惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

雷峰网
雷峰网
宝玉的分享
宝玉的分享
I
InfoQ
P
Privacy International News Feed
V
V2EX
IT之家
IT之家
S
SegmentFault 最新的问题
D
Darknet – Hacking Tools, Hacker News & Cyber Security
V2EX - 技术
V2EX - 技术
C
CERT Recently Published Vulnerability Notes
C
Check Point Blog
The Register - Security
The Register - Security
爱范儿
爱范儿
博客园 - 三生石上(FineUI控件)
AWS News Blog
AWS News Blog
M
MIT News - Artificial intelligence
C
Cyber Attacks, Cyber Crime and Cyber Security
F
Fortinet All Blogs
B
Blog
N
Netflix TechBlog - Medium
B
Blog RSS Feed
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Last Week in AI
Last Week in AI
T
Threatpost
Forbes - Security
Forbes - Security
U
Unit 42
A
Arctic Wolf
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
P
Palo Alto Networks Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Recorded Future
Recorded Future
L
Lohrmann on Cybersecurity
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
P
Proofpoint News Feed
月光博客
月光博客
Spread Privacy
Spread Privacy
MongoDB | Blog
MongoDB | Blog
Jina AI
Jina AI
I
Intezer
V
Visual Studio Blog
阮一峰的网络日志
阮一峰的网络日志
The Hacker News
The Hacker News
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
L
LangChain Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
博客园_首页
MyScale Blog
MyScale Blog
腾讯CDC
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
量子位

Truesec

Russian Intelligence Targets SOHO Routers - Truesec Cyber Warfare in the Iran War - Truesec AI Used in Ransomware Attack The Fortibleed Campaign: Truesec's Experience Fortibleed: Truesec's Experience Supply Chain Attack Compromising Arch Linux AUR Packages with Infostealer and Rootkit - Truesec FortiNet SSO Vulnerability CVE-2025-59718 and CVE-2025-59719 Leading to Full System Compromise - Truesec Critical Vulnerabilities in Ivanti Sentry Allows Code Execution as Root (CVE-2026-10520 & CVE-2026-10523) Typosquatting: When Your Domain Is Used Against You AI in Cybersecurity: Separating Operational Reality from Speculation Compromised @redhat-Cloud-Services Npm Packages Distribute Credential-Stealing Worm GitHub Hacks Highlights Need for Repository Security Installation of a Syslog Log Collector Critical Cisco Secure Workload Vulnerability Allows Unauthenticated Site Admin Access (CVE-2026-20223) Securing IT, OT, and IoT When the Digital Meets the Physical Russia Rolls Out Surveillance Through State-Backed “Super App” MAX Device Code Phishing via Fake File-Sharing Invitation Active Exploitation of PAN‑OS Authentication Portal RCE - Truesec Windows Client Security Baselines: When Assumptions Meet Incident Response Reality - Truesec Entra ID Password Protection: From “P@ssw0rd” to Protected GitHub Under Attack: How Small Exposures Snowball into Large‑Scale Compromises European Risks Linked to the U.S. – Iran Conflict Mythos: What It Actually Means and What It Does Not Russian Espionage Campaign Targets Home Routers How Nordic Organizations Must Adjust Their Cybersecurity to a Changing Operating Environment Critical Vulnerability in “Ninja Forms – File Upload” WordPress Plugin (CVE-2026-07409) Iranian APT Target US Critical Infrastructure Remote Access – Is VPN the Almighty Solution? Malicious Axios Packages Published to npm in New Supply Chain Compromise RCE Vulnerability in F5 BIG-IP APM (CVE-2025-53521) No Further Increase in Iranian Cyber Operations Malicious PyPI Package – LiteLLM Supply Chain Compromise Dutch Intelligence Warns of Russian Campaign Against Signal and Whatsapp Users Multiple Vulnerabilities, One Critical, in Ubiquiti UniFi Network Application
Organized Cybercrime Merging with Other Crime - Truesec
Hjalmar Desmond · 2026-07-10 · via Truesec

Threat Insight

Silent Ransom Group is a Russian cyber extortion-group that mainly uses social engineering to steal sensitive data for extortion purposes. They often call victims impersonating helpdesk staff and attempt to persuade them to download remote management tools that allow the criminals to access the victims’ machines.

