the attacks that leave teams unsure what was exposed, who else was targeted, and how far the risk has spread. Early phishing detection…
54 EDR Killers Use BYOVD to Exploit 34 Signed Vulnerable Drivers and Disable Security
Bys sA new analysis of endpoint detection and response (EDR) killers has revealed that 54 of them leverage a technique known as bring your own vulnerable driver (BYOVD) by abusing a total of 34 vulnerable drivers. EDR killer programs have been a common presence in ransomware intrusions as they offer a way for affiliates to neutralize…
Updating: Two Telegram channels and two accounts banned, one bounty offered, and BreachForums goes down
Bys sIf you were glued to a Telegram channel the other day watching people associated with ShinyHunters, Scattered Spider, and Lapsu$ leak data and rant about Mandiant, the NCA, the FBI, and demand that some arrested folks be set free, then you might want to think of yesterday and today as the next episode to the……