The Daixin group has been targeting healthcare organizations with double extortion ransomware attacks, U.S. government agencies warned.
Threat actors are using customized exfiltration tools in hopes of increasing the speed for their ransomware attacks.
Researchers said the attack kill chain is the first time they observed Brute Ratel being used as a second-stage payload via a Qakbot infection.
The Noberus ransomware (also known as BlackCat and ALPHV) has received a major update, and affiliates deploying it have also evolved their tactics.
The Iranian state-backed actors who attacked the Albanian government targeted an old SharePOint vulnerability for initial access.