Mastodon

1 post1 participant0 posts today

The New Oil<a href="https://mastodon.thenewoil.org/tags/Interlock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Interlock</a> <a href="https://mastodon.thenewoil.org/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a> gang pushes fake <a href="https://mastodon.thenewoil.org/tags/IT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IT</a> tools in <a href="https://mastodon.thenewoil.org/tags/ClickFix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ClickFix</a> attacks<a href="https://www.bleepingcomputer.com/news/security/interlock-ransomware-gang-pushes-fake-it-tools-in-clickfix-attacks/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/interlock-ransomware-gang-pushes-fake-it-tools-in-clickfix-attacks/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

crep1xCheck out our new blog post by the TDR team, presenting the latest TTPs used by the <a href="https://infosec.exchange/tags/Interlock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Interlock</a> ransomware group!It includes their use of the ClickFix tactic, PyInstaller, Node.js, Cloudflare Tunnels, and new PowerShell loader/backdoor ⬇️<a href="https://infosec.exchange/@sekoia_io/114346873677895469" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@sekoia_io/114346873677895469</a>By the way, Microsoft Threat Intelligence published an analysis yesterday on the same infection chain leveraging new PowerShell loader/backdoor (without associating it with Interlock?)<a href="https://www.microsoft.com/en-us/security/blog/2025/04/15/threat-actors-misuse-node-js-to-deliver-malware-and-other-malicious-payloads/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.microsoft.com/en-us/security/blog/2025/04/15/threat-actors-misuse-node-js-to-deliver-malware-and-other-malicious-payloads/</a>As usual, we share multiple IoCs and YARA rules in our blog post and on our community GitHub: <a href="https://github.com/SEKOIA-IO/Community/tree/main/IOCs/Interlock" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/SEKOIA-IO/Community/tree/main/IOCs/Interlock</a>

Sekoia.ioSince the apparition of the <a href="https://infosec.exchange/tags/Interlock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Interlock</a> ransomware, the Sekoia <a href="https://infosec.exchange/tags/TDR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TDR</a> team observed its operators evolving, improving their toolset (<a href="https://infosec.exchange/tags/LummaStealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LummaStealer</a> and <a href="https://infosec.exchange/tags/BerserkStealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BerserkStealer</a>), and leveraging new techniques such as <a href="https://infosec.exchange/tags/ClickFix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ClickFix</a> to deploy the ransomware payload. <a href="https://blog.sekoia.io/interlock-ransomware-evolving-under-the-radar/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blog.sekoia.io/interlock-ransomware-evolving-under-the-radar/</a>

RansomLookNew post from <a href="https://social.circl.lu/tags/Interlock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Interlock</a> : Doman Building Materials Group More at : <a href="https://www.ransomlook.io/group/Interlock" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.ransomlook.io/group/Interlock</a> <a href="https://social.circl.lu/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ransomware</a>

RansomLookNew post from <a href="https://social.circl.lu/tags/Interlock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Interlock</a> : Andretti Indoor Karting & Games More at : <a href="https://www.ransomlook.io/group/Interlock" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.ransomlook.io/group/Interlock</a> <a href="https://social.circl.lu/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ransomware</a>

RansomLookNew post from <a href="https://social.circl.lu/tags/Interlock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Interlock</a> : Drive Products More at : <a href="https://www.ransomlook.io/group/Interlock" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.ransomlook.io/group/Interlock</a> <a href="https://social.circl.lu/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ransomware</a>

RansomLookNew post from <a href="https://social.circl.lu/tags/Interlock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Interlock</a> : Doman More at : <a href="https://www.ransomlook.io/group/Interlock" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.ransomlook.io/group/Interlock</a> <a href="https://social.circl.lu/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ransomware</a>

RansomLookNew post from <a href="https://social.circl.lu/tags/Interlock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Interlock</a> : Cherokee County School District More at : <a href="https://www.ransomlook.io/group/Interlock" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.ransomlook.io/group/Interlock</a> <a href="https://social.circl.lu/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ransomware</a>

