Beyond the kill chain: What cybercriminals do with their money (Part 1)
Sophos X-Ops investigates what financially motivated threat actors invest their ill-gotten profits in, once the dust has settled
Similar Posts
Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages
Bys sThreat actors have been observed leveraging the deceptive social engineering tactic known as ClickFix to deploy a versatile backdoor codenamed CORNFLAKE.V3. Google-owned Mandiant described the activity, which it tracks as UNC5518, as part of an access-as-a-service scheme that employs fake CAPTCHA pages as lures to trick users into providing initial access to their systems, which…
Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign
Bys sAn ongoing campaign has been observed targeting Amazon Web Services (AWS) customers using compromised Identity and Access Management (IAM) credentials to enable cryptocurrency mining. The activity, first detected by Amazon’s GuardDuty managed threat detection service and its automated security monitoring systems on November 2, 2025, employs never-before-seen persistence techniques to hamper
Android Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at Scale
Bys sThreat actors have been observed leveraging malicious dropper apps masquerading as legitimate applications to deliver an Android SMS stealer dubbed Wonderland in mobile attacks targeting users in Uzbekistan. “Previously, users received ‘pure’ Trojan APKs that acted as malware immediately upon installation,” Group-IB said in an analysis published last week. “Now, adversaries increasingly deploy
Tech Overtakes Gaming as Top DDoS Attack Target, New Gcore Radar Report Finds
Bys sThe latest Gcore Radar report analyzing attack data from Q1–Q2 2025, reveals a 41% year-on-year increase in total attack volume. The largest attack peaked at 2.2 Tbps, surpassing the 2 Tbps record in late 2024. Attacks are growing not only in scale but in sophistication, with longer durations, multi-layered strategies, and a shift in target…
Australian national known as “DR32” sentenced in U.S. federal court
Bys sIn a somewhat surpising turn of events, the Australian hacker known as “DR32” learned his sentence in a Colorado federal court this week. It was not the sentence most people might have expected. David Kee Crees, a 26 year-old Australian, who had also been known online as “Abdilo,” “Notavirus,” “Surivaton”, and “Grey Hat Mafia’s Bitch,”…
The day after XSS.is forum was seized, it struggles to come back online — but is it really them?
Bys sEver since law enforcement announced the arrest of an administrator of the XSS.is forum, forum members watched threads disappear from the site, and then a seizure notice splash screen appeared. No administrator or moderator had made any statement about the arrest or situation despite pleas from forum members for some clarification, and attempts to discuss…