XVigil identified a suspicious domain that was sending phishing emails to the vendors of a real estate entity. A deep-dive analysis of the domain exposed a full-fledged campaign, where the threat actors were impersonating the Ministry of Human Resources of the UAE government.

XVigil discovered a threat actor advertising a macro RAT (Remote Access Trojan) dubbed “Ekipa", created by Russian hacktivists.

CloudSEK team has identified Stormous ransomware campaigns targeting multiple organizations globally. The threat group is financially motivated and their latest chain of attacks has been directed at Indian entities as well.

CloudSEK’s contextual AI digital risk platform XVigil discovered a financially motivated ransomware group, dubbed BlueSky, speculated to be connected to the Conti ransomware group.

XVigil identified a post on a Telegram channel where the hacktivist group, DragonForce Malaysia has shared an exploit to CVE-2022-26134 to actively target and exploit Indian entities.

XVigil has identified an info stealer malware named YTStealer targeting YouTube creators and stealing authentication cookies. The stealer enables an attacker to gain access to control, modify, and monetize the accounts.

XVigil discovered a threat actor advertising the services for search engine optimization (SEO) and website ranking under the name of ‘Shadow SEO’, on a cybercrime forum.

XVigil discovered a new operation named #OpBRICS launched by the threat actor group Your Data is Ours (YDIO) against the following five major emerging economies: