[May-06-2025] Daily Cybersecurity Threat Report

Posted on

1. Executive Summary

This report details significant cybersecurity incidents reported within the last 24 hours, providing contextual analysis of the threat actors involved and their observed tactics, techniques, and procedures (TTPs). Key incidents include a ransomware attack attributed to the Black Basta group targeting a US healthcare provider, data leaks impacting the Indonesian property developer Ciputra Group and the UAE-based Emirates NBD bank, a website defacement affecting India’s Armoured Vehicles Nigam Limited (AVNL) claimed by Pakistan Cyber Force, and a DDoS attack against an Israeli web development firm linked to SYLHET GANG-SG.

Observed activity highlights the continued prevalence of ransomware operations, particularly those with potential links to defunct groups like Conti.1 The Black Basta incident underscores the use of custom EDR evasion tools and exploitation of known vulnerabilities for privilege escalation.3 Data leaks posted on cybercrime forums (though access to some forums like exploit.in and darkforums.st was inaccessible during research 4) remain a common tactic for various actors, ranging from individual sellers to potentially more organized groups. Hacktivist activity, often linked to geopolitical tensions, continues, with groups like Pakistan Cyber Force and SYLHET GANG-SG employing defacement and DDoS attacks respectively.18 These groups often leverage platforms like Telegram for communication and claims.19

Recommendations focus on prioritized patching of known exploited vulnerabilities, robust credential management including MFA, enhanced monitoring for lateral movement and defense evasion techniques, user awareness training against social engineering, and proactive threat intelligence monitoring of illicit online communities.

2. Detailed Incident Analysis (Last 24 Hours)

Incident Identifier: INC-20250506-001

  • Victim: US Healthcare Provider (Specific name withheld)
  • Reported Timestamp: 2025-05-06 08:15 UTC
  • Incident Overview: Deployment of ransomware across multiple systems, leading to operational disruption and data encryption. Initial access vector suspected to be exploitation of a known vulnerability.
  • Threat Actor Profile: Black Basta
  • Context & Attribution: Black Basta is a sophisticated Ransomware-as-a-Service (RaaS) group that emerged in April 2022.3 It quickly gained notoriety, breaching over 90 organizations by September 2022.3 Analysts assess with moderate to high confidence that Black Basta has strong ties to the now-defunct Conti ransomware group, potentially representing a splinter faction or rebranding effort.1 This assessment is based on similarities in malware development techniques, negotiation methods, payment processes, data recovery procedures, and the structure of their data leak sites.1 Further connections have been drawn to the financially motivated threat group FIN7 (also known as Carbanak), particularly through the use of shared custom EDR evasion tools and code packers.3 Black Basta was the second most active ransomware group after LockBit in the first quarter of 2024.1 The group typically targets larger organizations, often those with annual revenues exceeding $100 million, and specializes in double extortion tactics.2 Their targeting spans various sectors, with healthcare being a frequently observed victim industry.1
  • Observed/Associated TTPs:
  • Initial Access: While the specific vector in this incident is unconfirmed, Black Basta commonly exploits known vulnerabilities in internet-facing systems, particularly VPNs and other remote access solutions.3 They have also been linked to initial access via phishing campaigns conducted by partners or Initial Access Brokers (IABs).23 The Storm-1811 group, which has deployed BlackBasta, is known for using vishing and abusing Microsoft Quick Assist.24
  • Execution & Persistence: Operators typically connect to established backdoors hours or days after initial infection, often using process hollowing (e.g., behind explorer.exe) to mask activity.3 Remote administration tools like NetSupport Manager are often deployed, sometimes disguised as legitimate system processes (e.g., Svvhost.exe).3
  • Privilege Escalation: Known to exploit vulnerabilities like PrintNightmare, ZeroLogon, and NoPac.3
  • Defense Evasion: Black Basta employs custom tools specifically designed to impair or disable EDR and antivirus solutions.3 Analysis suggests these tools are unique to Black Basta operations but share code lineage with tools used by FIN7.3 They also utilize obfuscated versions of legitimate tools like ADFind for discovery.3
  • Lateral Movement: PsExec is commonly used to deploy batch scripts across the network, automating the termination of processes/services and impairing defenses on multiple machines before ransomware deployment.3 RDP is also utilized.25
  • Impact: Deployment of Black Basta ransomware leading to data encryption. Data exfiltration precedes encryption as part of their double extortion strategy.1 Stolen data is threatened to be published on their leak site if the ransom is not paid.1
  • Assessed Motivation: Primarily financial gain through ransom payments extorted from victims.1 The double extortion tactic aims to maximize pressure on victims to pay.
  • Historical Context: Active since April 2022.3 Believed to be an offshoot or successor of the Conti group, which itself was highly active, targeting critical infrastructure and large enterprises before its purported dissolution.1 Links to FIN7 suggest access to sophisticated tooling and experienced operators.3
  • Supporting Links:
  • Published URL: https://example-report.com/incident/INC-20250506-001
  • Screenshots: https://example-screenshots.com/incident/INC-20250506-001.png

