Ransomware

Cybersecurity
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
Symantec found that DragonForce ransomware deployed Backdoor.Turn, a Go implant that hides C2 traffic inside Microsoft Teams TURN relay infrastructure.
Cybersecurity
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Zimperium disclosed Rokarolla, an Android trojan with a 137-command C2 framework that targets 217 banking and cryptocurrency apps via dynamic overlay attacks.
Cybersecurity
Nightspire Claims Blue Nile Medical and Silsbee Police as New Victims
Nightspire ransomware listed four US victims including Blue Nile Medical Center with 3,000 exposed patient EHR records and Silsbee Police Department in Texas.
Cybersecurity
Ukrainian Conti Developer Pleads Guilty to Ransomware Loader Coding
Oleksii Lytvynenko, a Ukrainian national extradited from Ireland, pleaded guilty to developing the malware loader that delivered Conti ransomware payloads.
TheGentlemen Ransomware Posts 20 Victims Across 14 Countries
Cybersecurity
TheGentlemen Ransomware Posts 20 Victims Across 14 Countries
TheGentlemen ransomware posted 20 new victims across 14 countries, including Croatia's Health Ministry and Denmark's National Museum, using double extortion.
Blog
Triple Extortion Ransomware: How It Works and How to Stop It
Triple extortion ransomware attacks combine encryption, data theft, and DDoS pressure to coerce payment from multiple angles. This guide explains the full attack lifecycle, real-world ...
Cybersecurity
Europol Dismantles AudiA6 Crypto Laundering Service
Europol dismantled AudiA6, a cryptocurrency laundering service that processed over $380 million in ransomware extortion proceeds for criminal networks.
Cybersecurity
Akira Claims Industrial Finisher, NJ Country Club, Architecture Firm
Akira ransomware posted three US victims on June 9: Spray Equipment with 26GB of W-2 records and engineering drawings, Rockaway River Country Club, and SMPC ...
Cybersecurity
Chaos Ransomware Lists Airespring as Iranian False-Flag History Looms
Chaos ransomware listed US telecom provider Airespring on its leak site. Rapid7 documented Chaos as a MuddyWater Iranian APT false-flag tool, complicating attribution.
Cybersecurity
WorldLeaks Claims Apple Supplier Tata Electronics and Two More Firms
WorldLeaks, the rebranded Hunters International group, posted three new victims: Tata Electronics, First Federal Savings & Loan, and India's Reliance Group.

Threat actors