Автор: Kristina Beek, Associate Editor, Dark Reading

Law enforcement discovered admin credentials on the suspect’s computer for an online repository hosted on the Dark Web that stored source code for multiple versions of the LockBit builder.

The Mora_001 group uses similar post-exploitation patterns and ransomware customization originated by LockBit.

Medusa developers have been targeting a wide variety of critical infrastructure sectors, from healthcare and technology to manufacturing and insurance, racking up its victim count as it seemingly adds to its numbers of affiliates.

In the past, the vulnerability was exploited to drop Mirai botnet malware. Today, it’s being used once more for another botnet campaign with its own malware.

Plankey has served in numerous cybersecurity positions in the past, including during the first Trump presidency from 2018-2020.

Plankey has served in numerous cybersecurity positions in the past, including during the first Trump presidency from 2018-2020.

The program underwent a series of changes in the past year, including richer maximum rewards in a variety of bug categories.

Clandestine kill switch was designed to lock out other users if the developer’s account in the company’s Windows Active Directory was ever disabled.

The group is using the Medusa malware and taking up space once held by other notable ransomware groups like LockBot, increasing its victim list to 400 and demanding astoundingly high ransoms.

The pair found a loophole through StubHub’s services, allowing them to steal tickets and resell them for personal profit, amassing hundreds of thousands of dollars.