Threat Actor

ANZ Organizations Are in the Ransomware Crosshairs— What the Dark Web Is Telling Us

ANZ, cyber news, Ransomware, Ransomware Insights, Threat Actor, Threat Intelligence /

ANZ Organizations Are in the Ransomware Crosshairs— What the Dark Web Is Telling Us 2026-04-28 at 14:02 By Ashish Khaitan The conversation around ANZ ransomware threats has shifted noticeably over the past year. What once looked like sporadic, high-profile incidents has evolved into a sustained and structured campaign against organizations across Australia and New Zealand. Signals emerging from underground forums […]

ANZ Organizations Are in the Ransomware Crosshairs— What the Dark Web Is Telling Us Read More »

China’s APT41 and the Expanding Enterprise Attack Surface: What Security Teams Must Prepare For

attack surface management, cyber news, cybersecurity, darkweb, Ransomware, Threat Actor /

China’s APT41 and the Expanding Enterprise Attack Surface: What Security Teams Must Prepare For 2026-03-27 at 16:01 By Ashish Khaitan The modern enterprise attack surface is no longer confined to corporate networks and endpoints; it now stretches across cloud workloads, supply chains, remote devices, and even operational technology environments. Within this fragmented landscape, the activities

China’s APT41 and the Expanding Enterprise Attack Surface: What Security Teams Must Prepare For Read More »

India’s Evolving Cyber Threat Landscape: State-Sponsored Attacks, Hacktivism, and What’s Next in 2026

cyber news, Hacktivism, Ransomware, Threat Actor, Threat Intelligence /

India’s Evolving Cyber Threat Landscape: State-Sponsored Attacks, Hacktivism, and What’s Next in 2026 2026-03-24 at 12:32 By Ashish Khaitan The India cyber threat landscape 2026 is no longer defined by isolated incidents or opportunistic attacks. It has become a dynamic, constantly shifting battleground shaped by geopolitical tensions, rapid digitization, and highly advanced hackers. What once looked like sporadic cybercrime

India’s Evolving Cyber Threat Landscape: State-Sponsored Attacks, Hacktivism, and What’s Next in 2026 Read More »

Ransomware Attacks Have Surged 30% Since Q4 2025

darkweb, data breach, Ransomware, Ransomware Insights, Threat Actor /

Ransomware Attacks Have Surged 30% Since Q4 2025 2026-02-04 at 14:51 By Ashish Khaitan Ransomware groups claimed more than 2,000 attacks in the last three months of 2025 – and they’re starting 2026 at the same elevated pace.  Cyble recorded 2,018 claimed attacks by ransomware groups in the fourth quarter of 2025, an average of just under 673 a month. The threat groups maintained that pace in January 2026, claiming 679 ransomware victims.  By comparison, in

Ransomware Attacks Have Surged 30% Since Q4 2025 Read More »

Initial Access Sales Accelerated Across Australia and New Zealand in 2025

ANZ, cyber news, cybersecurity, Ransomware, Threat Actor, Threat Landscape Reports /

Initial Access Sales Accelerated Across Australia and New Zealand in 2025 2026-01-08 at 15:07 By Ashish Khaitan The cyber threat environment in Australia and New Zealand experienced a new escalation throughout 2025, driven by a surge in initial access sales, ransomware operations, and high-impact data breaches. According to our Threat Landscape Report Australia and New Zealand 2025, threat activity observed between January and November 2025 reveals a

Initial Access Sales Accelerated Across Australia and New Zealand in 2025 Read More »

Russia, Ukraine, China, and More: The Nations at the Center of the Cybercrime Epidemic 

cyber news, cyberattack, cybercrime, Ransomware, Threat Actor, Threat Intelligence, United Stated /

Russia, Ukraine, China, and More: The Nations at the Center of the Cybercrime Epidemic  2024-12-27 at 12:48 By Ashish Khaitan Overview Cyberattacks on a country’s critical infrastructure have become a growing malicious trend globally. The surge in cybercrime threats and its growing impact on national security, businesses, and individuals has led experts to closely examine

Russia, Ukraine, China, and More: The Nations at the Center of the Cybercrime Epidemic  Read More »

