A Knowledge Leak Web site (DLS) belonging to a brand new extortion group named Morpheus, which has stolen information from Arrotex Prescribed drugs (Australia) on December twelfth and PUS GmbH (Germany) on December twentieth.
Morpheus presents stolen information on the market on the DLS, requiring consumers to create accounts. Whereas a researcher suggests a hyperlink to Hellcat ransomware, there is no such thing as a definitive proof of ransomware deployment or any connection between the teams.
Extortion teams leverage Knowledge Leak Websites (DLS) to escalate stress on victims as preliminary threats contain public shaming by publishing the sufferer’s title and assault particulars on the group’s web site.
If this fails, the group escalates by releasing proof of knowledge theft, reminiscent of screenshots of inside recordsdata, delicate paperwork, and personally identifiable data.
Examine Actual-World Malicious Hyperlinks, Malware & Phishing Assaults With ANY.RUN – Strive for Free
A countdown timer is commonly launched, implying the discharge of all stolen information to the general public or on the DLS, both at no cost or a price, upon expiration.
Cyjax observes a regarding enhance within the emergence of latest DLSs lately, highlighting the rising significance of this menace vector.
The Morpheus Darkish Net Leak Web site (DLS) presents a three-tiered entry construction. Unregistered customers can view the touchdown web page, showcasing an inventory of compromised organizations, which incorporates sufferer descriptions, stolen information samples, and make contact with directions for information purchases.
Unauthenticated customers may also entry registration and login pages, whereas account creation necessitates a username, password, and CAPTCHA completion.
The DLS presents a user-friendly night-mode toggle for improved visibility. Upon authentication, customers acquire entry to 2 restricted sections: “Protected” and “Chat.”
The “Protected” space permits customers to submit requests for entry to delicate information, probably together with further samples past these publicly displayed on the “Feed” web page.
The “Chat” operate seems to supply a direct communication channel with the group’s directors, doubtless meant to facilitate negotiations relating to cost for the marketed information.
It claimed to have exfiltrated 2.5TB of delicate information from Arrotex Prescribed drugs, a subsidiary of DBH International Enterprises, which adopted a beforehand disclosed cybersecurity incident the place a malicious actor gained unauthorized entry to a DBG storage server on August 25, 2024.
Morpheus revealed proof together with PII, file bushes, and compliance paperwork, suggesting profitable information theft, which incorporates confidential paperwork, recruitment information, associate data, monetary information, and enterprise plans, which might be used for extortion, aggressive benefit, or different malicious functions.
On December 20, 2024, the ransomware group Morpheus publicly claimed to have compromised PUS GmbH, a Germany-based electronics producer with an estimated $5 million in income.
Morpheus is alleged to have exfiltrated delicate information, together with worker PII, buyer databases, and server configuration recordsdata. The group launched pattern information, together with invoices and HTTP server configuration information, to help their declare.
Discover this Information Fascinating! Observe us on Google Information, LinkedIn, and X to Get Immediate Updates!