Abyss Locker Ransomware - Updated Profile
We originally wanted to cover this locker in 2023 but were unable to acquire samples from the community. This profile reflects the currently available information as a resource as an update.
161 reports
We originally wanted to cover this locker in 2023 but were unable to acquire samples from the community. This profile reflects the currently available information as a resource as an update.
Short title: SANDWORM_MODE npm worm (CI secret theft + MCP poisoning) npm supply chain attack, SANDWORM_MODE, typosquatting, GitHub Actions compromise, CI secret exfiltration, MCP server…
Targeted 2024 intrusions against high-profile TeamT5 customers, later surfaced via CISA KEV listing.
Summary: Symantec links Lazarus tooling to Medusa RaaS extortion activity observed in the Middle East and against a U.S. healthcare target.
Operational profile of the Black Basta ransomware ecosystem (2022–2026) Black Basta, BASTA, ransomware, RaaS, double extortion, UNC4393, Storm-1811, QakBot, DarkGate, Quick Assist, vishing, MITRE…
APT42 is an Iran-aligned cyber espionage and surveillance actor assessed by multiple vendors as state-sponsored. Mandiant assesses with high confidence that APT42 conducts information collection…
Peaklight malware deep dive, peaklight, emmenhtal, in-memory malware, lnk, mshta, powershell, bunnycdn, webdav, cryptbot, lumma, shadowladder, hijackloader, threat hunting, incident response,…
Tags: Payload ransomware, data broker extortion, double extortion, Tor leak site, ESXi ransomware, RECOVERY-xx0001.txt, IOCs, incident response
APT33, Elfin, Peach Sandstorm, HOLMIUM, Refined Kitten, Iran, aerospace, energy, petrochemical, spearphishing, password spraying, Outlook Home Page, Ruler, TurnedUp, DropShot, ShapeShift, StoneDrill
CISA has now flagged CVE-2026-1731 —a critical, pre-authentication remote code execution flaw in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) as being used in ransomware…
Ivanti Endpoint Manager Mobile (EPMM) sits in a uniquely privileged position: it manages device enrollment, policy enforcement, and app/content distribution across entire mobile fleets. When an…
Publish date: 21 February 2026 Category: Threat Intelligence / Defense Evasion / Endpoint Security Tags: EDR, XDR, ransomware, defense evasion, BYOVD, Windows drivers, tamper protection, detection…