惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

WordPress大学
WordPress大学
The Register - Security
The Register - Security
Hugging Face - Blog
Hugging Face - Blog
博客园 - 聂微东
GbyAI
GbyAI
Recent Commits to openclaw:main
Recent Commits to openclaw:main
博客园_首页
D
Docker
S
Security @ Cisco Blogs
K
Kaspersky official blog
爱范儿
爱范儿
Simon Willison's Weblog
Simon Willison's Weblog
TaoSecurity Blog
TaoSecurity Blog
V
V2EX
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
Troy Hunt's Blog
Cloudbric
Cloudbric
博客园 - 三生石上(FineUI控件)
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
The Hacker News
The Hacker News
美团技术团队
S
SegmentFault 最新的问题
L
Lohrmann on Cybersecurity
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
宝玉的分享
宝玉的分享
The Last Watchdog
The Last Watchdog
Y
Y Combinator Blog
M
MIT News - Artificial intelligence
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Martin Fowler
Martin Fowler
Google Online Security Blog
Google Online Security Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
C
Cybersecurity and Infrastructure Security Agency CISA
T
Tor Project blog
Vercel News
Vercel News
The Cloudflare Blog
G
Google Developers Blog
T
Threat Research - Cisco Blogs
AI
AI
Stack Overflow Blog
Stack Overflow Blog
I
InfoQ
Scott Helme
Scott Helme
S
Schneier on Security
大猫的无限游戏
大猫的无限游戏
The GitHub Blog
The GitHub Blog
S
Securelist
IT之家
IT之家
Microsoft Azure Blog
Microsoft Azure Blog

Truesec

Russian Intelligence Targets SOHO Routers - Truesec Cyber Warfare in the Iran War - Truesec AI Used in Ransomware Attack The Fortibleed Campaign: Truesec's Experience Fortibleed: Truesec's Experience Supply Chain Attack Compromising Arch Linux AUR Packages with Infostealer and Rootkit - Truesec FortiNet SSO Vulnerability CVE-2025-59718 and CVE-2025-59719 Leading to Full System Compromise - Truesec Critical Vulnerabilities in Ivanti Sentry Allows Code Execution as Root (CVE-2026-10520 & CVE-2026-10523) Typosquatting: When Your Domain Is Used Against You AI in Cybersecurity: Separating Operational Reality from Speculation Compromised @redhat-Cloud-Services Npm Packages Distribute Credential-Stealing Worm GitHub Hacks Highlights Need for Repository Security Installation of a Syslog Log Collector Critical Cisco Secure Workload Vulnerability Allows Unauthenticated Site Admin Access (CVE-2026-20223) Securing IT, OT, and IoT When the Digital Meets the Physical Russia Rolls Out Surveillance Through State-Backed “Super App” MAX Device Code Phishing via Fake File-Sharing Invitation Active Exploitation of PAN‑OS Authentication Portal RCE - Truesec Windows Client Security Baselines: When Assumptions Meet Incident Response Reality - Truesec Entra ID Password Protection: From “P@ssw0rd” to Protected GitHub Under Attack: How Small Exposures Snowball into Large‑Scale Compromises European Risks Linked to the U.S. – Iran Conflict Mythos: What It Actually Means and What It Does Not Russian Espionage Campaign Targets Home Routers How Nordic Organizations Must Adjust Their Cybersecurity to a Changing Operating Environment Critical Vulnerability in “Ninja Forms – File Upload” WordPress Plugin (CVE-2026-07409) Iranian APT Target US Critical Infrastructure Remote Access – Is VPN the Almighty Solution? Malicious Axios Packages Published to npm in New Supply Chain Compromise RCE Vulnerability in F5 BIG-IP APM (CVE-2025-53521) No Further Increase in Iranian Cyber Operations Malicious PyPI Package – LiteLLM Supply Chain Compromise Dutch Intelligence Warns of Russian Campaign Against Signal and Whatsapp Users Multiple Vulnerabilities, One Critical, in Ubiquiti UniFi Network Application
Organized Cybercrime Merging with Other Crime - Truesec
Hjalmar Desmond · 2026-07-10 · via Truesec

Threat Insight

Silent Ransom Group is a Russian cyber extortion-group that mainly uses social engineering to steal sensitive data for extortion purposes. They often call victims impersonating helpdesk staff and attempt to persuade them to download remote management tools that allow the criminals to access the victims’ machines.

