Hacker tools and techniques: Underground hacking sites
Hackers frequently update their attack tools, techniques and methods to find new ways to break into databases, networks and devices. Track their progress and the work of cybercrime investigators with the latest information on hacking groups, underground hacker sites and new hacker tools.
Top Stories
-
News
28 Oct 2021
Avast releases decryptors for multiple ransomware strains
Victims of three separate ransomware families can now recover data using tools developed by the antivirus vendor with help from a malware analyst and an alleged Babuk developer. Continue Reading
-
News
15 Oct 2021
Accenture sheds more light on August data breach
The IT services giant disclosed in an SEC filing that threat actors stole and leaked proprietary data during a LockBit ransomware attack earlier this year. Continue Reading
-
News
28 Oct 2021
Avast releases decryptors for multiple ransomware strains
Victims of three separate ransomware families can now recover data using tools developed by the antivirus vendor with help from a malware analyst and an alleged Babuk developer. Continue Reading
-
News
15 Oct 2021
Accenture sheds more light on August data breach
The IT services giant disclosed in an SEC filing that threat actors stole and leaked proprietary data during a LockBit ransomware attack earlier this year. Continue Reading
-
News
04 Oct 2021
2 suspected ransomware operators arrested in Ukraine
A coordinated international law enforcement operation led to the arrest of two alleged ransomware operators, though the ransomware gang has not been identified. Continue Reading
-
News
22 Sep 2021
Marcus & Millichap hit with possible BlackMatter ransomware
The real estate firm confirmed in a SEC filing this week that it had suffered a recent cyber attack but claimed there was no 'material disruption' to its business. Continue Reading
-
News
21 Sep 2021
Treasury Department sanctions cryptocurrency exchange Suex
In the ongoing battle against ransomware attacks, the Treasury Department sanctioned Suex, a cryptocurrency exchange accused of laundering ransom payments. Continue Reading
-
News
16 Sep 2021
Bitdefender releases REvil universal ransomware decryptor
The REvil decryptor key helps victims recover their encrypted files, as long as the attacks were made before July 13, which is when REvil went off the grid for two months. Continue Reading
-
News
08 Sep 2021
CrowdStrike threat report: Breakout time decreased 67% in 2021
CrowdStrike's latest research shows threat actors have reduced the time it takes for them to move laterally in victim environments, thanks in part to ransomware as a service. Continue Reading
-
News
11 Aug 2021
Hackers selling access to breached networks for $10,000
Network access is a closely-guarded commodity in underground hacker forums, with some sellers not even revealing the names of their victims until money has changed hands. Continue Reading
-
News
29 Jul 2021
Kaspersky tracks Windows zero days to 'Moses' exploit author
In its second-quarter threat report, Kaspersky Lab found a rise in the use of exploits and zero-day vulnerabilities, several of which were traced to a single threat actor. Continue Reading
-
News
28 Jul 2021
New 'BlackMatter' ransomware gang has echoes of REvil
Although connections are being made between ransomware groups REvil and BlackMatter, the jury is still out on whether they have threat actors in common. Continue Reading
-
News
21 Jul 2021
Hackers embrace 5-day workweeks, unpatched vulnerabilities
Bad guys are taking the weekends off too, according to Barracuda Networks, and old bugs that should have been patched months ago continue to be the most-targeted vulnerabilities. Continue Reading
-
Podcast
14 Jul 2021
Risk & Repeat: Breaking down the Kaseya ransomware attacks
Nearly two weeks after REvil ransomware hit hundreds of companies, Kaseya and its managed service providers are still assessing the damage from the supply chain attack. Continue Reading
-
News
30 Jun 2021
European police lay siege to hacker haven DoubleVPN
An international law enforcement operation shut down DoubleVPN, a Dutch-hosted service that had provided low-cost, underground anonymizing services to cybercriminals. Continue Reading
-
Definition
30 Jun 2021
active attack
An active attack is a network exploit in which a hacker attempts to make changes to data on the target or data en route to the target. Continue Reading
