Cicada3301, a ransomware-as-a-service group, had its affiliate program infiltrated by Group-IB researchers, who subsequently publicized details about the gang’s operations and inner workings. Active since June 2024, the group has attacked 30 victims, primarily in the U.S and U.K. The ransomware shares similarities with the defunct ALPHV/BlackCat ransomware group. Group-IB’s report also highlights Cicada3301’s sophisticated affiliate program, including detailed attack customization and support services.
APT Group Patches termsrv.dll to Enable Multiple RDP Sessions
A sustained cyber espionage campaign attributed to the Cloud Atlas advanced persistent threat (APT) group has introduced a stealthy technique that modifies the Windows termsrv.dll
