Wow, RedCurl is apparently dabbling in ransomware now? Seriously unexpected, right? I always had them pegged as the data theft specialists. The ransomware they're using is reportedly called QWCrypt.

It just goes to show you – even established APT groups aren't afraid to switch up their playbook. Let's face it, ransomware has become incredibly profitable, hasn't it?

This really drives home why robust security measures are absolutely non-negotiable. We're talking about consistent employee training, staying on top of patching, and, crucially, conducting *actual* penetration tests. And just to be crystal clear: automated scans are helpful, sure, but they simply aren't a substitute for a thorough, real-deal pentest!

So, what about you? Have you seen other threat actors making similar surprising shifts in their strategies lately? I'd love to hear what you've observed. Share your thoughts below!

Russian Espionage Group Using Ransomware in Attacks – Source: www.securityweek.com https://ciso2ciso.com/russian-espionage-group-using-ransomware-in-attacks-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #securityweekcom #securityweek #Cybercrime #ransomware #espionage #QWCrypt #redcurl

RedCurl Uses New QWCrypt Ransomware in Hypervisor Attacks – Source:hackread.com https://ciso2ciso.com/redcurl-uses-new-qwcrypt-ransomware-in-hypervisor-attacks-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #CyberAttacks #CyberAttack #CyberCrime #EarthKapre #Hypervisor #Ransomware #Hackread #security #QWCrypt #RedWolf #RedCurl #LOTL

RedCurl Uses New QWCrypt Ransomware in Hypervisor Attacks https://hackread.com/redcurl-uses-qwcrypt-ransomware-hypervisor-attacks/ #Cybersecurity #CyberAttacks #CyberAttack #CyberCrime #EarthKapre #Hypervisor #Ransomware #Security #QWCrypt #RedWolf #RedCurl #LOTL

RedCurl's Ransomware Debut: A Technical Deep Dive
#RedCurl
https://www.bitdefender.com/en-us/blog/businessinsights/redcurl-qwcrypt-ransomware-technical-deep-dive

NEW: The mysterious #RedCurl group, known for targeting the US, Russia and Western Europe, is now deploying new #QWCrypt ransomware in hypervisor attacks.

Read: https://hackread.com/redcurl-uses-qwcrypt-ransomware-hypervisor-attacks/

Russian Espionage Group Using Ransomware in Attacks https://www.securityweek.com/russian-espionage-group-using-ransomware-in-attacks/ #Cybercrime #ransomware #espionage #QWCrypt #RedCurl

Russian Espionage Group Using Ransomware in Attacks https://www.securityweek.com/russian-espionage-group-using-ransomware-in-attacks/ #Cybercrime #ransomware #espionage #QWCrypt #RedCurl

#RedCurl cyberspies create #ransomware to encrypt #HyperV servers

https://www.bleepingcomputer.com/news/security/redcurl-cyberspies-create-ransomware-to-encrypt-hyper-v-servers/

Hey #CyberSecurity pros! Ready to dive into the latest threats and breaches making headlines?

Our latest blog post is packed with need-to-know info to keep you ahead of the curve.

https://opalsec.io/daily-news-update-thursday-march-27-2025-australia-melbourne/

Here's a quick rundown of what's inside:

FamousSparrow's Return: The Chinese government-backed hacking group is back, targeting organizations in North America. Important distinction: ESET insists on tracking them separately from Salt Typhoon. Remember to prioritize TTPs and IOCs/IOAs accordingly!

RedCurl's Ransomware Twist: This corporate espionage group is now deploying "QWCrypt" ransomware, targeting Hyper-V servers. Phishing emails with malicious IMG attachments are the initial attack vector.

StreamElements Data Breach: A third-party service provider suffered a breach, exposing data of 210,000 customers.!

NSW Court System Data Theft: Sensitive documents, including AVOs, were stolen from the NSW Online Registry website. This could have serious consequences for victims of domestic violence.

NYU Website Defacement: A hacker compromised NYU's website, leaking personal data of over 1 million students. Even with good intentions, the collateral damage is unacceptable.

Defense Contractor Fined: MORSE Corp will pay millions for failing to meet federal cybersecurity requirements. Third-party risk management is crucial!

Atlantis AIO Automates Credential Stuffing: This new platform automates credential stuffing attacks against 140 online services. Stay vigilant against brute force attacks!

Chrome Zero-Day Exploited: Google patched a zero-day vulnerability exploited in espionage campaigns targeting Russian organizations. Keep your browsers updated!

UK Warns of 'Com Networks': The UK's NCA is warning of a growing threat from online networks of teenage boys who are "dedicated to inflicting harm and committing a range of criminality." A very worrying trend that we need to be aware of.

Ready for the full scoop? Read the full blog post here https://opalsec.io/daily-news-update-thursday-march-27-2025-australia-melbourne/

RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment – Source:thehackernews.com https://ciso2ciso.com/redcurl-shifts-from-espionage-to-ransomware-with-first-ever-qwcrypt-deployment-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #redcurl

RedCurl/EarthKapre APT Attack Detection: A Sophisticated Cyber-Espionage Group Uses a Legitimate Adobe Executable to Deploy a Loader – Source: socprime.com https://ciso2ciso.com/redcurl-earthkapre-apt-attack-detection-a-sophisticated-cyber-espionage-group-uses-a-legitimate-adobe-executable-to-deploy-a-loader-source-socprime-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #Latestthreats #socprimecom #earthkapre #socprime #redcurl #Blog #APT