IP cluster linking ransomware activity and Eye Pyramid C2
#EyePyramid #RansomHub #Rhysida #ViceSociety
https://www.intrinsec.com/wp-content/uploads/2025/04/TLP-CLEAR-IP-cluster-linking-ransomware-activity-and-Eye-Pyramid-C2-EN.pdf
#ViceSociety
🚨 Vanilla Tempest (Vice Society) strikes again with ransomware attacks on key industries! 🖥️ Critical infrastructure, healthcare systems on high alert... #CyberSecurity #Ransomware #ViceSociety https://www.netsec.news/alert-on-inc-ransomware-attacks-conducted-by-vanilla-tempest-vice-society-threat-group/
Vice Society: The #1 cyberthreat to schools, colleges, and universities
According to a recent Malwarebytes Threat Brief, in the last 12 months, the Vice Society ransomware gang has conducted more known attacks against education targets globally, and in the USA and the UK individually, than any other ransomware group.
https://www.malwarebytes.com/blog/news/2023/06/vice-society #ViceSociety #malware #ransomware #schools
Vice Society #ransomware group added DATALAN (http://datalan.sk) to their victim list.
Happy Monday! The #ViceSociety ransomware gang has been busy and so has the Palo Alto Networks Unit 42 team. They recently discovered that the #ransomware gang created a custom #Powershell script used to exfil data from the victim network and the team conducts a technical breakdown of it! Enjoy and #HappyHunting!
Vice Society: A Tale of Victim Data Exfiltration via PowerShell, aka Stealing off the Land
https://unit42.paloaltonetworks.com/vice-society-ransomware-powershell/
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
#ViceSociety gang is using a custom #PowerShell tool for data exfiltration
https://securityaffairs.com/144898/cyber-crime/vice-society-powershell-tool-exfiltration.html
#securityaffairs #hackingisnotacrime
The BARTPD documents recently dumped by Vice Society contain a 5 page "5150 and Problem Person list" that I haven't seen any reporting on. Is this kind of thing commonplace among transit LEAs? I don't have much experience with this kind of thing in LA. Here's one blurred out page to give you an idea of what they're doing. I'm not linking to the original because it's very invasive.
#BART #BARTPD #BayAreaRapidTransit #ViceSociety #Ransomware #ACAB #5150 #ProblemPersonList #PublicRecords #PoliceAbolition #PoliceSpying
Police uniform invoice from Vice Society's dump of BART PD documents. $1223 for body armor, three shirts, and two pairs of pants.
#BART #BARTPD #BayAreaRapidTransit #ViceSociety #Ransomware #ACAB #BodyArmor #PublicRecords #PoliceAbolition
Vice Society publishes data stolen during Vesuvius ransomware attack https://grahamcluley.com/vice-society-publishes-data-stolen-during-vesuvius-ransomware-attack/ #ViceSociety #Ransomware #databreach #ransomware #Dataloss #Malware
Vice Society publishes data stolen during Vesuvius ransomware attack - A notorious ransomware gang has claimed responsibility for a cyber attack against Vesuviu... https://grahamcluley.com/vice-society-publishes-data-stolen-during-vesuvius-ransomware-attack/ #vicesociety #ransomware #databreach #dataloss #malware
🏴☠️️💰 Yesterday hit another record with 17 #ransomware victims announced by ransomware groups #LockBit (x14) #vicesociety (x2) and #Royal.
🛡️ Stay vigilant and protect your systems.
