Customer hit by ransomware attack
Incident
Summary
Hide ▲
Show ▼
A customer environment was intruded by RansomHub affiliates, and the compromise was contained before it became ransomware, preventing business interruption. The attackers progressed from initial access to persistence, privilege escalation, and mass data exfiltration. The incident was stopped within 48 hours, and the customer reported zero business downtime. That matters because the intrusion was already active enough to reach Domain Admin access and steal data.
Related Happenings
StealC and Amadey infostealer infrastructure disruption
Malware Activity
H score69
First: 24.06.2026 18:25
Last: 24.06.2026 18:25
Sources 1
About this happening:
**StealC** and **Amadey** malware infrastructure was disrupted in **Operation Endgame**, cutting off the command-and-control services used to manage infected systems. Europol said...
StealC and Amadey infostealer infrastructure disruption
Malware ActivityAbout this happening: **StealC** and **Amadey** malware infrastructure was disrupted in **Operation Endgame**, cutting off the command-and-control services used to manage infected systems. Europol said...
Major U.S. services company hit by ransomware attack linked to DragonForce
Incident
H score38
First: 16.06.2026 13:18
Last: 16.06.2026 13:18
Sources 1
About this happening:
A **DragonForce ransomware** incident hit a **major U.S. services firm** in **December 2025**, with attackers maintaining access for **one to two months** and hiding **command-and...
Major U.S. services company hit by ransomware attack linked to DragonForce
IncidentAbout this happening: A **DragonForce ransomware** incident hit a **major U.S. services firm** in **December 2025**, with attackers maintaining access for **one to two months** and hiding **command-and...
Tchap hit by cyberattack
Incident
H score48
First: 09.06.2026 13:53
Last: 09.06.2026 13:53
Sources 1
About this happening:
A **compromised user account** enabled an unauthorized **breach of Tchap**, putting the French government's encrypted messaging platform at risk of **exposing conversations and pe...
Tchap hit by cyberattack
IncidentAbout this happening: A **compromised user account** enabled an unauthorized **breach of Tchap**, putting the French government's encrypted messaging platform at risk of **exposing conversations and pe...
Latest development: 12.06.2026 10:09
DINUM said a compromised user account accessed Tchap public chat rooms, exposing data shared by about 73,467 French public-sector agents, including names, email addresses, belonging entity and avatar images, while encrypted private conversations remained protected.
Charter Communications hit by network compromise linked to ShinyHunters
Incident
H score70
First: 26.05.2026 22:46
Last: 26.05.2026 22:46
Sources 1
About this happening:
**Charter Communications** confirmed a **data breach** tied to **ShinyHunters** extortion, with the company saying it is **alerting authorities** and that **no sensitive personal...
Charter Communications hit by network compromise linked to ShinyHunters
IncidentAbout this happening: **Charter Communications** confirmed a **data breach** tied to **ShinyHunters** extortion, with the company saying it is **alerting authorities** and that **no sensitive personal...
Latest development: 29.05.2026 11:29
Have I Been Pwned analyzed leaked Charter Communications data and confirmed that the incident affected 4.9 million accounts, with exposed records including names, email addresses, job titles, phone numbers, and physical addresses. The published data also included a subset of about 85,000 records from an internal employee directory.
Microsoft civil action against Fox Tempest infrastructure takedown
Regulatory/Legal Action
H score24
First: 19.05.2026 18:00
Last: 19.05.2026 18:00
Sources 1
About this happening:
Microsoft filed a **civil action** against **Fox Tempest** in the **US District Court for the Southern District of New York**, securing a **court order** that enabled a broad disr...
Microsoft civil action against Fox Tempest infrastructure takedown
Regulatory/Legal ActionAbout this happening: Microsoft filed a **civil action** against **Fox Tempest** in the **US District Court for the Southern District of New York**, securing a **court order** that enabled a broad disr...
Timeline
-
11.11.2025 17:01 2 articles · 8mo ago
Customer hit by ransomware attack
Initial DisclosureA user launched a **malicious JavaScript payload** posing as a browser update, triggering immediate reconnaissance, credential hunting, and persistence activity inside the environment.
Show sources
- How a CPU spike led to uncovering a RansomHub ransomware attack — www.bleepingcomputer.com — 11.11.2025 17:01
- How a CPU spike led to uncovering a RansomHub ransomware attack — www.bleepingcomputer.com — 11.11.2025 17:01