Top 10 Industries Targeted by Threat Actors in 2024 

Threat Actor /

Top 10 Industries Targeted by Threat Actors in 2024  2024-12-19 at 13:20 By Ashish Khaitan As cyber threats continue to evolve, threat actors are refining their techniques and focusing on industries that hold valuable information or play critical roles in society. From ransomware attacks paralyzing operations to data breaches compromising millions of individuals, no sector

Top 10 Industries Targeted by Threat Actors in 2024  Read More »

The Intricate Babylon RAT Campaign Targets Malaysian Politicians, Government

Threat Actor, trojan /

The Intricate Babylon RAT Campaign Targets Malaysian Politicians, Government 2024-09-04 at 17:01 By Cyble Key takeaways  Overview  Cyble Research and Intelligence Lab (CRIL) has recently discovered a campaign involving malicious ISO files, targeting political figures and government officials within Malaysia. The initial infection vector for this campaign is unclear. The ISO file is crafted with

The Intricate Babylon RAT Campaign Targets Malaysian Politicians, Government Read More »

FudModule Rootkit Targets Crypto, Linked to North Korean Citrine Sleet Group

Threat Actor /

FudModule Rootkit Targets Crypto, Linked to North Korean Citrine Sleet Group 2024-09-04 at 16:46 By Cyble Key Takeaways  Overview   The Citrine Sleet threat actor group was observed by Microsoft researchers exploiting the CVE-2024-7971 zero-day vulnerability in the V8 JavaScript and WebAssembly engine, which affects versions of Chromium prior to 128.0.6613.84. By exploiting this vulnerability, the

FudModule Rootkit Targets Crypto, Linked to North Korean Citrine Sleet Group Read More »

TA-FudModule Rootkit Targets Crypto, Linked to North Korean Citrine Sleet Group

Threat Actor /

TA-FudModule Rootkit Targets Crypto, Linked to North Korean Citrine Sleet Group 2024-09-04 at 11:16 By Cyble Key Takeaways  Overview   The Citrine Sleet threat actor group was observed by Microsoft researchers exploiting the CVE-2024-7971 zero-day vulnerability in the V8 JavaScript and WebAssembly engine, which affects versions of Chromium prior to 128.0.6613.84. By exploiting this vulnerability, the

TA-FudModule Rootkit Targets Crypto, Linked to North Korean Citrine Sleet Group Read More »

New Cheana Stealer Targets VPN Users Across Multiple Operating Systems

Threat Actor /

New Cheana Stealer Targets VPN Users Across Multiple Operating Systems 2024-08-22 at 19:46 By Cyble Key takeaways  Overview  Threat actors (TAs) predominantly rely on phishing websites as a method to distribute malware. A key tactic involves impersonating well-known brands, especially those associated with essential or security-related applications, to enhance the credibility of their campaigns. They

New Cheana Stealer Targets VPN Users Across Multiple Operating Systems Read More »

Widespread Cloud Exposure: Extortion Campaign Used Exposed AWS ENV Files to Target 110,000 Domains

Threat Actor /

Widespread Cloud Exposure: Extortion Campaign Used Exposed AWS ENV Files to Target 110,000 Domains 2024-08-20 at 19:33 By Cyble Key Takeaways Overview An extortion campaign targeted more than 100,000 domains by using misconfigured AWS environment variable files (.env files) to ransom data stored in S3 containers. The sophisticated campaign employed automation techniques and extensive knowledge of

Widespread Cloud Exposure: Extortion Campaign Used Exposed AWS ENV Files to Target 110,000 Domains Read More »

Threat Actors Exploit Recent CrowdStrike Outage to Ramp Up Suspicious Domain Creation

CrowdStrike, Malware, Threat Actor, Windows /

Threat Actors Exploit Recent CrowdStrike Outage to Ramp Up Suspicious Domain Creation 2024-07-20 at 19:46 By dakshsharma16 On July 19th, 2024, CrowdStrike, a leading cybersecurity provider of advanced end-point security detection and protection solutions, released a sensor configuration update to Windows systems. This update contained a logic error that resulted in system crashes and Blue

Threat Actors Exploit Recent CrowdStrike Outage to Ramp Up Suspicious Domain Creation Read More »

