Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We're thrilled to share some big news; Rubrik Security Cloud - Government has officially achieved FedRAMP Moderate authorization! What does this mean for your agency and the citizens you serve? Well, it's a significant milestone that reinforces our commitment to protect your data and deliver cyber resilience in accordance with top-tier federal cybersecurity standards.

In December 2024, Arctic Wolf Labs observed a mass exploitation campaign involving Cleo Managed File Transfer (MFT) products for initial access. The execution chain involved an obfuscated PowerShell stager, a Java loader, and ultimately a Java-based backdoor, which we will refer to as Cleopatra. In this article we will provide insight into the execution chain in this campaign, obfuscated malicious payloads deployed, and surrounding threat intelligence context around these activities.

Did you know that 59% of organizations have been hit by ransomware, with Active Directory (AD) often being the primary target for attackers seeking credential theft and privilege escalation? With AD being basically the heart of enterprise IT from the permissions management and granting view, these ransomware threats automatically go against it and hence protecting them is pretty much important so to keep the organization safe.

MacOS, often regarded for its robust security measures, has increasingly become a target for sophisticated cyber threats. Among the latest examples is Banshee Stealer, a malware engineered to compromise macOS systems by extracting sensitive user information. Developed by Russian cybercriminals and offered at a premium subscription fee of $3,000 per month, this malware underscores the growing attention of threat actors toward macOS platforms.

Another week, another extortion group data-leak site emerges. Cyjax has continued to observe the emergence of data-leak sites (DLSs) for extortion and ransomware groups. New groups FunkSec, ContFR, Argonauts, Kairos, Chort, and Termite appeared in December and November 2024 alone, bringing this year’s total up to 69. On 11 December 2024, Cyjax identified the emergence of a Tor-based DLS belonging to a new data-leak extortion group going by the name ’Bluebox’.

Malware, short for malicious software, refers to any software specifically designed to harm, exploit, or otherwise compromise a device, network, or user data. In today’s digital age, malware attacks have become a persistent threat, targeting individuals, businesses, and even governments.

3AM (also known as ThreeAM) is a ransomware group that first emerged in late 2023. Like other ransomware threats, 3AM exfiltrates victims' data (threatening to release it publicly unless a ransom is paid) and encrypts the copies left on targeted organisations' computer systems.