#initial-access-broker

[ follow ]
#ransomware #cybersecurity #fileless-powershell #dll-side-loading #domain-spoofing #yanluowang #restitution
fromThe Hacker News
4 days ago

Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading

The threat actor known as Storm-0249 is likely shifting from its role as an initial access broker to adopt a combination of more advanced tactics like domain spoofing, DLL side-loading, and fileless PowerShell execution to facilitate ransomware attacks. "These methods allow them to bypass defenses, infiltrate networks, maintain persistence, and operate undetected, raising serious concerns for security teams," ReliaQuest said in a report shared with The Hacker News.
Information security
Information security
fromTheregister
1 month ago

Russian broker pleads guilty to assisting US cyberattacks

Aleksei Volkov, a 25-year-old Russian initial access broker tied to Yanluowang, pleaded guilty and faces years in US prison for facilitating multiple ransomware attacks.
Information security
fromThe Hacker News
5 months ago

Gold Melody IAB Exploits Exposed ASP.NET Machine Keys for Unauthorized Access to Targets

Gold Melody exploits leaked ASP.NET machine keys to gain unauthorized access to organizations and sells that access to other threat actors.
Marketing tech
fromThe Hacker News
7 months ago

ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion

ToyMaker, an initial access broker, provides access to ransomware gangs like CACTUS using a custom malware, LAGTOY, for exploiting vulnerabilities.
[ Load more ]