Cybercrime

In depth analysis of the alleged Qilin, DragonForce and LockBit alliance

Disclaimer: On December 5, 2025, LockBit resurfaced with a newly branded Data Leak Site named after the latest version of its encryption tool. Although this report relies on data collected between January 1 and November 30, 2025, the CTI Team reviewed all posts published on the new LockBit DLS up to December 11, 2025. Findings indicate...
18/12/2025By Read more...

Hamburglars

Episode 1 – The Trigger The investigation, dubbed "Hamburglars", originated from an incident response activity and a targeted deep-dive conducted by the Cyber Threat Intelligence Team. An Italian company operating in the food service sector had reported anomalies in its systems: an ongoing brute-force attack targeting its customer area. At first, the case appeared to be a typical...
28/10/2025By Read more...

BlueDuck: an(other) Infostealer Coveting Digital Marketing Agencies’ Facebook Business Accounts

Introduction In November 2023, the Yarix Cyber Threat Intelligence team (YCTI) intercepted a set of suspicious phishing emails addressed to digital marketing agencies that were impersonating different famous fashion brands. Through the analysis of these emails, we uncovered the activities of a Vietnamese cybercriminal group distributing a malicious python-based infostealer, tracked as BlueDuck, aimed to...
04/04/2024By Read more...

Win$ton: a Russian-Speaking Scam Group Targeting Middle-Eastern Customers

Introduction As Yarix Cyber Threat Intelligence (YCTI) team, we regularly monitor, track and counter phishing websites that aim to steal user-sensitive data (e.g., login credentials, phone numbers, credit cards). One of the most challenging aspect of proactively countering and tracking phishing campaigns is hunting and analyzing exposed phishing kits. The analysis of these archives enables...
21/06/2023By Read more...