[RADIANT] - Ransomware Victim: Spijkermat - https://www.redpacketsecurity.com/radiant-ransomware-victim-spijkermat/

#radiant #dark_web #data_breach #OSINT #ransomware #threatintel #tor

Ransomware Attacks Demystified A Practical Guide for 2025 - https://www.redpacketsecurity.com/ransomware-attacks-demystified-a-practical-guide-for/

#Ransomware_attacks #CyberSecurity #OSINT #Cyber

New, by me: Aisuru Botnet Shifts from DDoS to Residential Proxies

Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and sustainable business: Renting hundreds of thousands of infected Internet of Things (IoT) devices to proxy services that help cybercriminals anonymize their traffic. Experts say a glut of proxies from Aisuru and other sources is fueling large-scale data harvesting efforts tied to various artificial intelligence (AI) projects, helping content scrapers evade detection by routing their traffic through residential connections that appear to be regular Internet users.

I included a section at the end mentioning that the latest Aisuru botnet code apparently tells infected systems to check in at the host fuckbriankrebs[.]com. When I heard this, I wondered what its use might be other than to just say what the domain says. But we also noticed the domain was unregistered....

Happily, the domain name was deftly snatched up last week by Philippe Caturegli, “chief hacking officer” for the security intelligence company Seralys.

Caturegli enabled a passive DNS server on that domain and within a few hours received more than 700,000 requests for unique subdomains on fuckbriankrebs[.]com.

But even with that visibility into Aisuru, it is difficult to use this domain check-in feature to measure its true size, Brundage said. After all, he said, the systems that are phoning home to the domain are only a small portion of the overall botnet.

“The bots are hardcoded to just spam lookups on the subdomains,” he said. “So anytime an infection occurs or it runs in the background, it will do one of those DNS queries.”

Read more:
https://krebsonsecurity.com/2025/10/aisuru-botnet-shifts-from-ddos-to-residential-proxies/

Red Hat has revealed they were victim of a data breach

Timeline: The attack happened approximately 2 weeks ago

Impact: 570 GB of data was stolen from one of Red Hat Consulting division's GitLab instances, including some sensitive customer internal infrastructure info from big companies

Attacker: The Crimson Collective extortion group has claimed responsibility

Remediation:
- Breach notifications to be sent to affected customers

#cybersecurity #databreach #RedHat

https://www.bleepingcomputer.com/news/security/red-hat-confirms-security-incident-after-hackers-breach-gitlab-instance/