In a recent report, the FBI warns that Silent Ransom Group has also begun recruiting gig workers in the victims’ area under the guise of hiring helpdesk personnel. Gig workers are people who earn money through short-term, flexible jobs rather than a traditional permanent role. They are usually paid per task, project or assignment.

The cybercriminals instruct these workers to seek out an assigned victim and tell them they need to insert a USB drive into their machine to solve some problem.

A former student employee of the City of Copenhagen misused authorized access to the Danish Civil Registration System (CPR) to extract and sell sensitive personal data to criminal actors on a crime-as-a-service model. The insider advertised his ability to obtain information, charged per lookup, and in some cases guaranteed access to large numbers of records.

The data was shared via encrypted messaging platforms such as Telegram and Signal to criminals who used it to identify, locate, and target individuals for extortion and other violent acts. In the wider criminal context, at least one homicide occurred involving a person whose data had been accessed; however, the court did not find it proven that the insider’s actions contributed to the killing and therefore acquitted him of complicity in the homicide.

While the two incidents above are unrelated, both highlight how organized crime and organized cybercrime appear to be merging slowly as stolen data becomes a commodity on underground markets. Russian cyber extortion groups have amassed enough money to attempt to bribe insiders or organize schemes where gig workers are tricked into physically aiding them.

The growth of Western cybercrime ecosystems, where members are often recruited online at a very young age on platforms like Roblox, means that young IT students fresh out of college may secretly already be hardened criminals. The threat of AI replacing many IT jobs may also make it seem that the IT industry is not as safe as it once was, which can also make a criminal career seem more attractive.

Recommended Actions

What This Means

This is a control problem across people, process, and access design. A threat actor does not need to break technical controls if a trusted person opens the way. Leadership should view this as a risk to sensitive data, physical safety, fraud exposure, and trust in the operating model.

MITRE ATT&CK Connection

ATT&CK pattern: This attack stands out through social engineering, abuse of trusted relationships, and use of valid accounts. The attacker borrows trust from employees, contractors, or local third parties instead of defeating technical controls first.

Architectural weak point: Sensitive data, privileged access, and key approvals often depend on a small number of people and weak supervision. If human trust is not designed as a control risk, the operating model gives the attacker a built-in bypass.

NIST CSF

Govern:

Roles, Responsibilities, and Authorities (GV.RR): Define who owns insider risk across cyber, HR, legal, fraud, and physical security.

Protect:

Identity Management, Authentication, and Access Control (PR.AA): Control privileged access, contractor access, and user lifecycle changes.
Data Security (PR.DS): Limit exposure of sensitive data and high-value approvals to the smallest necessary group.

Detect:

Continuous Monitoring (DE.CM) and Adverse Event Analysis (DE.AE): Detect misuse of trusted access and unusual activity around sensitive processes.

Respond:

Incident Management (RS.MA) and Incident Response Reporting and Communication (RS.CO): Use one response model for insider misuse, social engineering, and related fraud events.

What To Do

  • Treat insider risk as part of enterprise security architecture, not only as a local HR or technical issue.
  • Map where sensitive data, privileged access, and critical approvals depend on single individuals or weak supervision.
  • Reduce opportunity for misuse through segregation of duties, least privilege, stronger joiner mover leaver controls, and tighter monitoring of high-risk access.
  • Set clear controls for contractors, temporary staff, and external support channels.
  • Link cyber, HR, legal, physical security, and fraud teams so the organization responds through one control model.

Stay ahead with cyber insights

Newsletter

Stay ahead in cybersecurity! Sign up for Truesec’s newsletter to receive the latest insights, expert tips, and industry news directly to your inbox. Join our community of professionals and stay informed about emerging threats, best practices, and exclusive updates from Truesec.

Latest Insights