📢 Midnight, héritier de Babuk : analyse technique et guide de déchiffrement
📝 Selon un billet de blog technique publié le 8 novembre 2025, l’article explore en profondeur la souche de rançongiciel « Midnight ».
📖 cyberveille : https://cyberveille.ch/posts/2025-11-08-midnight-heritier-de-babuk-analyse-technique-et-guide-de-dechiffrement/
🌐 source : https://www.gendigital.com/blog/insights/research/midnight-ransomware
#Babuk #IOC #Cyberveille

🚨 Velociraptor DFIR exploited in LockBit ransomware attacks.

Huntress and Cisco Talos link Storm-2603 to a new campaign abusing outdated Velociraptor builds for privilege escalation, lateral movement, and ransomware deployment.

The crew reportedly used SharePoint exploits (ToolShell) and domain admin creation before dropping LockBit, Warlock, and Babuk payloads.

💬 Are open-source DFIR tools the next frontier for living-off-the-land tactics?

Full Details:
https://www.technadu.com/qantas-customer-data-was-published-after-the-july-cyber-breach-impacting-5-million-people/611263/

Follow TechNadu for more cutting-edge cyber threat intelligence.

#CyberSecurity #DFIR #Velociraptor #Ransomware #LockBit #Warlock #Babuk #ThreatIntel #Storm2603 #Infosec #IncidentResponse #ThreatHunting #TechNadu #CyberAwareness

🚨 Velociraptor DFIR exploited in LockBit ransomware attacks.

Huntress and Cisco Talos link Storm-2603 to a new campaign abusing outdated Velociraptor builds for privilege escalation, lateral movement, and ransomware deployment.

The crew reportedly used SharePoint exploits (ToolShell) and domain admin creation before dropping LockBit, Warlock, and Babuk payloads.

💬 Are open-source DFIR tools the next frontier for living-off-the-land tactics?

Follow @technadu for more cutting-edge cyber threat intelligence.

#CyberSecurity #DFIR #Velociraptor #Ransomware #LockBit #Warlock #Babuk #ThreatIntel #Storm2603 #Infosec #IncidentResponse #ThreatHunting #TechNadu #CyberAwareness

They’re turning the tables—hackers are hijacking Velociraptor (a tool meant to catch them) to launch sneaky ransomware and double-extortion attacks. Just when you thought defenders had it all figured out, the game has changed.

https://thedefendopsdiaries.com/attackers-weaponize-velociraptor-dfir-tool-in-ransomware-campaigns/

#velociraptor
#ransomware
#dfir
#cve20256264
#cybersecurity
#threatactors
#doubleextortion
#infosec
#lockbit
#babuk

HellCat strongly defended the authorship of the attacks, avoiding any ambiguity in credit distribution among its members.
"Am I supposed to prove my attacks? If so, just wait for the deadline to end and download the data—nothing more. We already have a profile."

https://www.suspectfile.com/hellcat-rey-and-grep-internal-dynamics-and-conflicting-claims-in-the-orange-and-highwire-press-cases/

#HellCat #Rey #Babuk #Orange #Infosec #Data_Breach #Ransomware #Lies

Auf ihrer Darknet-Website gab die Babuk-Ransomware-Gruppe bekannt, dass sie angeblich rund 750 GB Daten sowie E-Mail-Zugangsdaten von #Rheinmetall Defence gestohlen hat. Insgesamt soll es sich dabei um 1400 Dateien handeln. Zu den gestohlenen Daten zählen laut #Babuk Militärverträge, E-Mails, Geschäftstransaktionen des Unternehmens, Details und Bilder von Produkten sowie viele weitere Informationen.

Weitere Infos und Screenshots gibt es hier:
https://teufelswerk.net/die-babuk-ransomware-gruppe-hat-heute-im-darknet-bekanntgegeben-dass-sie-rheinmetall-defence-gehackt-hat/

Die Babuk Ransomware Gruppe (babuk-bjorka) hat heute auf ihrer Website im Darknet bekanntgegeben, dass sie Rheinmetall Defence (rheinmetall.com) gehackt hat.

#babuk #babukbjorka #ransomware #ransom #rheinmetall #gehackt #hack #hacker #rheinmetalldefence #cybersecurity #itsicherheit #leaksdata #datenschutz #militar

New post from #Babuk-Bjorka : Rheinmetall.Com (Rheinmetall Defence)
More at : https://www.ransomlook.io/group/Babuk-Bjorka #Ransomware

New post from #Babuk-Bjorka : Secret Plans Of Indian Army
More at : https://www.ransomlook.io/group/Babuk-Bjorka #Ransomware

New post from #Babuk-Bjorka : Bangladesh Armed Forces (Bangladesh Army)
More at : https://www.ransomlook.io/group/Babuk-Bjorka #Ransomware

New post from #Babuk-Bjorka : Saudi Arabian Military And Government Internal Center
More at : https://www.ransomlook.io/group/Babuk-Bjorka #Ransomware

New post from #Babuk-Bjorka : Hellenic Airforce
More at : https://www.ransomlook.io/group/Babuk-Bjorka #Ransomware

New post from #Babuk-Bjorka : Turkish Defense Military
More at : https://www.ransomlook.io/group/Babuk-Bjorka #Ransomware

New post from #Babuk-Bjorka : Gangotreehomes.Com (Realestate)
More at : https://www.ransomlook.io/group/Babuk-Bjorka #Ransomware

New post from #Babuk-Bjorka : Iran Gas Service System
More at : https://www.ransomlook.io/group/Babuk-Bjorka #Ransomware

New post from #Babuk-Bjorka : Kfar Hatta Medical Center - Lebanon
More at : https://www.ransomlook.io/group/Babuk-Bjorka #Ransomware

New post from #Babuk-Bjorka : Zalora.Sg (Singapore Shopping)
More at : https://www.ransomlook.io/group/Babuk-Bjorka #Ransomware

New post from #Babuk-Bjorka : Polizia Italia Mail Access
More at : https://www.ransomlook.io/group/Babuk-Bjorka #Ransomware

New post from #Babuk-Bjorka : Ezbuy.Sg (Singapore Shopping)
More at : https://www.ransomlook.io/group/Babuk-Bjorka #Ransomware

New post from #Babuk-Bjorka : Dardoc.Com
More at : https://www.ransomlook.io/group/Babuk-Bjorka #Ransomware