-
News
28 Jun 2021
DarkSide ransomware funded by cybercriminal 'investors'
New ransomware gangs, such as DarkSide, are receiving cryptocurrency investments from their peers and are poised to make life difficult for enterprises and law enforcement alike. Continue Reading
-
News
11 Jun 2021
Slilpp marketplace goes dark following government takedown
Slilpp, a massive dark web emporium for buying and selling stolen credentials, has been pulled offline by an international law enforcement takedown. Continue Reading
-
News
07 Jun 2021
DOJ charges alleged Trickbot developer
Several of the 19 charges brought against the alleged Trickbot Group developer Alla Witte include bank fraud and aggravated identity theft. Continue Reading
-
News
18 May 2021
Sophos: 81% of attacks last year involved ransomware
The majority of incidents Sophos responded to in the last year involved ransomware. The company also found the median dwell time of attackers was 11 days. Continue Reading
-
News
12 May 2021
DarkSide: The ransomware gang that took down a pipeline
DarkSide may be best known for the Colonial Pipeline ransomware attack, but the gang has hit dozens of organizations since last summer, presenting itself as a Robin Hood-type group. Continue Reading
-
News
07 May 2021
'Bulletproof' hosts catch RICO charges for aiding cybercriminals
Four men pleaded guilty to RICO conspiracy charges for operating a bulletproof hosting service that provided infrastructure to cybercriminals' operations. Continue Reading
-
News
05 May 2021
Researchers use PyInstaller to create stealth malware
Academic researchers say the application builder could be used to create undetectable attack bundles that bypass many widely used antimalware programs. Continue Reading
-
Definition
23 Apr 2021
computer cracker
A computer cracker is an outdated term used to describe someone who broke into computer systems, bypassed passwords or licenses in computer programs, or in other ways intentionally breached computer security. Continue Reading
-
News
21 Apr 2021
Hackers exploit 3 SonicWall zero-day vulnerabilities
SonicWall patched the zero-day vulnerabilities earlier this month, but the security vendor didn't disclose they were being exploited until Tuesday. Continue Reading
-
News
13 Apr 2021
McAfee: PowerShell threats grew 208% in Q4 2020
McAfee's latest threat report showed a sharp increase in PowerShell threats between Q3 and Q4 2020, in part due to malware known as Donoff and a rise in ransomware detections. Continue Reading
-
News
07 Apr 2021
Cisco: Threat actors abusing Slack, Discord to hide malware
The threat intelligence vendor released a new report on how threat actors are increasingly abusing popular collaboration applications like Slack and Discord during the pandemic. Continue Reading
-
News
19 Mar 2021
Acer hit by apparent attack from REvil ransomware group
Acer told SearchSecurity in a statement that it has 'reported recent abnormal situations observed to the relevant law enforcement.' However, it did not confirm a ransomware attack. Continue Reading
-
News
22 Feb 2021
Chinese APT used stolen NSA exploit for years
Check Point's report details how a zero-day exploit credited to a Chinese nation-state threat group "is in fact a replica of an Equation Group exploit code-named 'EpMe.'" Continue Reading
-
News
09 Feb 2021
Ninety percent of dark web hacking forum posts come from buyers
Positive Technologies built a picture of dark web hacking forums via data from the 10 active forums and over 8 million users, though the veracity of such posts remains unclear. Continue Reading
-
Podcast
05 Feb 2021
Risk & Repeat: Diving into the dark web
This week's Risk & Repeat podcast discusses the state of the dark web in 2021, how it has changed and what enterprises should know about the threats that exist there. Continue Reading
-
News
26 Jan 2021
Akamai: Extortion attempts increase in DDoS attacks
New research from Akamai Technologies shows record-breaking DDoS attacks surged in 2020 while extortion-related campaigns against a variety of targets also increased. Continue Reading
-
News
19 Jan 2021
FBI warns against vishing attacks targeting enterprises
Though the FBI vishing warning references attacks that began in December 2019, the alert is reminiscent of the Twitter social engineering attacks that took place last July. Continue Reading
-
Feature
04 Jan 2021
Ransomware 'businesses': Does acting legitimate pay off?
