Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Victim-1 hit by cyberattack

Incident
First reported
Last updated
Happening score
H score 7
1 unique sources, 1 articles

Summary

Hide ▲

Victim-1 suffered an unauthorized-access lockout incident that denied domain administrator access and disrupted 254 servers and 3,284 workstations. The intruder used an administrator account to alter passwords and delete admin accounts on the Windows domain controller, expanding control over the environment. The event created broad operational disruption and gave the attacker leverage for an extortion demand.

Related Happenings

Gentlemen ransomware affiliate campaign expanding toolkit and infrastructure

Campaign
First: 20.04.2026 23:02 Last: 20.04.2026 23:02 Sources 1

About this happening: The **Gentlemen ransomware** campaign has now been tied to a **ransomware attack on Oltenia Energy Complex** on the **second day of Christmas**, disrupting **ERP systems**, **docu...

Open Happening

2025 Ransomware trend toward built-in Windows tooling and lower ransom payment rates

Target Trend
First: 17.03.2026 23:41 Last: 17.03.2026 23:41 Sources 1

About this happening: **Ransomware operators** are increasingly leaning on **built-in Windows tooling** while **ransom payment rates** continue to decline across **2025**, weakening extortion returns f...

Open Happening

SmarterTools hit by ransomware attack

Incident
First: 09.02.2026 14:02 Last: 09.02.2026 14:02 Sources 1

About this happening: **SmarterTools** suffered a **ransomware attack** on **January 29** after attackers used an **unpatched SmarterMail VM** to gain access, disrupting the company’s **office network*...

Latest development: 10.02.2026 12:24

ReliaQuest identified activity likely tied to Warlock on SmarterTools systems that abused CVE-2026-23760 to bypass SmarterMail authentication, stage ransomware payloads on internet-facing systems, and chain the access with the software's built-in Volume Mount feature to gain full system control before installing Velociraptor; CISA also confirmed CVE-2026-24423 was being exploited in ransomware attacks.

Open Happening

Timeline

  1. 03.04.2026 12:04 1 articles · 1mo ago

    Victim-1 extortion reconnaissance on hidden virtual machine

    Technical Analysis Update

    On November 22, 2023, Daniel Rhyne used a hidden virtual machine and his account to search for information on clearing Windows logs, changing domain user passwords, and deleting domain accounts while planning the extortion attempt against Victim-1, the industrial company headquartered in Somerset County, New Jersey.

    Show sources
    Open in new tab
  2. 03.04.2026 12:04 1 articles · 1mo ago

    Victim-1 network lockout and ransom demand

    Victim Impact Update

    On November 25, 2023, network administrators at Victim-1 began receiving password reset notifications for a domain administrator account and hundreds of user accounts, and shortly thereafter they found that all other Victim-1 domain administrator accounts had been deleted, denying domain administrator access to the company's computer networks. The same day, a ransom email titled "Your Network Has Been Penetrated" claimed IT administrators had been locked out, said server backups had been deleted, demanded 20 bitcoin, and threatened to shut down 40 random servers daily over the next ten days; the broader task scheduling affected 254 servers and 3,284 workstations.

    Show sources
    Open in new tab
  3. 03.04.2026 12:04 2 articles · 1mo ago

    Daniel Rhyne pleads guilty to the extortion plot

    Legal Policy Action Update

    On April 3, 2026, Daniel Rhyne pleaded guilty to hacking and extortion charges after admitting that he remotely accessed Victim-1's network without authorization using an administrator account, locked Windows admins out of 254 servers, and used scheduled tasks on the company's Windows domain controller to delete network admin accounts and change passwords.

    Show sources
    Open in new tab