DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 Traffic
Threat actors associated with the DragonForce ransomware group have been observed using a custom Go-based remote access trojan (RAT) called Backdoor.Turn to…
Threat actors associated with the DragonForce ransomware group have been observed using a custom Go-based remote access trojan (RAT) called Backdoor.Turn to…
Medusa ransomware is a threat group that has previously used the custom malicious driver ABYSSWORKER in its attacks.
ABYSSWORKER is a custom-built malicious driver used in BYOVD attacks, previously observed in Medusa ransomware incidents.
CVE-2023-52271 is a vulnerability associated with the driver wsftprm.sys used in BYOVD attacks by DragonForce.
CVE-2025-61155 is a vulnerability associated with the driver GameDriverX64.sys used in BYOVD attacks by DragonForce.
CVE-2025-1055 is a vulnerability associated with the driver K7RKScan.sys used in BYOVD attacks by DragonForce.
Cybersecurity researchers have charted the evolution of INC from a nascent ransomware-as-a-service (RaaS) operation to one of the most prolific cybercrime groups…
The Gentlemen ransomware-as-a-service (RaaS) operation is actively developing and maintaining a suite of endpoint detection and response (EDR) killers that it hands…
GentleKiller is a framework of EDR-terminating tools used by The Gentlemen RaaS. It comes in eight variants, each mimicking a different legitimate…
CERT/CC issued an advisory about multiple vendor-signed UEFI applications vulnerable to Secure Boot bypass via BYOVD attacks, impacting several hardware vendors.