X-Industry

ir-25-017-002 (2)

HellCat and Morpheus Ransomware

The previous six months have seen heightened activity regarding new and emerging ransomware operations. Across the tail end of 2024 and into 2025, researchers have seen the rise of groups such as FunkSec, Nitrogen,, and Termite. In addition, we have seen the return of Cl0p and a new version of LockBit (aka LockBit 4.0).

Within this period of accelerated activity, the Ransomware-as-a-Service offerings HellCat and Morpheus have gained additional momentum and notoriety. Operators behind HellCat, in

Linux Rootkit Malware

This is a follow-up analysis of a previous blog about a zero-day exploit. The FortiGuard Incident Response (FGIR) team examined how remote attackers exploited multiple vulnerabilities in an appliance to gain control of a customer’s system. At the end of that blog, analysts revealed that the remote attacker had deployed a rootkit (a loadable kernel module, sysinitd.ko) and a user-space binary file (sysinitd) on the affected system by executing a shell script (Install.sh). Additionally, to establi

#xg { position:relative;top:120px; } #xn_bar { top:120px; }

Hello, you need to enable JavaScript to use Red Sky Alliance.

Please check your browser settings or contact your system administrator.

Note: this page contains paid content.