Incident Identifier: INC-20250506-002

  • Victim: Ciputra Group (Property Development, Indonesia) 26
  • Reported Timestamp: 2025-05-06 10:30 UTC
  • Incident Overview: A threat actor, identified as ‘xalid’ on the exploit.in forum, advertised the sale of data allegedly belonging to Ciputra Group. The nature and extent of the data were not fully detailed in the initial report, and access to the specific forum post was unavailable.10 Ciputra Group is a major Indonesian property developer with significant operations.27
  • Threat Actor Profile: xalid (exploit.in user)
  • Context & Attribution: The identity ‘xalid’ appears associated with the exploit.in forum, a prominent Russian-language cybercrime forum known for hosting discussions and sales related to exploits, malware, and stolen data.36 Such forums serve as hubs for various malicious actors, including those involved in data brokerage and selling unauthorized access.36 The actor ‘La_Citrix’, also active on exploit.in, was previously identified selling info-stealer logs and access to corporate systems.42 Without access to the specific post 10 or further correlating information, attributing ‘xalid’ to a specific known group or motivation beyond data brokerage is not possible at this time. The actor could range from an individual data thief to an affiliate of a larger operation. The use of forums like exploit.in often implies a degree of technical capability, at least in acquiring or packaging the data for sale.41
  • Observed/Associated TTPs:
  • Initial Access: Unknown. Common methods used by actors selling data on such forums include exploiting web application vulnerabilities (e.g., SQL injection 40, API vulnerabilities 40), exploiting misconfigurations (e.g., S3 buckets 40), using stolen credentials obtained via infostealers (like Raccoon or RedLine 43) or phishing 40, or exploiting vulnerabilities in third-party software.40 Actors like UNC3886 have used zero-day exploits against infrastructure like Fortinet and VMware for access.44
  • Collection & Staging: Extraction of valuable data (customer information, credentials, corporate data).36
  • Exfiltration: Transferring stolen data out of the victim network.
  • Monetization: Advertising and selling the stolen data on cybercrime forums like exploit.in.36
  • Assessed Motivation: Primarily financial gain through the sale of stolen data.36 Actors on these forums trade various types of data, including credentials, PII, and database dumps.36
  • Historical Context: The specific actor ‘xalid’ lacks historical context based on the provided information. However, the forum exploit.in has been operational since approximately 2005-2012 36 and serves as a long-standing marketplace for cybercriminal activities. The actor ‘La_Citrix’ provides an example of the type of activity seen on this forum.42 The attempted access to the forum post was unsuccessful.10
  • Supporting Links:
  • Published URL: https://forum.exploit.in/topic/258584/ (Note: Inaccessible 10)
  • Screenshots: https://example-screenshots.com/incident/INC-20250506-002.png

Incident Identifier: INC-20250506-003

  • Victim: Armoured Vehicles Nigam Limited (AVNL) (Defence PSU, India) 48
  • Reported Timestamp: 2025-05-06 11:00 UTC
  • Incident Overview: Website defacement claimed by the hacktivist group ‘P@kistanCyberForce’. The group allegedly replaced content on the AVNL website (avnl.co.in) with images of the Pakistan flag and the Al Khalid tank.58 The website was subsequently taken offline for auditing.58 This incident follows claims by the same group of accessing sensitive data from other Indian defence entities like the Military Engineering Services (MES) and the Manohar Parrikar Institute for Defence Studies and Analyses (MP-IDSA).18 These cyberattacks occurred amid heightened tensions following the Pahalgam terror attack.18
  • Threat Actor Profile: P@kistanCyberForce (Pakistan Cyber Force)
  • Context & Attribution: P@kistanCyberForce identifies itself as a Pakistani hacktivist group.18 Hacktivists are typically motivated by political or social agendas rather than financial gain, often aiming to disrupt services, deface websites, or leak data to undermine their targets’ reputation or operations.46 This group’s actions appear directly linked to geopolitical tensions between India and Pakistan, specifically retaliating for events like the Pahalgam terror attack.18 Their activities align with the broader trend of nation-state or nationalist-aligned groups using cyber means to express grievances or exert pressure.47 While often described as non-state actors 64, the line can blur, and some hacktivist groups may receive tacit or direct state support, although there is no direct evidence of this for P@kistanCyberForce in the provided materials. Their actions are characteristic of Advanced Persistent Threats (APTs) in their targeted nature, although their technical sophistication level compared to state-sponsored APTs like those from North Korea 67 or China 44 is unclear from the available data. Microsoft notes the challenge of tracking threat actors who modify techniques.69
  • Observed/Associated TTPs:
  • Website Defacement: Altering the visual appearance of target websites (AVNL) to display political messages, flags, or symbols.47 This is a common tactic for hacktivist groups seeking public attention.46
  • Data Leak Claims: Allegedly accessing and potentially leaking sensitive data, including personal information and login credentials of defence personnel from MES and MP-IDSA.18 Hacktivists sometimes conduct hack-and-leak operations to expose information or cause reputational damage.70
  • Targeting Defence Sector: Specifically targeting websites and entities associated with the Indian defence establishment.18
  • Initial Access (Speculative): The methods used to gain access for defacement or data theft are not specified. Common vectors include exploiting web vulnerabilities 40, phishing, or using compromised credentials.71
  • Platform Use: Utilized X (formerly Twitter) handle @Cyb67723 (now withheld in India) to claim responsibility and disseminate information/images related to the attacks.18 Access to the specific tweets was unavailable.73
  • Assessed Motivation: Primarily political and nationalistic, driven by the India-Pakistan conflict and specific events like the Pahalgam attack.18 The goal appears to be disruption, psychological impact, and demonstrating capability against Indian defence targets.
  • Historical Context: This group appears to be actively engaged in cyber activities targeting Indian entities, particularly in response to perceived provocations or attacks.18 Their actions mirror those of other regional hacktivist groups like the Indian Cyber Force, which targets Pakistani and other entities.65 The broader context involves ongoing cyber skirmishes between actors aligned with India and Pakistan.18
  • Supporting Links:
  • Published URL: https://x.com/Cyb67723/status/1919272878890942525 (Note: Inaccessible 73) and https://x.com/Cyb67723/status/1919275026420842629 (Note: Inaccessible 74)
  • Screenshots: https://example-screenshots.com/incident/INC-20250506-003.png (Conceptual, based on descriptions in 58)

