⚠️New blog post: #BlackReward has leaked confidential data from the #Iranian #Nuclear Power Production and Development (#NPPD). In the documents it's shown a link between Moscow and Teheran. #leak #russia #iran blog.cluster25.duskrise.com/2022/11/07/ira…

#noname(057)16 has DDoSed the website of the italian Ministry of Agricolture #ministerodellagricoltura. Cluster25 analyzed the tool used by the Russian speaking group called DDOSIA Project. Total number of users: 726, main server on 109.107.181.130 and geolocated in Russia.

⚠️We analyzed a highly evasive #infostealer spread across #Italian entities in early Dec. 2022. The attacker used several level of obfuscation and packing techniques to hinder and make analysis more difficult. Happy reading 👇 blog.cluster25.duskrise.com/2022/12/22/an-…

Alessandria Hospital in Italy has allegedly been breached with samples provided by Ragnar Locker. Azienda Ospendaliera di Alessandria /ospendale.al.it Cluster25 #cybersecurity #infosec #RagnarLocker

Another year has passed tracking #cybercriminals. This year has been particularly intense from a #cyber point of view also due to the conflict between Russia and Ukraine. We are pleased to share an infographic about the activities conducted by the Cluster25 team in the year 2022.

Newly registered domain belonging to #Gamaredon #APT #infrastructure secureurl[.]shop

LockBit posts Cantina Tollo winery collective in Italy. Alan I suggest the Montepulciano d’Abruzzo which pairs well with hacking. /cantinatollo.it Allan “Ransomware Sommelier🍷” Liska #cybersecurity Cluster25 Agenzia Nova #cybersecurity #infosec #lockbit

Cluster25 joined the VirusTotal community! Starting from March 2023, part of our intelligence data will be shared with this amazing community, allowing users to get insights about suspicious IPs, domains, and URLs. Enjoy our public #Intelligence! blog.cluster25.duskrise.com/2023/03/16/c25…

The #chemical sector is definitely considered a critical infrastructure with #strategic goals, so it's a very attractive target for #threat actors. Check out our overview about the #cyber #risks of the chemical sector! blog.cluster25.duskrise.com/2023/04/12/cyb…

Cluster25 has become partner of dns0.eu project! Starting April 27, 2023, Cluster25 started sharing its #APT, #Phishing / #Fraud and #Malware indicators with DNS0 in order to further raise the #security levels of its users. blog.cluster25.duskrise.com/2023/05/02/c25…

#BlackByte and his #ransomware continue operating all around the world, we dissected the latest version of this famous ransomware. Here the #Ida #Python script we used: github.com/Microv/BlackBy… Here the report: blog.cluster25.duskrise.com/2023/05/22/bac… Hoping this helps the community!

🚨Beware of #BEC #attacks! Here, we are reporting a recent, well-prepared #fraud campaign involving the names of existing non-profit foundations as bait. Read more on: blog.cluster25.duskrise.com/2023/08/25/the… #cybersecurity #scam

We are happy to announce that #Cluster25 is now integrated with #OpenCTI through a dedicated connector. OpenCTI connectors are a crucial components to enable organizations to easily ingest, enrich and/or export data. github.com/OpenCTI-Platfo…

🚨 Cluster25 has uncovered phishing attacks likely linked to a pro-Russia nation-State adversary. These attacks, conducted in the context of the RU-UA conflict zone, leverage a recently discovered vulnerability (CVE-2023-38831) affecting WinRAR. Read more: blog.cluster25.duskrise.com/2023/10/12/cve…

🚨A seemingly legitimate #LinkedIn profile contacts you via direct message and offers you a job, sending a PDF file. This is the beginning of a bad story that leads to #DUCKTAIL infection. Read more on: blog.cluster25.duskrise.com/2023/10/25/the…

🚨Cluster25 investigated a possible #APT campaign targeting #Russian dissidents. Using different lures, the #attacks aimed at organizations and citizens, leveraging a #reverseshell. Read more on: blog.cluster25.duskrise.com/2024/01/30/rus…