Ionut Ilascu

Iaşi

Security News Reporter at Bleeping Computer

security news reporter @BleepinComputer  🐘: https://t.co/9L2XjPxKEV

Featured in: Favicon

bleepingcomputer.com Favicon

softpedia.com Favicon

substack.com Favicon

flipboard.com Favicon

codeproject.com Favicon

newsbreak.com Favicon

digitalguardian.com Favicon

news.softpedia.com Favicon

metacurity.substack.com

Articles

Dark Partners cybercrime gang fuels large-scale crypto heists

1 week ago | bleepingcomputer.com | Ionut Ilascu

A sprawling network of fake AI, VPN, and crypto software download sites is being used by the "Dark Partner" threat actors to conduct a crypto theft attacks worldwide. Masquerading as popular apps, these cloned sites deliver the Poseiden (macOS) and Lumma (Windows) infostealers and malware loaders like Payday. This malware is used to steal cryptocurrency and sensitive data such as host information, credentials, private keys, or cookies, which are likely sold on the cybercriminal market.
US indicts leader of Qakbot botnet linked to ransomware attacks

2 weeks ago | bleepingcomputer.com | Ionut Ilascu

The U.S. government has indicted Russian national Rustam Rafailevich Gallyamov, the leader of the Qakbot botnet malware operation that compromised over 700,000 computers and enabled ransomware attacks. As per court documents, Gallyamov started to develop Qakbot (also known as Qbot and Pinkslipbot) in 2008 and deployed it to create a network of thousands of infected computers.
Russian hackers breach orgs to track aid routes to Ukraine

2 weeks ago | bleepingcomputer.com | Ionut Ilascu

A Russian state-sponsored cyberespionage campaign attributed to APT28 (Fancy Bear/Forest Blizzard) hackers has been targeting and compromising international organizations since 2022 to disrupt aid efforts to Ukraine. The hackers targeted entities in the defense, transportation, IT services, air traffic, and maritime sectors in 12 European countries and the United States.
European Union sanctions Stark Industries for enabling cyberattacks

2 weeks ago | bleepingcomputer.com | Ionut Ilascu

The European Union has imposed strict sanctions against web-hosting provider Stark Industries and the two individuals running it, CEO Iurie Neculiti and owner Ivan Neculiti, for enabling “destabilising activities” against the Union. The action is part of the European Council’s effort to protect against Russian hybrid threats.
Linux wiper malware hidden in malicious Go modules on GitHub

1 month ago | bleepingcomputer.com | Ionut Ilascu

A supply-chain attack targets Linux servers with disk-wiping malware hidden in Golang modules published on GitHub. The campaign was detected last month and relied on three malicious Go modules that included “highly obfuscated code” for retrieving remote payloads and executing them. The attack appears designed specifically for Linux-based servers and developer environments, as the destructive payload - a Bash script named done.sh, runs a ‘dd’ command for the file-wiping activity.
DragonForce expands ransomware model with white-label branding scheme | OpenText Cybersecurity Community

1 month ago | community.opentextcybersecurity.com | Ionut Ilascu

April 26, 2025 By Ionut IlascuThe ransomware scene is re-organizing, with one gang known as DragonForce working to gather other operations under a cartel-like structure. DragonForce is now incentivizing ransomware actors with a distributed affiliate branding model, providing other ransomware-as-a-service (RaaS) operations a means to carry out their business without dealing with infrastructure maintenance cost and effort.
DragonForce expands ransomware model with white-label branding scheme

1 month ago | bleepingcomputer.com | Ionut Ilascu

The ransomware scene is re-organizing, with one gang known as DragonForce working to gather other operations under a cartel-like structure. DragonForce is now incentivizing ransomware actors with a distributed affiliate branding model, providing other ransomware-as-a-service (RaaS) operations a means to carry out their business without dealing with infrastructure maintenance cost and effort.
Phishers abuse Google OAuth to spoof Google in DKIM replay attack

1 month ago | bleepingcomputer.com | Ionut Ilascu

In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google’s systems, passing all verifications but pointing to a fraudulent page that collected logins. The attacker leveraged Google’s infrastructure to trick recipients into accessing a legitimate-looking “support portal” that asks for Google account credentials.
Police detains Smokeloader malware customers, seizes servers

1 month ago | bleepingcomputer.com | Ionut Ilascu

In follow-up activity for Operation Endgame, law enforcement tracked down Smokeloader botnet’s customers and detained at least five individuals. During Operation Endgame last year, more than 100 servers used by major malware loader operations (e.g. IcedID, Pikabot, Trickbot, Bumblebee, Smokeloader, SystemBC) were seized.
WinRAR flaw bypasses Windows Mark of the Web security alerts | OpenText Cybersecurity Community

2 months ago | community.opentextcybersecurity.com | Ionut Ilascu

April 5, 2025 By Ionut IlascuA vulnerability in the WinRAR file archiver solution could be exploited to bypass the Mark of the Web (MotW) security warning and execute arbitrary code on a Windows machine. The security issue is tracked as CVE-2025-31334 and affects all WinRAR versions except the most recent release, which is currently 7.11.