GuidePoint Security identified a threat actor using a Python-based backdoor to persistently access breached endpoints and release RansomHub encryptors across compromised networks. The backdoor was first documented by ReliaQuest in February 2024, with GuidePoint noting updates in a later version. The Python backdoor forms a cornerstone of the command-and-control infrastructure, facilitating strong lateral movement and indicating a high coding proficiency or AI-assisted coding. Ransomware affiliates continue to exploit such backdoors.
Wipers from Russia’s most cut-throat hackers rain destruction on Ukraine
One of the world’s most ruthless and advanced hacking groups, the Russian state-controlled Sandworm, launched a series of destructive cyberattacks in the country’s ongoing war
