Sib-Tryck Holding, a Swedish digital printing firm, has fallen victim to the Akira ransomware group. The attackers claim to have exfiltrated 45 GB of sensitive data, threatening to leak it unless contacted.
Researches, News, and more
DeXpose Blog
Threat Actor Profile: Mustang Panda
Mustang Panda is a sophisticated Chinese state-aligned cyberespionage group active since at least 2012. The group primarily targets government agencies, NGOs, think tanks, religious organizations, and private companies with geopolitical relevance to China’s strategic interests.…
AnyDesk Clone Drops .NET Loader with AES Encrypted Payload and AV Evasion Delivering Phemedrone Stealer
On June 16, 2025, a suspicious domain impersonating AnyDesk — anydeske[.]icu — was reported on Twitter. The site served what appeared to be a legitimate remote access tool but actually delivered a malicious .NET loader. Further investigation…
APT43 (Kimsuky / Black Banshee) Infrastructure Hunting Report
Summary Recently identified previously undetected Kimsuky (also known as Black Banshee) infrastructure through advanced pivoting techniques. Using HTTP header analysis, SSL Cert and JARM fingerprinting. We uncovered several IPs and domains, many of them were…
Egypt Post Impersonation Linked to Smishing Triad
A recently observed phishing campaign impersonating Egypt Post (البريد المصري) has been attributed to the Smishing Triad, a well-documented cybercriminal group for their phishing (smishing) campaigns across multiple countries. The campaign impersonates Egypt Post, aiming to steal credentials and…
Flesh Stealer: A Report on Multivector Data Theft
Introduction FleshStealer is a sophisticated, modular, and obfuscated .NET-based information-stealing malware designed for comprehensive data exfiltration from Windows systems. Its architecture is built for scale and stealth, utilizing multithreading to simultaneously run multiple data harvesting…
Understanding SalatStealer: Features and Impact
Introduction Salat Stealer is a stealthy malware developed in the Go programming language, designed to infiltrate systems and extract sensitive data. Once it infects a device, it gathers extensive system information, such as hard drive…
PureLogger Deep Analysis: Evasion, Data Theft, and Encryption Mechanism
Introduction PureLogs is an advanced information stealer designed to extract credentials, session tokens, and system details while employing strong anti-analysis techniques. It encrypts stolen data using AES-256 before sending it to a remote Command &…
Six Months Undetected: Analysis of archive.org hosted .NET PE Injector
Introduction On February 11, 2025, Filescan.io shared a troubling discovery: a 6-month-old .NET PE injector had remained undetected on Archive.org, a platform widely used for archiving web content. The file was flagged as clean, allowing it to remain accessible for months.…
How Dark web Monitoring Protects Your business
Dark web monitoring is a crucial step for businesses to safeguard their sensitive data. This process involves scanning the dark web for compromised information, such as stolen credentials and proprietary data. Data breaches can have…
Table of Contents