KELA explores a possible link between the Belsen Group and ZeroSevenGroup, two cybercriminal entities with ties to Yemen. The Belsen Group surfaced in January 2025, leaking Fortinet data and selling network access, while ZeroSevenGroup had been active earlier, breaching companies and monetizing stolen data. Notably, both groups share similarities in writing style and post formatting. […] The post Could The Belsen Group Be Associated With ZeroSevenGroup? appeared first on KELA Cyber Threat I...| KELA Cyber Threat Intelligence
Discover the latest findings on Black Basta leak's victim details and their ransomware strategies based on KELA's analysis.| kelacyber
Pavel Durov, the founder and CEO of Telegram, was arrested in Paris on August 25, 2024 on charges related to his platform allegedly being used for illegal activities. Three days later, he was indicted and released on bail, with six charges related to illicit activity on Telegram.| kelacyber
A major leak has exposed the inner workings of Black Basta, one of the most active כransomware groups, offering a rare glimpse into how these cybercriminals infiltrate and exploit their victims. KELA conducted an in-depth analysis of the leaked data, uncovering key tactics and operational details used by the group. KELA’s latest report breaks down […] The post Inside the Black Basta Leak: How Ransomware Operators Gain Access appeared first on KELA Cyber Threat Intelligence.| KELA Cyber Threat Intelligence
2024 was a defining year for cybercrime. Infostealers fueled credential leaks at an unprecedented scale, ransomware gangs shifted their tactics, and AI-powered threats emerged as a new battleground. As cybercriminals evolved, so did their methods—blurring the lines between financially motivated attacks, hacktivist operations, and state-sponsored campaigns. KELA’s newly released report, The State of Cybercrime 2024, […] The post The State of Cybercrime 2024: Key Threats & What’s Coming...| KELA Cyber Threat Intelligence
Recently, a new ransomware group, dubbed Anubis, emerged. KELA has observed representatives of Anubis on both RAMP (using the moniker ‘superSonic’) and XSS (using the moniker ‘Anubis__media’). Read more in our blog.| KELA Cyber Threat Intelligence
Discover how Telegram's 'clouds of logs' are reshaping cybercrime, offering easy access to compromised credentials for ransomware and phishing attacks.| kelacyber
KELA investigated claims of 20 million compromised OpenAI credentials, uncovering that they stem from infostealer malware and data leaks—not an OpenAI breach. Learn the truth behind the claim and how to protect against credential theft.| KELA Cyber Threat Intelligence
Discover how automating Cyber Threat Intelligence (CTI) into SIEM and SOAR can strengthen your SOC without adding headcount. Learn the key benefits, from faster threat detection to cost savings, and how KELA’s integrations enhance security operations.| KELA Cyber Threat Intelligence
Don’t feel like reading? Listen to the BlogCast instead >>NOTE: this Blogcast was lovingly crafted using AI tools (though not DeepSeek, in case you were wondering). While they try their best to sound polished and informed, they may occasionally stumble over pronunciation, conjure up a random “fact,” or take some creAItive liberties. Think of them as […] The post Alibaba’s Qwen 2.5-VL Model is Also Vulnerable to Prompt Attacks appeared first on KELA Cyber Threat Intelligence.| KELA Cyber Threat Intelligence
Background In January 2025, a new alleged ransomware group named GDLockerSec emerged, sharing details of a few victims on their website. Interestingly, the group made the bold claim of targeting a high-value entity, Amazon’s AWS. KELA has investigated this assertion. Who is GDLockerSec? Emerging in January 2025, the group appears to operate as a ransomware […] The post Is GDLockerSec Really Targeting AWS? appeared first on KELA Cyber Threat Intelligence.| KELA Cyber Threat Intelligence
Analysis of Related Threat Actors: DarkRaaS and CornDB In October and November 2024, two notable threat actors, DarkRaaS and CornDB, emerged on BreachForums, displaying striking similarities in their operations, targets, and methodologies. This analysis examines the activities of...| kelacyber
Discover the security flaws in DeepSeek R1, a Chinese AI model with advanced reasoning capabilities. KELA's analysis reveals vulnerabilities, outdated safeguards, and privacy risks, emphasizing the need for robust testing in generative AI applications.| KELA Cyber Threat Intelligence