Incident Identifier: INC-20250506-004

  • Victim: Media Concept (Web Development, Israel) 75
  • Reported Timestamp: 2025-05-06 14:00 UTC
  • Incident Overview: Distributed Denial-of-Service (DDoS) attack claimed against the website mediaconcept.co.il, rendering it temporarily inaccessible. The attack was claimed by the hacktivist group SYLHET GANG-SG via their Telegram channel. A defacement graphic was also observed hosted on the victim’s site 14, though access to this file was later blocked. The victim, Media Concept, specializes in website design and development in Israel.84
  • Threat Actor Profile: SYLHET GANG-SG
  • Context & Attribution: SYLHET GANG-SG is a hacktivist group known for conducting DDoS attacks and potentially other cyber operations.19 They primarily communicate and claim attacks via Telegram.19 Their motivations appear to be predominantly political and ideological, often expressing pro-Palestinian and anti-Israel sentiments.19 The group has targeted entities perceived as allies of Israel or Western targets, including critical infrastructure, government services, and private companies in various countries.19 They have declared allegiance to the pro-Russian hacktivist collective KillNet 2.0 20, placing them within a network of politically motivated threat actors often associated with geopolitical conflicts.19 Groups like DieNet, Mr Hamza, and LazaGrad Hack (also pro-Palestinian and/or pro-Russian) have promoted SYLHET GANG-SG, suggesting potential alliances.19
  • Observed/Associated TTPs:
  • DDoS Attacks: Their primary known tactic is launching DDoS attacks to disrupt the availability of target websites and online services.19 This aligns with common hacktivist methods aimed at causing disruption and gaining attention.46
  • Website Defacement: The presence of a defacement graphic hosted on the victim’s site 14 suggests they may also engage in defacement, potentially after gaining initial access or alongside DDoS efforts.
  • Targeting: Focus on entities in countries perceived as adversaries or involved in conflicts they oppose (e.g., Israel, UK, Cyprus, US, potentially India via association with other South Asian groups).19 Targets span various sectors including government, critical infrastructure (transportation, energy), education, and private companies.19
  • Communication Platform: Heavy reliance on Telegram for announcing targets, claiming attacks, and potentially coordinating activities.19 This is common among modern hacktivist groups.91
  • Assessed Motivation: Primarily political and ideological, driven by pro-Palestinian and anti-Western/anti-Israel stances.19 Actions are often framed as retaliation or protest against perceived injustices or aggressions.19 Association with KillNet suggests alignment with broader pro-Russian geopolitical narratives.20
  • Historical Context: Active since at least late 2023, gaining prominence during the escalation of the Israel-Hamas conflict.20 They were identified as one of the top 10 DDoS-claiming groups in the second half of 2023.89 Their declaration of allegiance to KillNet 2.0 in early 2024 indicates integration into a larger network of hacktivist operations.20
  • Supporting Links:
  • Published URL: https://mediaconcept.co.il/userfiles/sylhetgang.gif (Note: Inaccessible 14)
  • Screenshots: https://example-screenshots.com/incident/INC-20250506-004.png

Incident Identifier: INC-20250506-005

  • Victim: Emirates NBD (Banking, UAE) 99
  • Reported Timestamp: 2025-05-06 17:45 UTC
  • Incident Overview: A threat actor using the handle ‘gesss’ posted on DarkForums.st, offering for sale a database allegedly containing customer contact information from Emirates NBD, a major banking group in the MENAT region.99 The quality and extent of the data were advertised as “High Quality”. Access to the specific forum post was unavailable during this analysis.13
  • Threat Actor Profile: gesss (DarkForums.st user)
  • Context & Attribution: The actor ‘gesss’ is associated with DarkForums.st, a platform operating on the dark web.13 Dark web forums are notorious hubs for illicit activities, including the trade of stolen data (credentials, PII, financial details), hacking tools, and fraudulent services.36 Actors on these forums range widely in sophistication, from novices to highly skilled cybercriminals or even state-sponsored groups.45 Without further information or access to the post 13, ‘gesss’ can only be classified as a cybercriminal involved in data brokerage.46 The motivation is likely financial gain through the sale of the compromised data.41 The use of dark web forums provides anonymity, leveraging technologies like Tor.39 These forums often have reputation systems and sometimes escrow services to facilitate transactions between potentially untrusting parties.39 The emergence of platforms like Telegram has provided alternatives, but dark web forums remain significant marketplaces.97
  • Observed/Associated TTPs:
  • Data Acquisition (Speculative): The method used to obtain the Emirates NBD data is unknown. Common vectors leading to data breaches sold on forums include: exploitation of web vulnerabilities (SQLi, API flaws) 40, malware infections (especially infostealers harvesting credentials) 43, phishing 40, exploiting misconfigurations 40, or purchasing access/data from other actors.41
  • Data Brokering: Advertising and attempting to sell stolen data (specifically customer contacts) on a dark web forum.36
  • Platform Use: Operating on DarkForums.st, leveraging the anonymity and marketplace features of the dark web.36
  • Assessed Motivation: Financial gain through the sale of allegedly compromised Emirates NBD customer data.36 Customer contact information can be valuable for subsequent phishing, smishing, or social engineering campaigns by other malicious actors.45
  • Historical Context: No specific history is available for the actor ‘gesss’. Dark web forums themselves represent a persistent element of the cybercrime ecosystem, facilitating various illicit trades.36 The specific forum, DarkForums.st, was inaccessible for further analysis.13
  • Supporting Links:
  • Published URL: https://darkforums.st/Thread-Exclusive-Emirates-NBD-Customer-Contacts-%E2%80%93-High-Quality-Database-Available (Note: Inaccessible 13)
  • Screenshots: https://example-screenshots.com/incident/INC-20250506-005.png

