In this week’s roundup, we explore how ZeroLock mitigates the advanced BRICKSTORM threat across virtualized environments to protect critical infrastructure, unpack how researchers captured the Lazarus APT’s remote-worker infiltration scheme live on camera to reveal evolving nation-state tradecraft, analyze the major cyberattack on Iberia Airlines that led to significant passenger data theft and heightened tourism security concerns across Europe, expose how Operation DupeHike uses weaponized documents to deploy the DUPERUNNER malware against employees, and take a deep dive into DragonForce ransomware and its expanding operational ties to Scattered Spider. Read on!
How ZeroLock Mitigates BRICKSTORM: Securing VMware Against Advanced Threats
ZeroLock® is positioned as a comprehensive, real-time defense against advanced threats like BRICKSTORM by combining behavioral monitoring, virtual patching, automated remediation, and strict access controls to stop zero-day exploitation and persistent backdoors at the infrastructure layer, enabling organizations to maintain operational continuity, protect mission-critical workloads, and rapidly contain attacks before they escalate into business-wide disruption.
"DragonForce’s move to rebrand as a ransomware “cartel” rather than a “gang” appears designed to broaden its appeal by lowering barriers to entry for aspiring hackers. Its recent collaboration with groups such as Scattered Spider in the Marks & Spencer attack likely encouraged this push to attract younger, motivated operators."
On Deep Dive into DragonForce Ransomware and its Scattered Spider Connection
"BRICKSTORM shows how threat actors are targeting VMware environments for more than just ransomware. Sophisticated groups are using ESXi as a beachhead to lead espionage campaigns and steal data from enterprise networks covertly. The need for runtime security on hypervisors has never been greater!"
On How ZeroLock Mitigates BRICKSTORM: Securing VMware Against Advanced Threats
Researchers Capture Lazarus APT's Remote-Worker Scheme Live on Camera
Researchers have, for the first time, captured live footage of an infiltration scheme by the North-Korea linked Lazarus Group (Famous Chollima division), revealing how the attackers use a global network of remote-worker fronts, stolen identities, fabricated résumés, and remote-access tooling to quietly embed themselves inside Western organizations under the guise of legitimate employment — a tactic that exposes major gaps in workforce vetting and remote-access governance, and underscores the urgent need for stronger identity verification, continuous behavioral monitoring, and more rigorous controls across distributed enterprise environments.
Iberia Airlines in Spain Hit by Major Cyberattack as Passenger Data Theft Sparks Tourism Security Concerns Across Europe
A major cyberattack on Iberia Airlines exposed hundreds of gigabytes of passenger data — including names, emails, loyalty-program IDs, and detailed travel itineraries — with hackers demanding a $6 million ransom, a breach that has intensified tourism-sector security concerns across Europe and underscored how deeply airlines rely on vulnerable third-party and operational systems, prompting renewed scrutiny of data-handling practices, incident-response readiness, regulatory gaps, and supply-chain risk across the aviation ecosystem as officials warn that similar attacks could disrupt travel operations more broadly.
Operation DupeHike Attacking Employees Using Weaponized Documents DUPERUNNER Malware
Threat actors behind a campaign known as Operation DupeHike are targeting corporate employees — especially in HR, payroll, and administrative roles — by sending convincing bonus-themed documents that deploy malware like DUPERUNNER and AdaptixC2, giving attackers remote access, data exfiltration capability, and persistent footholds through malicious shortcut files disguised as internal PDFs, a tactic that shows how modern social engineering blends familiarity with technical stealth and underscores the need for stronger identity verification, email hygiene, endpoint controls, and continuous behavioral monitoring.
Deep Dive into DragonForce Ransomware and its Scattered Spider Connection
A new analysis shows that DragonForce has rapidly escalated its ransomware-as-a-service capabilities by forming a strategic partnership with Scattered Spider, blending the group’s highly effective social-engineering and identity-based intrusion methods with DragonForce’s fast encryption tooling and advanced extortion tactics, creating a coordinated threat operation capable of penetrating enterprises across multiple sectors with alarming speed, precision, and impact, and signaling a shift toward more organized, cross-group cybercrime ecosystems that demand stronger identity security, incident readiness, and deep infrastructure-level defenses.
-1.png?upscale=true&width=1120&upscale=true&name=Copy%20of%20WTR%20Newsletter%20Email%20Header%20(4)-1.png)
