Beyond the kill chain: What cybercriminals do with their money (Part 2)
In the second of our five-part series, Sophos X-Ops investigates the so-called ‘white’ (legitimate) business interests of threat actors
Similar Posts
What Security Leaders Need to Know About AI Governance for SaaS
Bys sGenerative AI is not arriving with a bang, it’s slowly creeping into the software that companies already use on a daily basis. Whether it is video conferencing or CRM, vendors are scrambling to integrate AI copilots and assistants into their SaaS applications. Slack can now provide AI summaries of chat threads, Zoom can provide meeting…
New ‘Sneaky 2FA’ Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass
Bys sCybersecurity researchers have detailed a new adversary-in-the-middle (AitM) phishing kit that’s capable of Microsoft 365 accounts with an aim to steal credentials and two-factor authentication (2FA) codes since at least October 2024. The nascent phishing kit has been dubbed Sneaky 2FA by French cybersecurity company Sekoia, which detected it in the wild in December. Nearly…
Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
Bys sTushar Subhra Dutta reports: Russian Federal Security Service (FSB) officers have detained two hackers in Siberia who conducted cyberattacks on critical infrastructure facilities under direct orders from Ukrainian intelligence services. The simultaneous arrests in the Kemerovo and Tomsk regions exposed a sophisticated cyber espionage network targeting Russia’s governmental, industrial, and financial information systems. The primary suspect, a…
CISA Flags VMware Zero-Day Exploited by China-Linked Hackers in Active Attacks
Bys sThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Broadcom VMware Tools and VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8), which could be exploited by an attacker to…
Operation ENDGAME strikes again: the ransomware kill chain broken at its source
Bys sFrom Europol: Cybercriminals around the world have suffered a major disruption after law enforcement and judicial authorities, coordinated by Europol and Eurojust, dismantled key infrastructure behind the malware used to launch ransomware attacks. From 19 to 22 May, authorities took down some 300 servers worldwide, neutralised 650 domains, and issued international arrest warrants against 20…
N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto
Bys sThe North Korea-linked threat actor known as UNC4899 has been attributed to attacks targeting two different organizations by approaching their employees via LinkedIn and Telegram. “Under the guise of freelance opportunities for software development work, UNC4899 leveraged social engineering techniques to successfully convince the targeted employees to execute malicious Docker containers in their