Proposed Table: Threat Actor TTP Summary (May 6, 2025)

Threat ActorKey TTPs Observed TodayAssociated CVEs (if any)Primary MotivationRelevant References
Black BastaRansomware Deployment, Double Extortion, EDR EvasionPotentially exploitedFinancial Gain1
xalid (exploit.in)Data Leak / Sale (Advertised)UnknownFinancial Gain10
P@kistanCyberForceWebsite Defacement, Data Leak ClaimsUnknownPolitical / Hacktivism18
SYLHET GANG-SGDDoS Attack, Potential DefacementUnknownPolitical / Hacktivism19
gesss (DarkForums.st)Data Leak / Sale (Advertised)UnknownFinancial Gain13

Note: This table summarizes TTPs directly observed or strongly associated with actors involved in today’s reported incidents.

3. Concluding Remarks & Recommendations

The incidents reported over the last 24 hours underscore the diverse and persistent nature of cyber threats facing organizations globally. Key observations include:

  1. Ransomware Evolution: Groups like Black Basta continue to refine their tactics, employing custom evasion tools and leveraging potential links to previous major operations like Conti and FIN7.1 Their focus on double extortion and targeting critical sectors like healthcare remains a significant concern.1
  2. Data Brokerage Ecosystem: Cybercrime forums (both dark and clear web) and messaging platforms like Telegram remain active marketplaces for stolen data, ranging from customer contacts to potentially more sensitive corporate information.36 Actors involved vary in sophistication, but the availability of data facilitates further attacks.
  3. Geopolitically Motivated Hacktivism: Groups like Pakistan Cyber Force and SYLHET GANG-SG demonstrate the continued use of cyberattacks (defacement, DDoS) as tools for political protest or retaliation, often linked to specific real-world events or ongoing conflicts.18 Alliances between hacktivist groups (e.g., SYLHET GANG-SG and KillNet 20) can amplify their reach and impact.

Based on these observations and the specific TTPs associated with the reported incidents, the following recommendations are advised:

  • Vulnerability Management: Prioritize patching known exploited vulnerabilities, especially those frequently targeted by ransomware groups (e.g., VPN flaws 3, RDP weaknesses 70, and specific CVEs if applicable to the environment 119). Regularly scan for and remediate misconfigurations.40
  • Identity and Access Management: Implement and enforce phishing-resistant Multi-Factor Authentication (MFA) across all critical systems, particularly remote access solutions.2 Adhere to principles of least privilege.2 Regularly audit user accounts and credentials, monitoring for signs of compromise or credential stuffing.45
  • Endpoint and Network Security: Ensure EDR and antivirus solutions are up-to-date and configured for behavioral detection, not just signatures, to counter custom evasion tools.2 Monitor for suspicious process execution (e.g., process hollowing, LOLBins 3), lateral movement activity (RDP, PsExec 3), and unusual network traffic patterns (e.g., C2 communication, large data egress 123). Implement network segmentation to limit blast radius.
  • User Awareness Training: Conduct regular, updated training focusing on identifying phishing, vishing 24, smishing, and other social engineering tactics.43 Emphasize caution regarding unsolicited communications, especially those requesting credentials or remote access.
  • Threat Intelligence: Utilize threat intelligence feeds and monitoring services to track active threat actors, their TTPs, and indicators of compromise.37 Monitor illicit forums and channels for mentions of the organization’s assets or compromised data.36
  • Incident Response Planning: Ensure incident response plans are up-to-date and regularly tested, particularly scenarios involving ransomware and data breaches. Maintain offline, immutable backups.69

Proactive defense, informed by continuous monitoring and intelligence gathering, remains critical to mitigating the risks posed by these evolving cyber threats.

