In the 8 months since first appearing on the threat landscape, it is believed that the threat group operating under the name, EncryptHub, have successfully breached 618 organizations through the use of phishing and social engineering campaigns. The phishing tactics used by this group are unique in that they impersonate various IT support groups to gain the trust of their victims, and own dozens of domains that are very similar to the domains of the remote access tools used by legitimate support groups. After gaining access to these corporate networks, EncryptHub has been known to deploy infostealers to gather accessible data as well as executing a range of ransomware variants, by potentially affiliating with groups like RansomHub and BlackSuit.
Anubis ransomware offers variety of services
Researchers have been tracking a relatively new ransomware group, Anubis, since late 2024 and have identified that the group offers a multitude of services for compromising organizations. In addition to the expected ransomware attacks, which gives the affiliate the largest cut of any payments made by victims, Anubis also offers data ransom service to assist with ransoming and publishing recently stolen data, though the affiliate cut is much lower. Finally, Anubis offers Access Monetization, which pays affiliates for access to newly breached organizations throughout the Western World, that haven't been targeted by other ransomware groups within the past year.
LockBit threat actors threaten FBI with major leak
At the beginning of the week, the threat actors behind the notorious LockBit ransomware group issued a message to the newly appointed FBI director, regarding the inevitable leak of highly classified information that had the potential to cause significant damage to the agency. The message, which was posted to the group’s leak site, instructs Director Kash Patel to contact the group and take delivery of a data trove that allegedly contains information on the agency’s shady dealings and operations.
Hacker publishes data trove from French telecom
Over the weekend, a hacker going by the alias ‘Rey’ published a large data trove that was exfiltrated from the French telecommunications firm, Orange Group. The hacker claimed to have maintained access to Orange’s systems for nearly a month before starting the exfiltration process, which included employee and customer information, payment card data, and source code. Officials for Orange Group are still investigating this incident, but have confirmed that they were breached, but don't appear to be entering negotiations with the hacker.
Employment screening firm suffers massive breach
Nearly a year after staff at DISA Global Solutions discovered some unauthorized activity on their network, officials have confirmed that they fell victim to a data breach that affects 3.3 million individuals who used their employment screening services. The breach was identified in April of 2024, but the investigation has revealed that the threat actors had access for nearly 3 months before being detected, leading to major concerns over the security procedures that DISA had in place, considering the sensitivity of the information that they gather and store.