Ransomware gangs such as Maze have portrayed themselves almost like penetration testing firms and referred to victims as 'clients.' What's behind this approach? Continue Reading
-
News
18 Nov 2020
Sophos: Ransomware 'heavyweights' demand sky-high payments
Sophos principal research scientist Chet Wisniewski explains the presence of 'weight classes' in ransomware and offers his thoughts on its future. Continue Reading
-
News
12 Nov 2020
25,000 criminal reports: Vastaamo breach sets new precedent
The recent data breach at the Vastaamo Psychotherapy Centre in Finland shows threat actors are willing to threaten and extort patients directly, setting a dangerous new precedent. Continue Reading
-
News
12 Nov 2020
Life after Maze: Is Egregor ransomware next?
Cybersecurity experts have noted similarities between newly discovered Egregor ransomware and the now-defunct Maze, but it's unclear whether the same threat actors are involved. Continue Reading
-
News
02 Nov 2020
Maze gang shuts down its ransomware operation
Maze ransomware has shut down, according to an announcement it posted Sunday, although some evidence suggests that Maze operators have resumed attacks under a different name. Continue Reading
-
News
01 Sep 2020
Big ransomware attacks overshadowing other alarming trends
Large ransomware attacks on major enterprises have dominated the news, but security experts say there are other alarming trends. Continue Reading
-
News
27 Aug 2020
Maze ransomware 'cartel' expands with new members
Two more ransomware groups have apparently joined the Maze 'cartel' in an effort to expose victims' data on leak sites and shame them into paying expensive ransoms. Continue Reading
-
News
24 Aug 2020
FBI and CISA issue vishing campaign warning
The FBI and CISA have issued a joint advisory related to a vishing campaign that began in mid-July, with numerous attacks that gained access to corporate VPN credentials. Continue Reading
-
News
04 Aug 2020
Twitter breach raises concerns over phone phishing
The alleged mastermind behind the Twitter breach has been arrested, and the method of social engineering attack has also been revealed: phone phishing, or vishing. Continue Reading
-
Podcast
04 Aug 2020
Risk & Repeat: Sophos warns of evolving ransomware threats
Dan Schiappa and Chester Wisniewski of Sophos join the Risk & Repeat podcast to discuss how ransomware groups are evolving and embracing innovative evasion techniques. Continue Reading
-
News
20 Jul 2020
Twitter breach caused by social engineering attack
Twitter was breached last Wednesday though a social engineering attack. Forty-five accounts were hijacked and up to eight accounts may have had their private messages stolen. Continue Reading
-
News
17 Jul 2020
Identity theft subscription services uncovered on dark web
Identity theft subscriptions are now being offered on the dark web. This information is being used for carding operations, account generation and other cybercrime schemes. Continue Reading
-
News
15 Jul 2020
Citrix data exposed in third-party breach
Citrix CISO Fermin Serna said a third-party organization is investigating a data breach after some of the vendor's customer data ended up on a dark web marketplace. Continue Reading
-
News
10 Jul 2020
Cybercriminals auction off admin credentials for $3,000
Threat actors are auctioning off domain administrator accounts, selling access to the highest bidder for an average of $3,139 and up to $140,000, according to Digital Shadows. Continue Reading
-
News
09 Jul 2020
Data theft in ransomware attacks may change disclosure game
Many ransomware attacks aren't publicly disclosed. But as ransomware gangs continue to steal, encrypt and threaten to publicly release data, that may be changing. Continue Reading
-
News
26 Jun 2020
Maze ransomware hit biggest target yet with LG breach
The operators of Maze ransomware claim to have breached LG, offering three screenshots as proof. One of those screenshots features LG product source code. Continue Reading
-
Podcast
19 Jun 2020
Risk & Repeat: Vault 7 report slams CIA security practices
This week's Risk & Repeat podcast discusses the CIA's internal task force report on the Vault 7 leak, which blasted the agency for a variety of serious security lapses. Continue Reading
-
News
16 Jun 2020
CIA unaware of Vault 7 theft until WikiLeaks dump
An internal CIA report from the Wikileaks Task Force blasted the agency over the leak of the Vault 7 cyberweapons, which exposed dangerous hacking tools and vulnerabilities. Continue Reading