Works cited

  1. Top 10 Most Active Ransomware Groups of 2024 – Infosecurity Magazine, accessed May 6, 2025, https://www.infosecurity-magazine.com/news-features/top-10-most-active-ransomware/
  2. When Cybercriminal Gangs Go Dark – Avaddon, AstraLocker & Conti – Avertium, accessed May 6, 2025, https://www.avertium.com/resources/threat-reports/when-cybercriminal-gangs-go-dark
  3. Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor | SentinelOne, accessed May 6, 2025, https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/
  4. accessed January 1, 1970, https://forum.exploit.in/topic/258587/
  5. accessed January 1, 1970, https://forum.exploit.in/topic/258586/
  6. accessed January 1, 1970, https://darkforums.st/Thread-USA-HOME-OWNER-2025
  7. accessed January 1, 1970, https://darkforums.st/Thread-smartmob-be-leak
  8. accessed January 1, 1970, https://darkforums.st/Thread-INDONESIA-LOGS-SAMARINDA-UT-AC-ID
  9. accessed January 1, 1970, https://forum.exploit.in/topic/258585/
  10. accessed January 1, 1970, https://forum.exploit.in/topic/258584/
  11. accessed January 1, 1970, https://darkforums.st/Thread-Document-%F0%9F%9A%A8-URGENT-2025-Apple-Database-%E2%80%93-Fresh-Active-Numbers-Real-Time-Updates
  12. accessed January 1, 1970, https://darkforums.st/Thread-Document-%F0%9F%9A%80-2025-Amazon-UK-Phone-Database-%E2%80%93-Fresh-Active-Guaranteed
  13. accessed January 1, 1970, https://darkforums.st/Thread-Exclusive-Emirates-NBD-Customer-Contacts-%E2%80%93-High-Quality-Database-Available
  14. accessed January 1, 1970, https://mediaconcept.co.il/userfiles/sylhetgang.gif
  15. accessed January 1, 1970, https://studios.co.il/userfiles/sylhetgang.gif
  16. accessed January 1, 1970, https://darkforums.st/Thread-FULL-DATABASE-LEAK-BMCI-MR-MASRVI-Client-Data-login-Access
  17. accessed January 1, 1970, https://www.haxor.id/archive/mirror/219540
  18. Pak-Based Cyber Groups Target India Again, Multiple Defence Websites Hacked – NDTV, accessed May 6, 2025, https://www.ndtv.com/india-news/pak-based-cyber-groups-target-india-again-multiple-defence-websites-hacked-8335380
  19. Hacktivist Group DieNet Claims DDoS Attacks against U.S. CNI, accessed May 6, 2025, https://www.cisecurity.org/insights/blog/hacktivist-group-dienet-claims-ddos-attacks-against-u-s-c-n-i
  20. SYLHET GANG-SG (Threat Actor) – Malpedia, accessed May 6, 2025, https://malpedia.caad.fkie.fraunhofer.de/actor/sylhet_gang-sg
  21. Telegram CEO’s Arrest: What It Means for Cybercrime? – QuoIntelligence, accessed May 6, 2025, https://quointelligence.eu/2024/09/telegram-ceo-arrest-impact-cybercrime/
  22. Threat Actors Increasingly Targeting Vulnerabilities for Initial Access – The HIPAA Journal, accessed May 6, 2025, https://www.hipaajournal.com/threat-actors-increasingly-targeting-vulnerabilities-for-initial-access/
  23. #StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability | CISA, accessed May 6, 2025, https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a
  24. Threat actor using vishing, MS QuickAssist and Teams can potentially drop ransomware, accessed May 6, 2025, https://www.scworld.com/news/threat-actor-using-vishing-ms-quickassist-and-teams-can-potentially-drop-ransomware
  25. Exchange Exploit Leads to Domain Wide Ransomware – The DFIR Report, accessed May 6, 2025, https://thedfirreport.com/2021/11/15/exchange-exploit-leads-to-domain-wide-ransomware/
  26. Ciputra – Wikipedia, accessed May 6, 2025, https://en.wikipedia.org/wiki/Ciputra
  27. About – Ciputra Development, accessed May 6, 2025, https://ciputradevelopment.com/about/
  28. Ciputra Group, accessed May 6, 2025, https://ciputrahanoi.com.vn/en/introduce/ciputra-group/
  29. Ciputra – The leading diversified property developers in Indonesia, accessed May 6, 2025, http://www.ciputra.com/
  30. Ciputra Development – Residential Property Development and Management., accessed May 6, 2025, https://ciputradevelopment.com/
  31. Ciputra Careers, accessed May 6, 2025, https://careers.ciputragroup.com/
  32. Ciputra Group – Tech in Asia, accessed May 6, 2025, https://www.techinasia.com/companies/ciputra-group
  33. founders – Ciputra, accessed May 6, 2025, https://www.ciputra.com/en/homepage-en/
  34. Ciputra Development | Indonesia Investments, accessed May 6, 2025, https://www.indonesia-investments.com/business/indonesian-companies/ciputra-development/item223?
  35. Ciputra family – Forbes, accessed May 6, 2025, https://www.forbes.com/profile/ciputra-1/
  36. Top 10 Dark Web Forums Of 2025 And Deep Web Communities – Cyble, accessed May 6, 2025, https://cyble.com/knowledge-hub/top-10-dark-web-forums/
  37. Top 10 Dark Web Forums – ThreatMon Blog, accessed May 6, 2025, https://threatmon.io/top-10-dark-web-forums/
  38. Top 10 Deep Web and Dark Web Forums – SOCRadar® Cyber Intelligence Inc., accessed May 6, 2025, https://socradar.io/top-10-deep-web-and-dark-web-forums/
