11.12.2025 18:18:00
Дата публикации
Experts at Beazley Security Labs identified a troubling trend of increasingly aggressive cyberattacks by hacker groups, most evident in the third quarter of 2025.
Major campaigns focused on exploiting corporate technologies (email, corporate clouds, and messengers), as well as vulnerabilities in VPNs and search engines. This allowed hackers to penetrate networks directly—through technical flaws and fake tools—without relying on traditional social engineering.
The most active criminal groups were Akira, Qilin, and INC Ransomware, responsible for 65% of all global attacks. Additionally, methods of SEO poisoning and the distribution of fake productivity and administration tools intensified.
In SEO poisoning, attackers push counterfeit versions of popular PDF editors or quick‑design apps to the top of search results.
From August to September, the number of attacks surged: nearly half of all incidents occurred during these two months.
One of the most notable campaigns was Akira’s attack on SonicWall devices. The breach of the MySonicWall cloud service led to leaks of client device configurations, including encrypted credentials.
Security researchers believe Akira ransomware operators used large‑scale automated credential‑stuffing attacks to gain initial access to poorly protected SonicWall devices.
The rise in attacks tracked by Beazley indicates that attackers exploit system vulnerabilities faster than vendors and administrators can patch them (zero‑day vulnerabilities). This trend underscores the need for continuous emergency vulnerability management.
After the EU law enforcement operation “ENDGAME,” aimed at dismantling cybercriminal infrastructure, the market for information‑stealing tools shifted: Lumma and RedLine lost ground after their equipment was seized, while the more sophisticated Rhadamanthys gained popularity thanks to fake corporate features.
The surge in attacks via SEO poisoning and malicious ads showed that hackers are actively deploying new tools. Experts advise strengthening remote access protection, monitoring web traffic, and applying multi‑factor authentication.
Major campaigns focused on exploiting corporate technologies (email, corporate clouds, and messengers), as well as vulnerabilities in VPNs and search engines. This allowed hackers to penetrate networks directly—through technical flaws and fake tools—without relying on traditional social engineering.
The most active criminal groups were Akira, Qilin, and INC Ransomware, responsible for 65% of all global attacks. Additionally, methods of SEO poisoning and the distribution of fake productivity and administration tools intensified.
In SEO poisoning, attackers push counterfeit versions of popular PDF editors or quick‑design apps to the top of search results.
From August to September, the number of attacks surged: nearly half of all incidents occurred during these two months.
One of the most notable campaigns was Akira’s attack on SonicWall devices. The breach of the MySonicWall cloud service led to leaks of client device configurations, including encrypted credentials.
Security researchers believe Akira ransomware operators used large‑scale automated credential‑stuffing attacks to gain initial access to poorly protected SonicWall devices.
The rise in attacks tracked by Beazley indicates that attackers exploit system vulnerabilities faster than vendors and administrators can patch them (zero‑day vulnerabilities). This trend underscores the need for continuous emergency vulnerability management.
After the EU law enforcement operation “ENDGAME,” aimed at dismantling cybercriminal infrastructure, the market for information‑stealing tools shifted: Lumma and RedLine lost ground after their equipment was seized, while the more sophisticated Rhadamanthys gained popularity thanks to fake corporate features.
The surge in attacks via SEO poisoning and malicious ads showed that hackers are actively deploying new tools. Experts advise strengthening remote access protection, monitoring web traffic, and applying multi‑factor authentication.