-
News
11 Jun 2020
Italian company implicated in GuLoader malware attacks
While analyzing the network dropper GuLoader, researchers found an almost identical commercial software tool called CloudEye offered by a legitimate-looking Italian company. Continue Reading
-
News
10 Jun 2020
New 'Thanos' ransomware weaponizes RIPlace evasion technique
Recorded Future's Insikt Group uncovered a new ransomware-as-a-service tool named 'Thanos' that's the first ransomware to use the hard-to-detect RIPlace technique. Continue Reading
-
News
10 Jun 2020
Maze ransomware builds 'cartel' with other threat groups
Operators behind the Maze ransomware posted data leaks from competing ransomware gangs to their victim shaming website, suggesting they have joined forces. Continue Reading
-
News
26 May 2020
Mandiant dishes on notorious Maze ransomware group
Mandiant threat researchers navigate the tools, tactics and procedures of the Maze ransomware group, which has become notorious for "shaming" victims with stolen data. Continue Reading
-
News
01 May 2020
Shade ransomware decryptor released with 750,000 keys
Kaspersky Lab released a decryptor tool after operators behind the ransomware variant announced a shutdown of operations and issued an apology for any harm caused. Continue Reading
-
News
16 Apr 2020
Hackers embrace cryptocurrency laundering to evade the law
Cybercriminals are turning to cryptocurrency laundering methods to hide illicit proceeds as law enforcement agencies find success in tracing bitcoin transactions. Continue Reading
-
News
27 Mar 2020
Cyberinsurance carrier Chubb investigating possible data breach
Insurance giant Chubb confirmed it is investigating an incident that may involve the Maze ransomware group, which claims to have stolen sensitive data from the company. Continue Reading
-
News
19 Mar 2020
Maze ransomware gang pledges to stop attacking hospitals
The infamous Maze gang announced it has stopped ransomware attacks on healthcare and medical facilities because of the seriousness of the coronavirus pandemic. Continue Reading
-
News
30 Jan 2020
Payment cards from Wawa data breach found on dark web
Payment card information from customers of the convenience store chain Wawa has reportedly gone up for sale on the dark web, though questions about the breach remain. Continue Reading
-
News
28 Jan 2020
3 Magecart suspects arrested in Interpol operation
Three alleged cybercriminals suspected of being associated with Magecart were arrested in Indonesia via an Interpol-assisted operation called Operation Night Fury. Continue Reading
-
Answer
21 Nov 2019
Do you have the right set of penetration tester skills?
Pen testing is more than just the fun of breaking into systems. Learn about the critical penetration tester skills potential candidates must master to become proficient in their career path. Continue Reading
-
Tip
15 Oct 2019
Essential instruments for a pen test toolkit
Does your penetration testing toolkit have the proper contents? Learn the must-have tool for any pen tester, as well as specific tools for wireless, network and web app pen testing. Continue Reading
-
News
01 Oct 2019
Bulletproof host raided in former NATO bunker
German authorities arrested seven in raid of bulletproof hosting company CyberBunker -- which was housed in a former NATO bunker -- for allegedly hosting dark web marketplaces. Continue Reading
-
News
06 Aug 2019
LogicHub introduces automation updates to its SOAR platform
Security vendor LogicHub introduced new features to its SOAR platform that intend to automate tedious threat detection and response processes and save security teams time. Continue Reading
-
Opinion
08 Jul 2019
Who's to blame for ransomware attacks -- beyond the attackers?
Cyberattackers are to blame for ransomware attacks, but what about companies that release flawed software or don't install patches? Our expert looks at where the buck stops. Continue Reading
-
News
24 Apr 2019
Flashpoint responds to evolving dark web threats
Cybersecurity firm Flashpoint updated its threat intelligence platform to better address evolving techniques and practices on the dark web, such as encrypted chat usage. Continue Reading
-
News
05 Apr 2019
Cybercrime groups continue to flourish on Facebook
Security researchers found cybercrime groups using Facebook out in the open for illegal activity and the findings are very similar to an issue Facebook had last year. Continue Reading
-
Answer
08 Feb 2019
How did the Python supply chain attack occur?