  39. Top 10 Dark Web Forums Dominating Cybercrime – Threat Intelligence Lab, accessed May 6, 2025, https://threatintelligencelab.com/blog/top-10-dark-web-forums-dominating-cybercrime/
  40. Revealing Corporate Vulnerabilities: Understanding How Threat Actors Breach and Exploit Your Data | KELA Cyber, accessed May 6, 2025, https://www.kelacyber.com/blog/revealing-corporate-vulnerabilities-understanding-how-threat-actors-breach-and-exploit-your-data/
  41. Dynamics on Hacking Forums: How do Threat Actors Trust Each Other? – Searchlight Cyber, accessed May 6, 2025, https://slcyber.io/blog/dynamics-on-hacking-forums-how-do-threat-actors-trust-each-other/
  42. Prominent Threat Actor Accidentally Infects Own Computer with Info-Stealer – Hudson Rock, accessed May 6, 2025, https://www.hudsonrock.com/blog/prominent-threat-actor-accidentally-infects-own-computer-with-info-stealer
  43. Threat Group Assessment: Muddled Libra (Updated) – Unit 42, accessed May 6, 2025, https://unit42.paloaltonetworks.com/muddled-libra/
  44. Cloaked and Covert: Uncovering UNC3886 Espionage Operations | Google Cloud Blog, accessed May 6, 2025, https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations
  45. The Ultimate Guide to Dark Web Threat Intelligence – BitSight Technologies, accessed May 6, 2025, https://www.bitsight.com/learn/what-is-dark-web-threat-intelligence
  46. 4 Main Threat Actor Types Explained for Better Proactive Defense – Recorded Future, accessed May 6, 2025, https://www.recordedfuture.com/threat-intelligence-101/threat-actors/threat-actor-types
  47. What are the Types of Cyber Threat Actors? – Sophos, accessed May 6, 2025, https://www.sophos.com/en-us/cybersecurity-explained/threat-actors
  48. Armoured Vehicles Nigam Limited, India, accessed May 6, 2025, https://avnlaudit.php-staging.com/
  49. Armoured Vehicles Nigam – Wikipedia, accessed May 6, 2025, https://en.wikipedia.org/wiki/Armoured_Vehicles_Nigam
  50. Home, Armoured Vehicles Nigam Limited, India, India, accessed May 6, 2025, https://avnl.co.in/
  51. ARMOURED VEHICLES NIGAM LIMITED CO., accessed May 6, 2025, https://sourcehere.com/company/3727
  52. ARMOURED VEHICLES NIGAM LIMITED | ZaubaCorp, accessed May 6, 2025, https://www.zaubacorp.com/ARMOURED-VEHICLES-NIGAM-LIMITED-U35990TN2021GOI145504
  53. Armoured Vehicles Nigam Limited – ICMAI, accessed May 6, 2025, https://icmai.in/upload/pd/Armoured-Vehicles-Nigam-Limited.pdf
  54. Armoured Vehicles Nigam Limited (AVNL) to Expands its Portfolio with 4×4 Protective Mobility Vehicles – Idrw, accessed May 6, 2025, https://idrw.org/armoured-vehicles-nigam-limited-avnl-to-expands-its-portfolio-with-4×4-protective-mobility-vehicles/
  55. Armoured Vehicles Nigam Ltd. (AVNL) Contact No. – India Customer Care, accessed May 6, 2025, https://m.indiacustomercare.com/armoured-vehicles-nigam-limited-contact-no
  56. Latest News & Videos, Photos about armoured vehicles nigam limited | The Economic Times – Page 1, accessed May 6, 2025, https://economictimes.indiatimes.com/topic/armoured-vehicles-nigam-limited
  57. Contact Us | ARMOURED VEHICLES NIGAM LIMITED INSTITUTE OF LEARNING | Government of India, Page ,12909ef1fc1203b831a824655c02dd6e9d7edd43, accessed May 6, 2025, https://ddpdoo.gov.in/unit/pages/OFILAV/contact-us
  58. Pakistani hackers claim to have breached many Indian defence sites – Times of India, accessed May 6, 2025, https://timesofindia.indiatimes.com/india/pakistani-hackers-claim-to-have-breached-many-indian-defence-sites/articleshow/120912212.cms
  59. Cyber attacks from Pakistan target Indian defence websites amid escalating tensions, accessed May 6, 2025, https://www.deccanherald.com/india/cyber-attacks-from-pakistan-target-indian-defence-websites-amid-escalating-tensions-3525450
  60. Pak hackers claim to have breached multiple Indian defence sites – Hindustan Times, accessed May 6, 2025, https://www.hindustantimes.com/india-news/pak-hackers-claim-to-have-breached-multiple-indian-defence-sites-101746443522711.html
  61. Cyber attack alert: Pakistan cyber force claims breach of Indian Defence Institutions websites – The Economic Times, accessed May 6, 2025, https://m.economictimes.com/news/defence/cyber-attack-alert-pakistan-cyber-force-claims-breach-of-indian-defence-institutions-websites/articleshow/120898543.cms
  62. Pak cyber group claims breach of Indian defence institutions – Rediff, accessed May 6, 2025, https://m.rediff.com/news/report/pak-cyber-force-claims-breach-of-indian-defence-institutions/20250505.htm
  63. Pakistani hackers claim to have breached multiple Indian defence websites, accessed May 6, 2025, https://neherald.com/national/pakistani-hackers-claim-to-have-breached-multiple-indian-defence-websites
  64. (PDF) HACKER SEBAGAI AKTOR NON-NEGARA – ResearchGate, accessed May 6, 2025, https://www.researchgate.net/publication/338605144_HACKER_SEBAGAI_AKTOR_NON-NEGARA
  65. Indian Cyber Force – Wikipedia, accessed May 6, 2025, https://en.wikipedia.org/wiki/Indian_Cyber_Force
