Breach Monitoring News Feed
Real-time tracking of threat actors, active data leaks, and cybersecurity incidents across the globe.
aka xoriste
Endurance is a destructive ransomware variant first observed in 2023, developed and operated by the threat actor known as IntelBroker (also referred to as Butler Spider). Rather than encrypting files for decryption, it functions primarily as a data wiper, overwriting file contents, appending randomized filenames, and then deleting the files altogether. The source code for the malware was intentionally made public by the operator, indicating its use as both a tool and a statement. Endurance was used in high-profile breaches, including targeting government agencies, large enterprises, and telecommunications providers.
Entropy is a ransomware first seen in 1st quarter of 2022, is being used in conjunction of Dridex infection. The ransomware uses a custom packer to pack itself which has been seen in some early dridex samples.
Rebrand to Bashe in October 2024. Eraliegn, self-styled as APT73 and formerly known as Bashe, surfaced in April 2024. Rather than conducting real ransomware campaigns, the group specializes in fabricating data breach narratives, curating or reusing existing leaked data (often from years-old breaches) and presenting it on a Tor-hosted leak site to project credibility. They claim to have breached organizations across sectors—such as banking, travel, manufacturing, and IT—targeting entities in countries including the United Kingdom, India, Indonesia, France, and Canada. However, threat analysis shows these claims are deceptive in nature rather than demonstrative of technical prowess or active network compromise.
Rebranded to Sabbath.
Everest is a ransomware group active since at least December 2020, known for its double-extortion tactics. The group initially operated as a typical ransomware outfit, encrypting files with strong cryptography and appending victim-specific extensions, but later shifted toward pure data extortion—threatening to sell or release stolen data without necessarily deploying encryption. Everest targets a wide range of sectors, including government, healthcare, manufacturing, and IT services, with confirmed victims in North America, Europe, and Asia. Initial access vectors include exploitation of vulnerable public-facing applications, phishing campaigns, and credential theft for remote access services. The group maintains a Tor-based leak site to publish stolen information and advertise access to compromised networks.
Ransomware.