Beyond the kill chain: What cybercriminals do with their money (Part 1)
Sophos X-Ops investigates what financially motivated threat actors invest their ill-gotten profits in, once the dust has settled
Similar Posts
Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests’ Payment Data
Bys sA Russian-speaking threat behind an ongoing, mass phishing campaign has registered more than 4,300 domain names since the start of the year. The activity, per Netcraft security researcher Andrew Brandt, is designed to target customers of the hospitality industry, specifically hotel guests who may have travel reservations with spam emails. The campaign is said to…
No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news
Bys sKudos to Lawrence Abrams and Bleeping Computer for calling out Cybernews’ misleading reporting. News broke today of a “mother of all breaches,” sparking wide media coverage filled with warnings and fear-mongering. However, it appears to be a compilation of previously leaked credentials stolen by infostealers, exposed in data breaches, and via credential stuffing attacks. To be…
Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files
Bys sA now patched security vulnerability in Zimbra Collaboration was exploited as a zero-day earlier this year in cyber attacks targeting the Brazilian military. Tracked as CVE-2025-27915 (CVSS score: 5.4), the vulnerability is a stored cross-site scripting (XSS) vulnerability in the Classic Web Client that arises as a result of insufficient sanitization of HTML content in…
Hospital El Cruce takes its website offline following a severe cyberattack
Bys sSuspectFile reports: A severe blow to Argentina’s public healthcare system has been dealt by the ransomware group Medusa, which, in recent days, through one of its affiliates, carried out a significant attack on the IT networks of the Hospital de Alta Complejidad El Cruce “Néstor Kirchner” (Hospital El Cruce), located in Florencio Varela, Buenos Aires…
Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends
Bys sThe elusive Iranian threat group known as Infy (aka Prince of Persia) has evolved its tactics as part of efforts to hide its tracks, even as it readied new command-and-control (C2) infrastructure coinciding with the end of the widespread internet blackout the regime imposed at the start of the month. “The threat actor stopped maintaining…
APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures
Bys sThe Russian state-sponsored threat actor known as APT29 has been linked to an advanced phishing campaign that’s targeting diplomatic entities across Europe with a new variant of WINELOADER and a previously unreported malware loader codenamed GRAPELOADER. “While the improved WINELOADER variant is still a modular backdoor used in later stages, GRAPELOADER is a newly observed…