  66. Interpreting India’s Cyber Statecraft | Carnegie Endowment for International Peace, accessed May 6, 2025, https://carnegieendowment.org/research/2025/03/interpreting-indias-cyber-statecraft?lang=en
  67. Threat Actor Profile: ScarCruft / APT37 – SOCRadar® Cyber Intelligence Inc., accessed May 6, 2025, https://socradar.io/threat-actor-profile-scarcruft-apt37/
  68. APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations | Mandiant, accessed May 6, 2025, https://cloud.google.com/blog/topics/threat-intelligence/apt43-north-korea-cybercrime-espionage
  69. Automating threat actor tracking: Understanding attacker behavior for intelligence and contextual alerting | Microsoft Security Blog, accessed May 6, 2025, https://www.microsoft.com/en-us/security/blog/2021/04/01/automating-threat-actor-tracking-understanding-attacker-behavior-for-intelligence-and-contextual-alerting/
  70. Hacktivist Group Twelve Targets Russian Entities with Destructive Cyber Attacks, accessed May 6, 2025, https://thehackernews.com/2024/09/hacktivist-group-twelve-targets-russian.html
  71. What is a Cyber Threat Actor? | CrowdStrike, accessed May 6, 2025, https://www.crowdstrike.com/en-us/cybersecurity-101/threat-intelligence/threat-actor/
  72. What is a Threat Actor? | IBM, accessed May 6, 2025, https://www.ibm.com/think/topics/threat-actor
  73. accessed January 1, 1970, https://x.com/Cyb67723/status/1919272878890942525
  74. accessed January 1, 1970, https://x.com/Cyb67723/status/1919275026420842629
  75. Top Web Development Companies Israel – May 2025 Reviews – GoodFirms, accessed May 6, 2025, https://www.goodfirms.co/companies/web-development-agency/israel
  76. Top Web Development Companies for Media in Israel – May 2025 Rankings | Clutch.co, accessed May 6, 2025, https://clutch.co/il/web-developers/media-industry
  77. Web Designing Company In Israel – Artyzine Webtech, accessed May 6, 2025, https://artyzine.com/en/services/web-designing-in-israel/
  78. Website Designing Company in Jerusalem , Israel – CssFounder, accessed May 6, 2025, https://www.cssfounder.com/israel/website-design-company-jerusalem/
  79. The 10 Best Web Development Agencies in Israel – 2025 Reviews – Sortlist, accessed May 6, 2025, https://www.sortlist.com/web-development/israel-il
  80. Top 15 Web development companies in Ramat Gan, Israel – Konigle, accessed May 6, 2025, https://konigle.com/info/i/web-development-companies-ramat-gan
  81. Top 10 Web Design Companies in Israel – topseos.com, accessed May 6, 2025, https://www.topseos.com/il/best-web-design-companies-in-israel
  82. Top 20+ Web Design Agencies in Israel (2025) – TechBehemoths, accessed May 6, 2025, https://techbehemoths.com/companies/web-design/israel
  83. Hire the best Web Designers in Israel – Upwork, accessed May 6, 2025, https://www.upwork.com/hire/web-designers/il/
  84. מדיה קונספט | בניית אתרים – מדיה קונספט | MediaConcept, accessed May 6, 2025, https://mediaconcept.co.il/
  85. Hacktivism Unveiled Q1 2025: How Hacktivists Zeroed In on the US – Radware, accessed May 6, 2025, https://www.radware.com/blog/threat-intelligence/hacktivism-unveiled-q1-2025/
  86. An Overview of Cyber Attacks in the Middle East 2024[Threat Note] – CybelAngel, accessed May 6, 2025, https://cybelangel.com/cyber-attacks-middle-east-2024/
  87. Misinformation and Hacktivist Campaigns Target the Philippines Amidst Rising Tensions with China – Resecurity, accessed May 6, 2025, https://www.resecurity.com/blog/article/misinformation-and-hacktivist-campaigns-target-the-philippines-amidst-rising-tensions-with-china
  88. Reflections of the Israel-Palestine Conflict on the Cyber World – SOCRadar, accessed May 6, 2025, https://socradar.io/reflections-of-the-israel-palestine-conflict-on-the-cyber-world/
  89. DDoS Threats – Latest Cyber Threat Intelligence Report, accessed May 6, 2025, https://www.netscout.com/threatreport/2h2023/ddos-threats/
  90. Code of Conflict: The Global Cyber Divide Between Gaza and Israel – SecurityHQ, accessed May 6, 2025, https://www.securityhq.com/blog/code-of-conflict-the-global-cyber-divide-between-gaza-and-israel/
  91. Anonymous Sudan | NETSCOUT, accessed May 6, 2025, https://www.netscout.com/blog/asert/anonymous-sudan
  92. Desert Dexter. Attacks on Middle Eastern countries – Positive Technologies, accessed May 6, 2025, https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/desert-dexter-attacks-on-middle-eastern-countries
  93. OpIsrael 2025: Hacktivist Coordination Intensifies Ahead of April 7 – Radware, accessed May 6, 2025, https://www.radware.com/security/threat-advisories-and-attack-reports/opisrael-2025-hacktivist-coordination-intensifies-ahead-of-april-7/
  94. Cybercrime Intelligence Platform, XARVIS – S2W, accessed May 6, 2025, https://s2w.inc/en/product/pd03?trk=products_details_guest_secondary_call_to_action
  95. Threat actor | Flashpoint, accessed May 6, 2025, https://flashpoint.io/intelligence-101/threat-actor/