A Python supply chain attack made it possible for an attacker to steal cryptocurrency. What steps should be taken to prevent incidents like this? Continue Reading
-
News
10 Jan 2019
McAfee casts doubt on Ryuk ransomware connection to North Korea
New research from McAfee refutes the connection between recent Ryuk ransomware attacks and the North Korean government. Instead, it points the finger at cybercriminals. Continue Reading
-
Tip
18 Oct 2018
The implications of the NetSpectre vulnerability
The NetSpectre vulnerability could enable a slow leak of data remotely via side channels. Expert Michael Cobb explains why data on secure microprocessors is not actually safe. Continue Reading
-
News
14 Sep 2018
British Airways data breach may be the work of Magecart
News roundup: The British Airways data breach may be the handiwork of hacking group Magecart, according to researchers. Plus, hacker Guccifer will be extradited to U.S., and more. Continue Reading
-
Podcast
02 Aug 2018
Risk & Repeat: A deep dive on SamSam ransomware
In this week's Risk & Repeat podcast, SearchSecurity editors talk about the SamSam ransomware campaign, which may be the work of a single hacker who's made nearly $6 million. Continue Reading
-
Conference Coverage
02 Aug 2018
Black Hat 2018 conference coverage
The SearchSecurity team covers the latest threats and vulnerabilities featured at this year's Black Hat USA with news, interviews and more from Las Vegas. Continue Reading
-
News
31 Jul 2018
NetSpectre is a remote side-channel attack, but a slow one
A new PoC attack using Spectre variant 1 called NetSpectre marks the first time Spectre v1 has been exploited remotely, although questions remain on the practicality of the attack. Continue Reading
-
News
13 Jul 2018
New Spectre variants earn $100,000 bounty from Intel
Researchers discovered two new Spectre variants that can be used to bypass protections and attack systems and earned $100,000 in bug bounties from Intel. Continue Reading
-
Tip
26 Jun 2018
How studying the black hat community can help enterprises
White hat hackers often assimilate themselves into the black hat community to track the latest threats. Discover how this behavior actually benefits the enterprise with David Geer. Continue Reading
-
Tip
19 Jun 2018
How white hat hackers can tell you more than threat intelligence
White hat hackers can play a key role in assessing threats lurking on the dark web. Discover what traditional threat intelligence isn't telling you and how white hats can help. Continue Reading
-
Opinion
01 Jun 2018
Cybercrime study: Growing economic ecosystem spells trouble
New research shows that cybercriminals are gaining momentum with connected infrastructure and collectively earning billions annually from a cybercrime economy. Now what? Continue Reading
-
News
22 May 2018
Recorded Future sheds light on Iranian hacking operations
Recorded Future's Levi Gundert discusses how the Iranian government uses proxies and contractors to launch cyberattacks, and how its strategy presents challenges for the country. Continue Reading
-
News
21 May 2018
Recorded Future: Iranian cyberattacks poised to resume
Recorded Future's Levi Gundert explains why major cyberattacks against Western enterprises are expected to resume following the United States' withdrawal from the Iran nuclear deal. Continue Reading
-
News
27 Apr 2018
DDoS-for-hire website taken down by law enforcement
Webstresser.org, a popular DDoS-for-hire website, was taken down by several law enforcement agencies across the globe. Details are sparse, but arrests have reportedly been made. Continue Reading
-
News
26 Apr 2018
SecureWorks warns of business email compromise campaign
SecureWorks researchers uncovered an extensive business email compromise campaign targeting the maritime shipping industry, which may have cost organizations millions of dollars. Continue Reading
-
Opinion
03 Apr 2018
Marcus Ranum decodes hardware vulnerabilities with Joe Grand
Computer hardware designs with dangerous security flaws? That's no surprise to renowned hardware hacker Grand. Continue Reading
- 30 Mar 2018
-
News
08 Feb 2018
DoJ breaks up Infraud Organization with some help
