GlobeImposter Ransomware With MedusaLocker Spreading Via RDP
A GlobeImposter ransomware campaign was discovered being carried out by the attackers behind MedusaLocker.
The threat actors are suspected to have brute-forced systems with RDP enabled to gain initial access.
Various tools were used to dump passwords and perform reconnaissance including Mimikatz Advanced Port Scanner and the NirSoft Network Password Recovery tool.
In addition to encrypting files the threat actor installed XMRig to mine for digital assets.
Featured Resources
EscapeRoute: Breaking the Scope of Anthropic’s Filesystem MCP Server
(CVE-2025-53109 & CVE-2025-53110)
EXECUTIVE SUMMARY The Cymulate Research Labs is committed to advancing cybersecurity by scrutinizing emerging technologies and exposing hidden risks. Our
Healthcare - Industry Brief
Healthcare Industry Under Attack Security leaders in the healthcare industry face significant challenges as threat actors target valuable data and
AI Threat Detection: Supercharging Cyber Defenses with Intelligence & Scale
Security teams face an onslaught of ever-evolving threats, bloated alert queues and sprawling attack surfaces. Manual detection and periodic pen