Pyrzout :vm:Ransomware Group Takes Credit for National Presto Industries Attack – Source: www.securityweek.com <a href="https://ciso2ciso.com/ransomware-group-takes-credit-for-national-presto-industries-attack-source-www-securityweek-com/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://ciso2ciso.com/ransomware-group-takes-credit-for-national-presto-industries-attack-source-www-securityweek-com/</a> <a href="https://social.skynetcloud.site/tags/NationalPrestoIndustries" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NationalPrestoIndustries</a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rssfeedpostgeneratorecho</a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurityNews</a> <a href="https://social.skynetcloud.site/tags/securityweekcom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#securityweekcom</a> <a href="https://social.skynetcloud.site/tags/securityweek" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#securityweek</a> <a href="https://social.skynetcloud.site/tags/DataBreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataBreach</a> <a href="https://social.skynetcloud.site/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a> <a href="https://social.skynetcloud.site/tags/Interlock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Interlock</a>

Pyrzout :vm:Ransomware Group Takes Credit for National Presto Industries Attack <a href="https://www.securityweek.com/ransomware-group-takes-credit-for-national-presto-industries-attack/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.securityweek.com/ransomware-group-takes-credit-for-national-presto-industries-attack/</a> <a href="https://social.skynetcloud.site/tags/NationalPrestoIndustries" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NationalPrestoIndustries</a> <a href="https://social.skynetcloud.site/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ransomware</a> <a href="https://social.skynetcloud.site/tags/databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#databreach</a> <a href="https://social.skynetcloud.site/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a> <a href="https://social.skynetcloud.site/tags/InterLock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InterLock</a>

RansomLookNew post from <a href="https://social.circl.lu/tags/Interlock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Interlock</a> : National Defense Corp More at : <a href="https://www.ransomlook.io/group/Interlock" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.ransomlook.io/group/Interlock</a> <a href="https://social.circl.lu/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ransomware</a>

RansomLookNew post from <a href="https://social.circl.lu/tags/Interlock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Interlock</a> : Pma More at : <a href="https://www.ransomlook.io/group/Interlock" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.ransomlook.io/group/Interlock</a> <a href="https://social.circl.lu/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ransomware</a>

RansomLookNew post from <a href="https://social.circl.lu/tags/Interlock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Interlock</a> : General Formulations More at : <a href="https://www.ransomlook.io/group/Interlock" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.ransomlook.io/group/Interlock</a> <a href="https://social.circl.lu/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ransomware</a>

RansomLookNew post from <a href="https://social.circl.lu/tags/Interlock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Interlock</a> : Aztec Municipal School District More at : <a href="https://www.ransomlook.io/group/Interlock" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.ransomlook.io/group/Interlock</a> <a href="https://social.circl.lu/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ransomware</a>

RansomLookNew post from <a href="https://social.circl.lu/tags/Interlock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Interlock</a> : Milano More at : <a href="https://www.ransomlook.io/group/Interlock" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.ransomlook.io/group/Interlock</a> <a href="https://social.circl.lu/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ransomware</a>

RansomLookNew post from <a href="https://social.circl.lu/tags/Interlock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Interlock</a> : Hancock Public School More at : <a href="https://www.ransomlook.io/group/Interlock" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.ransomlook.io/group/Interlock</a> <a href="https://social.circl.lu/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ransomware</a>

RansomLookNew post from <a href="https://social.circl.lu/tags/Interlock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Interlock</a> : Wayne County, Michigan More at : <a href="https://www.ransomlook.io/group/Interlock" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.ransomlook.io/group/Interlock</a> <a href="https://social.circl.lu/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ransomware</a>

RansomLookNew post from <a href="https://social.circl.lu/tags/Interlock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Interlock</a> : The Smeg Group More at : <a href="https://www.ransomlook.io/group/Interlock" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.ransomlook.io/group/Interlock</a> <a href="https://social.circl.lu/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ransomware</a>

RansomLookNew post from <a href="https://social.circl.lu/tags/Interlock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Interlock</a> : The Siegel Group, Inc. More at : <a href="https://www.ransomlook.io/group/Interlock" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.ransomlook.io/group/Interlock</a> <a href="https://social.circl.lu/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ransomware</a>

Recent searches

Search options

Administered by:

Server stats:

#interlock