The cybercrime group known as SEXi ransomware, now operating as APT Inc., has been targeting organizations since February. They use a leaked Babuk encryptor for VMware ESXi servers and LockBit 3 encryptor for Windows servers.

Phishing campaigns are utilizing three different URL protection services to disguise phishing URLs and trick victims into giving up their credentials. These attacks have targeted numerous companies already.

The attackers target Turkish businesses with this ransomware campaign, distributing it via email addresses like Kurumsal[.]tasilat[@]internet[.]ru. The malware payload is hosted on a compromised GitHub account.

To ensure victims cannot recover encrypted files easily, the ransomware deletes the Volume Shadow Copy Service (VSS) and makes adjustments to the boot configuration to prevent errors upon restart.

Threat actors rapidly weaponize proof-of-concept exploits in real attacks, often within 22 minutes of their public release, as per Cloudflare’s 2024 Application Security report covering May 2023 to March 2024.

The deployment of BugSleep is a significant development in MuddyWater’s tactics, targeting various sectors with phishing emails leading to the distribution of Remote Management Tools and the BugSleep malware.

By targeting famous brands like tech firms and financial industry players, FIN7 actors deploy redirects, multi-stage phishing campaigns, and impersonate open directories to spread malware.

The malicious ad campaign employed advanced filtering techniques to evade detection and appeared as a top search result for Microsoft Teams. It redirected users through deceptive links despite displaying microsoft.com as its URL.

Vyacheslav Igorevich Penchukov, a criminal who used Zeus and IcedID malware to steal millions of dollars from victims, has been sentenced to almost a decade in prison and ordered to pay $73 million in restitution by a Nebraska federal court judge.