The strange tale of ischhfd83: When cybercriminals eat their own

June 13, 2025

June Patch Tuesday digs into 67 bugs

An extremely Windows-heavy month, with a surprise cameo by... Sophos?!

Threat Research

May 20, 2025

A familiar playbook with a twist: 3AM ransomware actors dropped virtual machine with vishing and Quick Assist

Another adversary picks up the email bombing / vishing Storm-1811 playbook, doing thorough reconnaissance to target specific employees with fake help desk call—this time, over the phone.

Security OperationsThreat Research

May 15, 2025

Beyond the kill chain: What cybercriminals do with their money (Part 5)

In the last of our five-part series, Sophos X-Ops explores the implications and opportunities arising from threat actors’ involvement in real-world industries and crimes

Threat Research

May 15, 2025

Beyond the kill chain: What cybercriminals do with their money (Part 4)

In the fourth of our five-part series, Sophos X-Ops explores threat actors’ real-world criminal business interests

Threat Research

May 15, 2025

Beyond the kill chain: What cybercriminals do with their money (Part 3)

In the third of our five-part series, Sophos X-Ops explores the more legally and ethically dubious business interests of financially motivated threat actors

Threat Research

May 15, 2025

Beyond the kill chain: What cybercriminals do with their money (Part 2)

In the second of our five-part series, Sophos X-Ops investigates the so-called ‘white’ (legitimate) business interests of threat actors

Threat Research

May 15, 2025

Beyond the kill chain: What cybercriminals do with their money (Part 1)

Sophos X-Ops investigates what financially motivated threat actors invest their ill-gotten profits in, once the dust has settled

Threat Research

May 14, 2025

Microsoft primes 71 fixes for May Patch Tuesday

Five issues actively exploited in the wild, but the real excitement may have been handled in advance

Threat Research

May 09, 2025

Lumma Stealer, coming and going

The high-profile information stealer switches up its TTPs, but keeps the CAPTCHA tactic; we take a deep dive

Security OperationsThreat Research