


























An article from
Dive Brief
The security firm BlackFog said the number of disclosed incidents it tracked in Q1 was roughly one-tenth of the number of undisclosed incidents.
BlackFog’s threat intelligence team identified 264 publicly disclosed ransomware attacks in the first three months of 2026, but it also identified 2,160 undisclosed attacks. While the number of disclosed attacks represented a 15% year-over-year decrease, the number of undisclosed attacks ticked up slightly from Q1 2025.
The U.S. was by far hackers’ dominant target, with U.S. organizations accounting for half of all undisclosed attacks (1,070) and 61% of all disclosed attacks.
The Qilin ransomware gang was the most active group in both segments, accounting for 16% of undisclosed attacks and 8% of disclosed attacks. But the second- and third-most active groups differed between segments. A relatively new group called The Gentlemen accounted for the second-most undisclosed attacks, followed by Akira, while ShinyHunters accounted for the second-most disclosed attacks, followed by INC.
Manufacturing was the most targeted sector among undisclosed attacks, accounting for more than one-fifth of all such incidents, while healthcare was the most commonly targeted sector among disclosed attacks, accounting for 27% of those incidents. Among disclosed attacks, government organizations (12%) and information technology companies (11%) were the next most targeted.
Virtually all (96%) disclosed attacks involved data exfiltration, BlackFog said, highlighting attackers’ focus on data theft as a source of leverage and profit.
“While the decline in total attacks may suggest incremental progress,” BlackFog researchers wrote, “the sustained volume of incidents, high rate of data exfiltration, and significant proportion of unattributed activity demonstrate that ransomware continues to evolve and pose a significant risk to organizations worldwide.”
In the first quarter of the year, hackers increasingly favor “more accessible and scalable tooling that reduces complexity and shortens the path from compromise to impact,” according to the report.
One popular tool was the Venom Stealer infostealer, which hackers delivered using the ClickFix infection technique and which BlackFog said “turns social engineering into a continuous data exfiltration pipeline.” Researchers also identified a new command-and-control framework, dubbed Lotus C2, that features ready-to-use infrastructure for managing malware and maintaining access to victim networks. “Its modular design and ease of use lower the barrier to entry for less sophisticated actors, enabling broader adoption of advanced attack capabilities,” BlackFog said.
One of the most concerning new attack surfaces is shadow AI, which has proliferated as employees race to adopt new AI tools without the necessary permissions or security measures. According to prior BlackFog research, 49% of employees use AI programs that their companies haven’t approved, 51% have connected AI tools to other platforms without approval and 58% use free AI tools that lack enterprise security protections. Six in 10 respondents also said the speed benefits of AI were worth the security risks.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。