A ransomware activity wave using the SocGholish MaaS framework for initial access also has affected banking and consulting firms in the US, Taiwan, and Japan since the beginning of the year.
March 17, 2025 By Elizabeth Montalbano
The RansomHub cybercriminal group has teamed with the threat actor behind the FakeUpdates malware-as-a-service (MaaS) framework to deliver its ransomware, in a wave of attacks against US government organizations.
In threat activity tracked as "Water Scylla" by researchers at Trend Micro, SocGholish, the actor responsible for FakeUpdates, is delivering the ransomware in a complex, multiple-stage attack involving several threat groups, according to a recent blog post.
The attack "involves compromised websites, collaboration with threat actors operating malicious Keitaro TDS instances, SocGholish payload delivery, and post-compromise activity that leads to RansomHub," Trend Micro researchers revealed in the post.
