EN / ES

Insights

Insights desde la primera línea de la ciberdefensa

Investigación, notas de ingeniería de detección y lecciones de respuesta a incidentes.

Habla con nuestros expertos

23 May 2025

Kettering Health crippled by ransomware: 14 hospitals on emergency reroute

On May 20, 2025, Kettering Health, a major healthcare network based in Ohio, experienced a ransomware attack that severely disrupted its operations. As a result, all 14 hospitals in the system were placed on emergency reroute. This meant ambulances were redirected, and staff had to switch to manual processes because digital systems—including electronic health records, internal messaging, and coordination platforms—became unavailable.

Read article

22 May 2025

Pro-Russian Cyber Activity: Hybrid Threats and the UK Response

Russia’s cyber strategy increasingly relies on hybrid operations: coordinated campaigns that combine cyber attacks, disinformation, and political subversion. Since the invasion of Ukraine in 2022, the Kremlin and its supporters have amplified a new wave of cyber threats, using state-aligned groups, criminal proxies, and nationalist hacktivist collectives to target institutions across Europe.

Read article

20 May 2025

Donation-Based Ransomware Groups

In the constantly evolving world of ransomware, a new and unusual variation has emerged. Rather than demanding cryptocurrency payments, certain threat actors are now instructing victims to make donations to charity in exchange for decryption keys or promises not to publish stolen data. These so-calleddonation-model ransomware groupspresent themselves as ideologically driven, often citing anti-corporate motives or positioning their activity as a form of digital protest.

Read article

16 May 2025

DBS Data Breach 2025: Ransomware Attack Exposes 11,000 Customers

InApril 2025, theDBS data breach 2025shocked the financial world, exposing the personal data of over 11,000 customers fromDBS BankandBank of China (BOC) Singapore. The breach wasn’t a direct attack on the banks themselves, but rather asupply chain attackvia their third-party IT vendor,Toppan Next Tech (TNT). This incident serves as a wake-up call about the vulnerabilities that come with relying on external vendors for critical services and data management.

Read article

15 May 2025

Emerging Ransomware Threats and Securing Open-Source Email Infrastructure

Ransomware continues to evolve. While well-known groups likeLockBit,Cl0p, andBlackCatdominate the headlines with high-profile attacks, a new wave of emerging ransomware groups is turning its attention to less defended systems—particularly open-source email platforms. These actors are exploiting vulnerabilities in software such as Zimbra Collaboration Suite, often with a focus on data theft, extortion, and reputation damage rather than system encryption.

Read article

13 May 2025

The Quiet Breach: Understanding and Responding to Low-Volume Data Leak Actors

The ransomware landscape is evolving. While high-profile attacks involving system-wide encryption and operational disruption continue to dominate headlines, a quieter breed of threat actor is gaining traction. These groups do not encrypt files, deploy malware, or demand immediate ransom. Instead, they rely on simple intrusions, slow data exfiltration, and carefully timed leaks of stolen data to apply pressure.

Read article

8 May 2025

Detection Advisory: ProjectRelic and Low-Noise Threat Actors in the UK and EU

This advisory focuses onProjectRelic, a stealth-oriented cyber threat group active across the UK and Europe, and other associated low-noise actors targeting research institutions and local government bodies. These groups typically avoid encryption-based attacks, instead favouring credential harvesting, passive data theft, and long-term access.

Read article

8 May 2025

Everest Group Alleged to have hit Kaefer

On 8 May 2025 at approximately 05:49 BST, theEverest Ransomware Grouppurportedly claimed responsibility for a cyber‐intrusion against Kaefer, one of the world’s leading industrial insulation and access specialists. According to the group’s online communiqué, stolen materials include internal correspondence, project documentation and support tickets drawn directly from Kaefer’s Freshdesk customer-service platform.

Read article