18Dec-25

In depth analysis of the alleged Qilin, DragonForce and LockBit alliance

Disclaimer: On December 5, 2025, LockBit resurfaced with a newly branded Data Leak Site named after the latest version of its encryption tool. Although this report relies on data collected between January 1 and November 30, 2025, the CTI Team reviewed all posts published on the new LockBit DLS up to December 11, 2025. Findings indicate that approximately 55% of the...
Posted By
28Oct-25

Hamburglars

Episode 1 – The Trigger The investigation, dubbed "Hamburglars", originated from an incident response activity and a targeted deep-dive conducted by the Cyber Threat Intelligence Team. An Italian company operating in the food service sector had reported anomalies in its systems: an ongoing brute-force attack targeting its customer area. At first, the case appeared to be a typical cyberattack. However, further analysis quickly...
Posted By
2Oct-25

Red Teaming & Jazz: Creativity as a Service

Red Teaming & Jazz: Creativity as a Service Foreword I had been missing on this blog for a bit and I told myself it was time to go back to writing something. If in the previous article (here is the link) I wanted to make a sort of small professional contribution to the sector, in this case it is a further customization...
Posted By
16Sep-25

Elons (Proxima/Black Shadow related) ransomware attack via Oracle DBS External Jobs

Premise As Yarix’s Incident Response Team, our responsibilities are to manage critical issues related to cyber-attacks carried out by cybercriminals, intervening promptly in order to guarantee security to victim companies and to minimize latent risks, analyzing the systems within their infrastructures and indicating precise remediation actions capable of re-establishing a state of security sufficient for normal operational recovery. In the course of...
Posted By