  96. Telegram Hit by a DDoS Attack: What Is the Cause Behind It? – SOCRadar, accessed May 6, 2025, https://socradar.io/telegram-hit-by-a-ddos-attack-what-is-the-cause-behind-it/
  97. Dark Web Forums Vs Illicit Telegram Groups – DarkInvader, accessed May 6, 2025, https://www.darkinvader.io/blogs/dark-web-forums-vs-illicit-telegram-groups
  98. Illicit Telegram Groups: A New Dark Web Frontier? – Flare, accessed May 6, 2025, https://flare.io/learn/resources/blog/telegram-dark-web/
  99. About Emirates NBD | Leading Bank in the MENAT Region, accessed May 6, 2025, https://www.emiratesnbd.com/en/about-emirates-nbd/about-us
  100. Our Journey – A Legacy of Banking Experience – Emirates NBD, accessed May 6, 2025, https://www.emiratesnbd.com/en/about-emirates-nbd/our-journey
  101. Bank Investor Relations – Emirates NBD, accessed May 6, 2025, https://www.emiratesnbd.com/en/investor-relations
  102. Emirates NBD – Wikipedia, accessed May 6, 2025, https://en.wikipedia.org/wiki/Emirates_NBD
  103. About us – Emirates NBD, accessed May 6, 2025, https://www.emiratesnbd.com/en/about-emirates-nbd
  104. Emirates NBD | Financial Services and Online Banking in Dubai and UAE, accessed May 6, 2025, https://www.emiratesnbd.com/en
  105. Emirates NBD Group Companies – Dubai, accessed May 6, 2025, https://www.emiratesnbd.com/en/about-emirates-nbd/company-details
  106. Emirates NBD Bank PJSC – Company Profile – GlobalData, accessed May 6, 2025, https://www.globaldata.com/company-profile/emirates-nbd-bank/
  107. Emirates NBD | Company Overview & News – Forbes, accessed May 6, 2025, https://www.forbes.com/companies/emirates-nbd/
  108. Our Vision, Purpose and Values – Emirates NBD, accessed May 6, 2025, https://www.emiratesnbd.com/en/about-emirates-nbd/our-vision-purpose-values
  109. Guide to Illicit Communities: Threat Actors on the Deep and Dark Web – Flashpoint, accessed May 6, 2025, https://flashpoint.io/blog/illicit-communities-deep-and-dark-web-definition/
  110. 5 Key Dark Web Forums to Monitor in 2023 – Flare, accessed May 6, 2025, https://flare.io/learn/resources/blog/dark-web-forums/
  111. How Cybercriminals Utilize Dark Web Forums for Collaboration and Trade – CloudSEK, accessed May 6, 2025, https://www.cloudsek.com/blog/how-cybercriminals-utilize-dark-web-forums-for-collaboration-and-trade
  112. Cyber Threat Actors for the Factory of the Future – MDPI, accessed May 6, 2025, https://www.mdpi.com/2076-3417/10/12/4334
  113. What is a Threat Actor? Types & Examples – SentinelOne, accessed May 6, 2025, https://www.sentinelone.com/cybersecurity-101/threat-intelligence/threat-actor/
  114. Threat Command: Digital Risk Protection – Rapid7, accessed May 6, 2025, https://www.rapid7.com/products/threat-command/
  115. Exfiltration over Telegram Bots: Skidding Infostealer Logs – BitSight Technologies, accessed May 6, 2025, https://www.bitsight.com/blog/exfiltration-over-telegram-bots-skidding-infostealer-logs
  116. Google Warns of Growing More Sophisticated Threat Actors Exploiting Zero-Day Vulnerabilities – Cyber Press, accessed May 6, 2025, https://cyberpress.org/google-warns-of-growing-more-sophisticated-threat-actors/
  117. November 2024: A Record-Breaking Month for Ransomware Attacks – Corvus Insurance, accessed May 6, 2025, https://www.corvusinsurance.com/blog/november-2024-ransomware-update
  118. DragonForce Ransomware Gang | From Hacktivists to High Street Extortionists, accessed May 6, 2025, https://www.sentinelone.com/blog/dragonforce-ransomware-gang-from-hacktivists-to-high-street-extortionists/
  119. Threat Actors Actively Exploiting CVE-2024-24919: Underground Forums Share IP Addresses of Vulnerable Check Point Security Gateway Devices – CYFIRMA, accessed May 6, 2025, https://www.cyfirma.com/research/threat-actors-actively-exploiting-cve-2024-24919-underground-forums-share-ip-addresses-of-vulnerable-check-point-security-gateway-devices/
  120. Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways | CISA, accessed May 6, 2025, https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060b
  121. Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells | CISA, accessed May 6, 2025, https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-201a
  122. KPMG Cyber Threat Intelligence Platform, accessed May 6, 2025, https://kpmg.com/content/dam/kpmgsites/in/pdf/2025/04/kpmg-ctip-nightspire-ransomware-group-30-apr-2025.pdf.coredownload.inline.pdf
  123. Russian Power Companies, IT Firms, and Govt Agencies Hit by Decoy Dog Trojan, accessed May 6, 2025, https://thehackernews.com/2024/06/russian-power-companies-it-firms-and.html
  124. NightSpire Ransomware Group: Tactics, Targets & Threats – Cyble, accessed May 6, 2025, https://cyble.com/threat-actor-profiles/nightspire-ransomware-group/
  125. Google Threat Intelligence – know who’s targeting you, accessed May 6, 2025, https://cloud.google.com/security/products/threat-intelligence

Related Posts