The U.S. Department of Justice announced the shutdown of the Infraud Organization, which authorities claim is responsible for global cyberfraud losses in excess of $530 million. Continue Reading
-
Guide
25 Jan 2018
Containing ransomware outbreaks now a top infosec priority
Prepping for and dealing with an outbreak of ransomware is the IT version of the flu shot. Learn how company systems and data from these potentially deadline infections. Continue Reading
-
Podcast
22 Dec 2017
Risk & Repeat: Cryptojacking looms amid the bitcoin boom
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the rising threat of cryptojacking and how hackers can steal computing power from unsuspecting users. Continue Reading
-
Podcast
14 Dec 2017
Risk & Repeat: The Bitcoin boom and its infosec effects
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the recent bitcoin boom and how the cryptocurrency's rising value could affect the cybersecurity landscape. Continue Reading
-
News
17 Oct 2017
KRACK WPA2 flaw might be more hype than risk
Researchers discover a WPA2 vulnerability and brand it KRACK, but some experts say the early reports overstate the risk of the flaw and downplay the difficulty of an exploit. Continue Reading
-
Answer
06 Oct 2017
How does the Ursnif Trojan variant exploit mouse movements?
A new version of the Ursnif Trojan uses mouse movements to bypass security efforts by beating sandbox detection. Expert Matthew Pascucci explains how this technique works. Continue Reading
-
News
28 Sep 2017
Network lateral movement from an attacker's perspective
A security researcher describes the network lateral movement process from an attacker's perspective and a few key points of focus for IT pros, at DerbyCon. Continue Reading
-
News
21 Sep 2017
Undocumented Word feature could lead to system information theft
An undocumented Word feature found by Kaspersky Lab could lead to system information theft and affects users on both PCs and mobile devices. Continue Reading
-
Feature
01 Sep 2017
Why WannaCry and other computer worms may inherit the earth
A vast majority of APT attacks and malware delivery happens via spear phishing. But worms have always had a place in the toolkit when the delivery method fit the mission. Continue Reading
-
Answer
21 Aug 2017
How does the MajikPOS malware evade detection?
A new POS malware downloads a RAM scraper to avoid detection. Expert Nick Lewis explains the tricks MajikPOS uses to target retail terminals and how to defend against it. Continue Reading
-
News
21 Jul 2017
Dark web markets' shutdown may lead to more arrests
Cooperation between law enforcement from around the world led to the shutdown of the AlphaBay and Hansa dark web markets and potential leads of illegal vendors. Continue Reading
-
Podcast
05 Jul 2017
Risk & Repeat: NotPetya ransomware raises the stakes
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the NotPetya ransomware, its impact and the growing trend of sophisticated ransomware attacks. Continue Reading
-
News
23 Jun 2017
Brutal Kangaroo USB malware could be reverse-engineered
The Brutal Kangaroo USB malware leaked from the CIA's Vault 7 could pose a threat to air-gapped computers if hackers reverse-engineer it. Continue Reading
-
Answer
12 Jun 2017
How do attackers use Microsoft Application Verifier for hijacking?
Attackers found a way to use Microsoft Application Verifier to hijack security products, like antivirus tools. Expert Judith Myerson explains how it's done and what to do to stop it. Continue Reading
-
Podcast
08 Jun 2017
Risk & Repeat: Shadow Brokers launch zero-day exploit service
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Shadow Brokers' monthly service for zero-day exploits and how it may affect enterprise security efforts. Continue Reading
-
Podcast
25 May 2017
Risk & Repeat: Microsoft slams NSA over EternalBlue
In this week's Risk & Repeat podcast, SearchSecurity editors discuss Microsoft's sharp criticism of the NSA over the EternalBlue Windows vulnerability and WannaCry ransomware. Continue Reading
-
Podcast
23 May 2017
Risk & Repeat: WannaCry ransomware worm shakes tech industry
In this week's Risk & Repeat podcast, SearchSecurity editors look at the devastation caused by the WannaCry ransomware worm and discuss how it could have been prevented. Continue Reading
