DragonForce LockBit and Qilin a new triad aims to dominate the ransomware landscape

pAstaroth Trojan abuses GitHub to host configs and evade takedownsppGoogle Mandiant expose malware and zeroday behind Oracle EBS extortionppStealit Malware spreads via fake game VPN installers on Mediafire and DiscordppSecurity Affairs newsletter Round 545 by Pierluigi Paganini INTERNATIONAL EDITIONppSECURITY AFFAIRS MALWARE NEWSLETTER ROUND 66ppCVE202511371 Unpatched zeroday in Gladinet CentreStack Triofox under attackppCybercrime ring GXC Team dismantled in Spain 25yearold leader detainedppAttackers exploit valid logins in SonicWall SSL VPN compromiseppApple doubles maximum bug bounty to 2M for zeroclick RCEsppJuniper patched nine critical flaws in Junos SpaceppUkraine sees surge in AIPowered cyberattacks by Russialinked Threat ActorsppUS CISA adds Grafana flaw to its Known Exploited Vulnerabilities catalogppRondoDox Botnet targets 56 flaws across 30 device types worldwideppClayRat campaign uses Telegram and phishing sites to distribute Android spywareppCVE20255947 WordPress Plugin flaw lets hackers access Admin accountsppThreat actors steal firewall configs impacting all SonicWall Cloud Backup usersppDiscord denies massive breach confirms limited exposure of 70K ID photosppQilin ransomware claimed responsibility for the attack on the beer giant AsahippDragonForce LockBit and Qilin a new triad aims to dominate the ransomware landscapeppDraftKings thwarts credential stuffing attack but urges password reset and MFAppRansomware groups DragonForce LockBit and Qilin formed a strategic alliance to enhance their attack capabilities signaling an evolving cyber threat landscapeppThe alliance aims at sharing tools and infrastructure to enhance attack effectiveness The coalition may restore LockBits reputation posttakedown and lead to more frequent ransomware attacks including on critical infrastructure echoing past collaborations like the 2020 MazeLockBit partnership that popularized double extortion tacticsppThis quarter the newly returned LockBit formed a coalition with prominent RaaS groups DragonForce and Qilin a partnership poised to drive more frequent and effective ransomware attacks reads the report published ReliaQuest This alliance could help restore LockBits reputation among affiliates following last years takedown potentially triggering a surge in attacks on critical infrastructure and expanding the threat to sectors previously considered low risk  ppIn Q3 2025 Qilin hit a record number of victims fueled by organized businesslike operations and dark web recruiting The group partners with IABs for VPN access enabling fast stealthy attacks Akira Inc Ransom and Play also remain major threats exploiting unpatched software to breach networks quicklyppExperts recently spotted LockBit 50 a new version targeting Windows Linux and ESXi systems It was first advertised on September 3 2025 marking the gangs sixth anniversaryppThe researchers also reported that the active dataleak sites hit a record 81 in Q3 2025 reflecting the rise of smaller ransomware groups after major players like LockBit and RansomHub declined The surge shows growing fragmentation in the ransomware ecosystem with new groups likely to target SMBs that have weaker defenses despite lower potential profitsppBy Q3 2025 newly emerged groups like Beast The Gentlemen and Cephalus fueled a 31 surge in attacks on organizations in the health care sector surpassing established names like Qilin and Inc Ransom and showcasing that smaller groups collectively can be just as destructive as their prominent counterparts continues the report This sharp increase follows the brief relief in Q2 2025 when health care listings dropped due to the absence of the previously dominant group RansomHubppIn Q3 ransomware groups continued targeting professional scientific and technical services manufacturing and construction PSTS attacks rose 17 while manufacturing and construction declined by 5 and 19 showing ransomware actors shifting opportunistic focusppFollow me on Twitter securityaffairs and Facebook and MastodonppPierluigi PaganinippSecurityAffairs  hacking ransomwareppppCyber Crime October 13 2025ppHacking October 13 2025ppMalware October 13 2025ppBreaking News October 12 2025ppMalware October 12 2025ppTo contact me write an email to
Pierluigi Paganini
email protected
pp
Copyrightsecurityaffairs 2024 p