Threat Actor profile: SideCopy 

APT, Threat Actor /

Threat Actor profile: SideCopy  2024-04-29 at 16:01 By rohansinhacyblecom Since early 2019, Operation SideCopy has remained active, exclusively targeting Indian defense forces and armed forces personnel. The malware modules associated with this Threat Actor are continually evolving, with updated versions released following reconnaissance of victim data. Threat Actors behind Operation SideCopy closely monitor malware detections

Threat Actor profile: SideCopy  Read More »

Threat Actor Profile: TransparentTribe

Threat Actor /

Threat Actor Profile: TransparentTribe 2024-04-19 at 07:46 By neetha871ad236bd TransparentTribe primarily targets Indian government organizations, military personnel, and defense contractors. Its objective is usually to gather sensitive information, conduct cyber espionage, and compromise the security of its targets.   TransparentTribe is known to have exploited various platforms, including Windows and Android, in their endeavours. The threat

Threat Actor Profile: TransparentTribe Read More »

New Enchant Android Malware Targeting Chinese Cryptocurrency Users

Bitcoin, Bitpie Wallet, China, Crypto wallet, Cryptocurrency, darkweb, Enchant, imToken, Malware, OKX, Threat Actor, Threat Intelligence, TokenPocket wallet /

New Enchant Android Malware Targeting Chinese Cryptocurrency Users 23/10/2023 at 14:01 By cybleinc Cyble Research and Intelligence Labs analyzes a New Android malware “Enchant” targeting cryptocurrency users in China. The post New Enchant Android Malware Targeting Chinese Cryptocurrency Users appeared first on Cyble. This article is an excerpt from Cyble View Original Source

New Enchant Android Malware Targeting Chinese Cryptocurrency Users Read More »

Exela Stealer Spotted Targeting Social Media Giants

Discord, Discord Injection, Exela Stealer, Fake Error Message, GetIcon, GitHub, Keylogger, Open source stealer, PumpFile, Startup, Stealer, Telegram, Threat Actor, VM Machine /

Exela Stealer Spotted Targeting Social Media Giants 26/09/2023 at 16:31 By cybleinc Cyble Research and intelligence labs analyzes the latest version of Exela Stealer, observed targeting Social Media and gaming platforms. The post Exela Stealer Spotted Targeting Social Media Giants appeared first on Cyble. This article is an excerpt from Cyble View Original Source

Exela Stealer Spotted Targeting Social Media Giants Read More »

Low-profile Threat Actor observed imitating NoEscape Ransomware

Bitcoin, Cryptocurrency, NoEscape Ransomware, Ransomware, Threat Actor /

Low-profile Threat Actor observed imitating NoEscape Ransomware 14/09/2023 at 20:17 By cybleinc Cyble Research and Intelligence Labs uncovers a possible crafty imitator of the infamous NoEscape Ransomware. The post Low-profile Threat Actor observed imitating NoEscape Ransomware first appeared on Cyble. The post Low-profile Threat Actor observed imitating NoEscape Ransomware appeared first on Cyble. This article

Low-profile Threat Actor observed imitating NoEscape Ransomware Read More »

Threat Actors orchestrate cyber-attacks on vulnerable Ivanti products

CVE-2023-35078, Ivanti, Threat Actor, United States, vulnerability /

Threat Actors orchestrate cyber-attacks on vulnerable Ivanti products 14/09/2023 at 20:17 By cybleinc Cyble Global Sensor Intelligence Networks observes exploitation of Ivanti Vulnerabilities. The post Threat Actors orchestrate cyber-attacks on vulnerable Ivanti products first appeared on Cyble. The post Threat Actors orchestrate cyber-attacks on vulnerable Ivanti products appeared first on Cyble. This article is an

Threat Actors orchestrate cyber-attacks on vulnerable Ivanti products Read More »

 LockBit 2.0 Ransomware Resurfaces

CVE-2017-0199, cybercrime, darkweb, Korea, Lockbit 3.0, LockBit Ransomware 2.0, Malware, phishing, Ransomware, Threat Actor, Threat Intelligence /

 LockBit 2.0 Ransomware Resurfaces 07/06/2023 at 15:15 By cybleinc Cyble analyzes LockBit Ransomware, which is distributed via malicious documents, specifically targeting users in Korea. The post  LockBit 2.0 Ransomware Resurfaces appeared first on Cyble. This article is an excerpt from Cyble View Original Source

 LockBit 2.0 Ransomware Resurfaces Read More »

Scroll to Top