With #Hive ransomware infrastructure taken down last week and speculation of similar action against #LockBit, which groups will likely take the “top” #RaaS spots in the first part of the year? If you don’t track #ransomware-as-a-service closely, you may not realize how many other groups regularly carry out attacks (or at least claim & extort victims publicly)
Since the takedown on Thursday, five RaaS groups have claimed nearly 30 victims publicly, with LockBit 3.0, #Clop, and #ViceSociety leading the pack. In our ransomware landscape briefing last week, a participant asked which group concerned us most into the new year. My answer is “most” seen in the slide here (but if I had to narrow, I choose LockBit in the short-term, and Vice Society in the medium/longer term)
Last week I argued that many, if not most, of the “top” groups (measured quickly by last year’s victim count) should be on most security teams’ radars. While there are some notable trends in victim sectors, like a relative increase in attacks on public services organizations, in general most of the leading groups are associated with a broad range of victim verticals (a similar trend holds for victim size too – a relative rise in mid-sized organizations, but still a notable number of large enterprises like in years past)
Rather than burn resources trying to track each new victim associated with each group every day, there is value in identifying top common tactics, techniques, & procedures among groups with generally similar motivations & victim patterns, and focusing response drills, defensive reinforcements, log source & detection tuning, and, where resources allow, unit testing or adversary simulation or emulation around that subset of TTPs
Our living matrix of top ransom & extortion group #TTPs is found here, covering nearly 30 groups and 175 techniques, although the cluster of top common ones is much smaller. Click the labels in the ribbon at the top to see source references for every mapping and procedural details for many: https://app.tidalcyber.com/share/9a0fd4e6-1daf-4f98-a91d-b73003eb2d6a
You can also catch the recording of last week’s session and slides with this and similar metrics & graphics on-demand here: https://www.brighttalk.com/webcast/19703/570527
Ouaip… je sais ce que c'est d'avoir une infra à moitié pété à reconstruire et revoir de fond en comble la sécurité.
"Angriff mit #Schadsoftware - #Daten der Uni Duisburg-Essen im #Darknet aufgetaucht"
"Nachdem #Hacker zunächst .. Systeme der Universität .. lahmgelegt hatten, erhöhen sie .. Druck + stellen erbeutete Daten ins Netz. #Lösegeld will .. Hochschule aber nicht bezahlen."
".. steckt hinter dem Angriff die Hacker-Truppe »#ViceSociety«."
".. Hochschule war innerhalb weniger Wochen zweimal Ziel eines ..angriffs .."
#Datensicherheit #Datenschutz #Cybersecurity #UDE
17.1.2023
🏴☠️💰 Record broken on January 16 with 12 #ransomware victims announced from #Hive #Blackbyte #Royal (x2) #ViceSociety #lockbit3 (x5) #Mallox and #Play groups
🔗 Source : https://www.ransomware.live
Ransomware: Daten von Uni Duisburg-Essen im Darknet, Uni Innsbruck attackiert
Die Daten aus dem Cyber-Angriff auf die Uni Duisburg-Essen wurden im Darknet veröffentlicht. Derweil hat die Uni Innsbruck eine Attacke am Wochenende abgewehrt.
#CyberAngriff #Cyberangriff #Cybercrime #Cybergang #Datenklau #Ransomware #Security #ViceSociety
"Hamburger Hochschule wird erpresst"
"Die Hackergruppe "#ViceSociety" hat sich zur Cyberattacke auf die #HAW #Hamburg bekannt. Nach Informationen des #ARD-Politikmagazins #Kontraste droht sie, erbeutete #Daten zu veröffentlichen. US-Sicherheitsbehörden vermuten die Angreifer in #Russland."
".. WLAN ist abgeschaltet, genauso die meisten Computer - aus Sicherheitsgründen. .."
https://www.tagesschau.de/investigativ/rbb/hackernangriff-haw-vice-101.html
13.1.2023
#GBR #cyberattack Pates Grammar School und weiter Schulen von #ViceSociety #Ransomware betroffen. Tracked bei @Heimschule76@twitter.com
https://www.bbc.com/news/uk-england-gloucestershire-63637883
Here's a look at which #ransomware leak sites were the most active during the first week of 2023!
1️⃣ #ViceSociety
2️⃣ #PlayRansomware
3️⃣ #Lockbit
🔗 Dashboard Source Code:
https://github.com/colincowie/LeakSiteAnalytics/
ℹ️ Data provided via RansomWatch
Vice Society listed BART on their ransomware blog.
#bart #ransomware #vicesociety
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst