Alexander Culafi

Boston

Senior News Writer, Security at Tech Target

Podcast Co-Host at Talk Nintendo Podcast

Cybersecurity reporter @DarkReading. One-time novelist (so far). Podcasts: @UnpreparedMen/@TalkNintendoPod. Mostly tweets about video games. DM for Signal.

Featured in: Favicon

techtarget.com (+1) Favicon

cnas.org

nintendoworldreport.com Favicon

lemagit.fr Favicon

venturefizz.com Favicon

computerweekly.com Favicon

darkreading.com Favicon

itmedia.co.jp Favicon

urgentcomm.com Favicon

iotworldtoday.com + 1 more

Articles

APT41 Uses Google Calendar Events for C2

1 week ago | darkreading.com | Alexander Culafi

A state-backed threat actor used Google Calendar for post-exploitation command-and-control (C2) operations in a threat campaign against government targets last October. Google senior security engineer Patrick Whitsell published research on May 28 regarding APT41, a Chinese state-sponsored espionage group also known as "Double Dragon." The group's activities are far-reaching; it previously hacked TeamViewer in 2016 and breached a number of critical infrastructure entities last year.
'Haozi' Gang Sells Turnkey Phishing Tools to Amateurs

1 week ago | darkreading.com | Alexander Culafi

A phishing group named "Haozi" is selling turnkey phishing infrastructure to amateur attackers — no commands needed. Security vendor Netcraft today published research concerning the Chinese-language phishing-as-a-service (PhaaS) group, which sells plug-and-play software that enables would-be hackers to steal credentials with little to no technical expertise.
DragonForce Ransomware Strikes MSP in Supply Chain Attack | OpenText Cybersecurity Community

1 week ago | community.opentextcybersecurity.com | Alexander Culafi

DragonForce, a ransomware "cartel" that has gained significant popularity since its debut in 2023, attacked an MSP as part of a recent supply chain attack, via known SimpleHelp bugs. May 27, 2025 By Alexander CulafiThe DragonForce ransomware gang attacked a managed service provider's (MSP) remote monitoring and management (RMM) tool in order to conduct a supply chain attack.
DragonForce Ransomware Strikes MSP in Supply Chain Attack

1 week ago | darkreading.com | Alexander Culafi

The DragonForce ransomware gang attacked a managed service provider's (MSP) remote monitoring and management (RMM) tool in order to conduct a supply chain attack. This news comes from Sophos, which today published research concerning an unnamed MSP and an attack conducted by DragonForce, a gang that emerged in 2023 and has become known for its unique ransomware-as-a-service (RaaS) scheme.
Unimicron, Presto Attacks Mark Industrial Ransomware Surge

2 weeks ago | threatbeat.com | Alexander Culafi

Skip to content NEW Security news and analysis brought to you by the McCrary Institute | READ MORE → By Alexander Culafi • May 23, 2025 Attacks on major organizations such as Unimicron, the South African Weather Service (SAWS), National Presto Industries, and Lee Enterprises signaled a surge in ransomware across critical infrastructure sectors in the first quarter of 2025 — a trend that was exacerbated by a growth in the variety and sophistication of the tactics used. That’s according to...
Russian Threat Actor TAG-110 Goes Phishing in Tajikistan

2 weeks ago | darkreading.com | Alexander Culafi

A state-sponsored threat group is targeting Central Asian institutions in order to further Russian interests. Recorded Future's Insikt Group published research today detailing a Russia-aligned threat actor tracked as TAG-110 conducting espionage against government, educational, and research-related entities in Tajikistan.
Unimicron, Presto Attacks Mark Industrial Ransomware Surge

2 weeks ago | darkreading.com | Alexander Culafi

Attacks on major organizations such as Unimicron, the South African Weather Service (SAWS), National Presto Industries, and Lee Enterprises signaled a surge in ransomware across critical infrastructure sectors in the first quarter of 2025 — a trend that was exacerbated by a growth in the variety and sophistication of the tactics used.
NIST's LEV Equation to Rate Chances a Bug Was Exploited

2 weeks ago | darkreading.com | Alexander Culafi

The US government is offering a new standard to determine the chances a software or hardware flaw has been successfully targeted by a threat actor in the wild. The US Department of Commerce's National Institute of Standards and Technology (NIST) published its equation on May 19 for what it describes as "Likely Exploited Vulnerabilities," or LEV.
Novel Phishing Attack Combines AES, Poisoned npm Packages

2 weeks ago | darkreading.com | Alexander Culafi

A new phishing attack spotted in the wild combined multiple techniques to create an email that waltzed right through detection systems and into victims' inboxes, all without traditional obfuscation. That's according to research published Tuesday by security vendor Fortra. The report, titled "Threat Analysis: Malicious NPM Package Leveraged in O365 Phishing Attack," concerns a novel attack the company's Suspicious Email Analysis (SEA) team observed in the wild last month.
'Operation RoundPress' Targets Ukraine Webmail Servers

2 weeks ago | darkreading.com | Alexander Culafi

As Russia's invasion of Ukraine continues, so too have its cyberattacks against the country. Security firm ESET recently published research on what it called "Operation RoundPress," a cyber-espionage operation carried out by Sednit, a Russian state-backed threat group also known as APT28 and Fancy Bear, which has been in operation since at least 2004.