In a recent report, the FBI warns that Silent Ransom Group has also begun recruiting gig workers in the victims’ area under the guise of hiring helpdesk personnel. Gig workers are people who earn money through short-term, flexible jobs rather than a traditional permanent role. They are usually paid per task, project or assignment.

The cybercriminals instruct these workers to seek out an assigned victim and tell them they need to insert a USB drive into their machine to solve some problem.

A former student employee of the City of Copenhagen misused authorized access to the Danish Civil Registration System (CPR) to extract and sell sensitive personal data to criminal actors on a crime-as-a-service model. The insider advertised his ability to obtain information, charged per lookup, and in some cases guaranteed access to large numbers of records.

The data was shared via encrypted messaging platforms such as Telegram and Signal to criminals who used it to identify, locate, and target individuals for extortion and other violent acts. In the wider criminal context, at least one homicide occurred involving a person whose data had been accessed; however, the court did not find it proven that the insider’s actions contributed to the killing and therefore acquitted him of complicity in the homicide.

While the two incidents above are unrelated, both highlight how organized crime and organized cybercrime appear to be merging slowly as stolen data becomes a commodity on underground markets. Russian cyber extortion groups have amassed enough money to attempt to bribe insiders or organize schemes where gig workers are tricked into physically aiding them.

The growth of Western cybercrime ecosystems, where members are often recruited online at a very young age on platforms like Roblox, means that young IT students fresh out of college may secretly already be hardened criminals. The threat of AI replacing many IT jobs may also make it seem that the IT industry is not as safe as it once was, which can also make a criminal career seem more attractive.

Recommended Actions

What This Means

This is a control problem across people, process, and access design. A threat actor does not need to break technical controls if a trusted person opens the way. Leadership should view this as a risk to sensitive data, physical safety, fraud exposure, and trust in the operating model.

MITRE ATT&CK Connection

ATT&CK pattern: This attack stands out through social engineering, abuse of trusted relationships, and use of valid accounts. The attacker borrows trust from employees, contractors, or local third parties instead of defeating technical controls first.

Architectural weak point: Sensitive data, privileged access, and key approvals often depend on a small number of people and weak supervision. If human trust is not designed as a control risk, the operating model gives the attacker a built-in bypass.

NIST CSF

Govern:

Roles, Responsibilities, and Authorities (GV.RR): Define who owns insider risk across cyber, HR, legal, fraud, and physical security.

Protect:

Identity Management, Authentication, and Access Control (PR.AA): Control privileged access, contractor access, and user lifecycle changes.
Data Security (PR.DS): Limit exposure of sensitive data and high-value approvals to the smallest necessary group.

Detect:

Continuous Monitoring (DE.CM) and Adverse Event Analysis (DE.AE): Detect misuse of trusted access and unusual activity around sensitive processes.

Respond:

Incident Management (RS.MA) and Incident Response Reporting and Communication (RS.CO): Use one response model for insider misuse, social engineering, and related fraud events.

What To Do

  • Treat insider risk as part of enterprise security architecture, not only as a local HR or technical issue.
  • Map where sensitive data, privileged access, and critical approvals depend on single individuals or weak supervision.
  • Reduce opportunity for misuse through segregation of duties, least privilege, stronger joiner mover leaver controls, and tighter monitoring of high-risk access.
  • Set clear controls for contractors, temporary staff, and external support channels.
  • Link cyber, HR, legal, physical security, and fraud teams so the organization responds through one control model.

Stay ahead with cyber insights

Newsletter

Stay ahead in cybersecurity! Sign up for Truesec’s newsletter to receive the latest insights, expert tips, and industry news directly to your inbox. Join our community of professionals and stay informed about emerging threats, best practices, and exclusive updates from Truesec.

Latest Insights