Medusa ransomware gang BBC insider-recruitment and MFA-bombing campaign
Campaign
Summary
Hide ▲
Show ▼
The Medusa ransomware gang ran a targeted insider-recruitment operation against the BBC, offering money to help obtain access and later using MFA bombing when the target resisted. The effort mattered because it sought initial access to a major public-service broadcaster for a future extortion play.
Related Happenings
Signal phishing campaign targeting senior figures in Germany and Europe
Campaign
First: 06.02.2026 22:00
Last: 06.02.2026 22:00
Sources 1
About this happening:
A **Signal phishing campaign** is targeting **senior figures in Germany and across Europe**, seeking access to **one-to-one and group chats** plus **contact lists**. The operation...
Signal phishing campaign targeting senior figures in Germany and Europe
CampaignAbout this happening: A **Signal phishing campaign** is targeting **senior figures in Germany and across Europe**, seeking access to **one-to-one and group chats** plus **contact lists**. The operation...
Timeline
-
29.09.2025 20:31 2 articles · 8mo ago
Medusa-linked Signal outreach targets BBC correspondent Joe Tidy
Initial DisclosureThreat actors claiming to represent the Medusa ransomware gang tried to recruit BBC correspondent Joe Tidy over Signal, offering him a share of any paid ransom if he provided access to BBC systems and later pushing for a script to be executed; when he stalled, his phone was flooded with two-factor authentication requests consistent with MFA bombing, and he contacted BBC information security before being disconnected from the organization's infrastructure.
Show sources
- Ransomware gang sought BBC reporter’s help in hacking media giant — www.bleepingcomputer.com — 29.09.2025 20:31
- Ransomware gang sought BBC reporter’s help in hacking media giant — www.bleepingcomputer.com — 29.09.2025 20:31