acint, Author at Bulwark Black LLC

Steaelite RAT Bundles Ransomware and Data Theft in Single Web Panel for Double Extortion Attacks

acint3 months ago03 mins

A dangerous new remote access trojan called Steaelite RAT has emerged on cybercrime forums, offering attackers a unified platform for executing double extortion attacks with unprecedented efficiency. Unlike traditional attack chains that require separate tools for data theft and ransomware deployment, Steaelite consolidates the entire operation into a single browser-based dashboard. Automated Credential Theft on…

APT37 Ruby Jumper Campaign: North Korean Hackers Deploy Malware Arsenal to Bridge Air-Gapped Networks

acint3 months ago04 mins

Zscaler ThreatLabz has uncovered a sophisticated campaign by North Korean threat group APT37, introducing five new malware tools designed specifically to infiltrate and exfiltrate data from air-gapped systems through weaponized USB drives. Campaign Overview In December 2025, security researchers at Zscaler discovered the Ruby Jumper campaign, orchestrated by APT37 (also known as ScarCruft, Ruby Sleet,…

UAC-0050 Targets European Financial Institution in Strategic Phishing Campaign

acint3 months ago02 mins

Russia-aligned threat actor UAC-0050 has expanded operations beyond Ukraine, targeting a European financial institution involved in reconstruction efforts with a sophisticated multi-stage spear-phishing attack. Campaign Overview Security researchers at BlueVoyant have uncovered a targeted phishing campaign attributed to UAC-0050, also known as the DaVinci Group. The threat cluster, tracked by BlueVoyant as “Mercenary Akula,” has…

Chinese APT Campaign Delivers PlugX RAT via G DATA Antivirus DLL Side-Loading

acint3 months ago03 mins

A sophisticated Chinese-aligned threat campaign has been observed delivering the PlugX Remote Access Trojan (RAT) through a clever abuse of legitimate G DATA antivirus components, according to new research from LAB52. The Attack Chain The infection begins with a spear-phishing email titled “Meeting Invitation” containing two links — one redirecting to Iceland’s Ministry of Foreign…

APT37 Deploys Ruby Jumper Campaign to Breach Air-Gapped Networks

acint3 months ago02 mins

North Korean threat actor APT37 (Reaper) has expanded its arsenal with sophisticated new malware designed to compromise air-gapped networks — systems physically isolated from the internet that organizations use to protect their most sensitive data. Researchers at Zscaler ThreatLabz have uncovered the “Ruby Jumper” campaign, which employs a complex infection chain featuring multiple novel malware…

DarkCloud Infostealer Emerges as Major Enterprise Threat: $30 Malware Delivers Scalable Credential Theft

acint3 months ago04 mins

The cybersecurity threat landscape is facing a growing challenge as infostealers continue to dominate the initial access ecosystem in 2026. Among the latest threats drawing serious attention is DarkCloud, a commercially available credential-harvesting malware that proves even low-cost tools can deliver devastating results against enterprise environments. The $30 Threat That Can Compromise Entire Networks DarkCloud…

Diesel Vortex: Russian Cybercrime Group Steals 1,600+ Credentials From Global Logistics Sector

acint3 months ago03 mins

A Russian-linked cybercrime group dubbed Diesel Vortex has been systematically targeting the global freight and logistics industry, stealing over 1,600 unique login credentials from users of major logistics platforms in a sophisticated phishing campaign that ran from September 2025 through February 2026. Campaign Overview Security researchers at Have I Been Squatted, in collaboration with Ctrl-Alt-Intel,…

Cisco Talos Exposes Three-Year Campaign: UAT-8616 Exploits SD-WAN Zero-Day for Critical Infrastructure Access

acint3 months ago03 mins

Cisco Talos has disclosed the active exploitation of CVE-2026-20127, a critical zero-day vulnerability in Cisco Catalyst SD-WAN Controller (formerly vSmart), by a highly sophisticated threat actor tracked as UAT-8616. The campaign, which dates back at least three years, targets critical infrastructure sectors through persistent network edge device compromise. The Vulnerability: CVE-2026-20127 The vulnerability allows an…

North Korean Lazarus Group Adopts Medusa Ransomware in Global Extortion Campaign

acint3 months ago03 mins

North Korean cyber operations are crossing a significant threshold into commercial ransomware markets, demonstrating an intensified focus on direct financial gains. Recent intelligence from Symantec and Carbon Black Threat Hunter Team reveals the notorious state-backed Lazarus Group has begun deploying Medusa ransomware against targets in the Middle East while simultaneously attempting to breach healthcare organizations…

APT31’s Multi-Year Cyber Espionage Campaign Against Czech Ministry of Foreign Affairs

acint3 months ago02 mins

The Czech Republic has publicly attributed a sophisticated multi-year cyber intrusion to Chinese state-sponsored group APT31 (also known as Zirconium or Judgment Panda), marking one of the most significant national attribution cases in European cyber defense history. The Campaign From 2022 through May 2025, APT31 maintained persistent access to unclassified networks at the Czech Ministry…