The attackers target Turkish businesses with this ransomware campaign, distributing it via email addresses like Kurumsal[.]tasilat[@]internet[.]ru. The malware payload is hosted on a compromised GitHub account.

To ensure victims cannot recover encrypted files easily, the ransomware deletes the Volume Shadow Copy Service (VSS) and makes adjustments to the boot configuration to prevent errors upon restart.

Threat actors rapidly weaponize proof-of-concept exploits in real attacks, often within 22 minutes of their public release, as per Cloudflare’s 2024 Application Security report covering May 2023 to March 2024.

The deployment of BugSleep is a significant development in MuddyWater’s tactics, targeting various sectors with phishing emails leading to the distribution of Remote Management Tools and the BugSleep malware.

By targeting famous brands like tech firms and financial industry players, FIN7 actors deploy redirects, multi-stage phishing campaigns, and impersonate open directories to spread malware.

The malicious ad campaign employed advanced filtering techniques to evade detection and appeared as a top search result for Microsoft Teams. It redirected users through deceptive links despite displaying microsoft.com as its URL.

Vyacheslav Igorevich Penchukov, a criminal who used Zeus and IcedID malware to steal millions of dollars from victims, has been sentenced to almost a decade in prison and ordered to pay $73 million in restitution by a Nebraska federal court judge.

Netgear released firmware patches to fix stored XSS and authentication bypass flaws in the XR1000 Nighthawk gaming router and CAX30 Nighthawk AX6 6-Stream cable modem routers, respectively.