MystRodX backdoor, active since Jan 2024, uses encrypted payloads and DNS/ICMP triggers for stealthy C2 control.
Category: encryption
Over 16,000 compromised servers uncovered using Secure Shell key probing method
An international research team from the Max Planck Institute (MPI) for Informatics in Saarbrücken, Germany, and the Delft University of Technology in the Netherlands has developed a method to detect compromised hosts at an internet scale by probing servers with public SSH keys previously observed in attacker operations.
This way, the team was able to identify more than 16,000 compromised hosts. Their findings have now been published at the USENIX Security Symposium 2025, where they were awarded a Distinguished Paper Award and the Internet Defense Prize.
Secure Shell (SSH) is one of the most common tools used to manage servers remotely. It provides a secure, encrypted channel between a client and a server, allowing users to log in, execute commands, and transfer files safely. SSH is widely used by system administrators and developers for maintaining and configuring remote systems.
Storm-0501 Exploits Entra ID to Exfiltrate and Delete Azure Data in Hybrid Cloud Attacks
The financially motivated threat actor known as Storm-0501 has been observed refining its tactics to conduct data exfiltration and extortion attacks targeting cloud environments.
“Unlike traditional on-premises ransomware, where the threat actor typically deploys malware to encrypt critical files across endpoints within the compromised network and then negotiates for a decryption key, cloud-based ransomware introduces a fundamental shift,” the Microsoft Threat Intelligence team said in a report shared with The Hacker News.
“Leveraging cloud-native capabilities, Storm-0501 rapidly exfiltrates large volumes of data, destroys data and backups within the victim environment, and demands ransom — all without relying on traditional malware deployment.”
Storm-0501 hackers shift to ransomware attacks in the cloud
Microsoft warns that a threat actor tracked as Storm-0501 has evolved its operations, shifting away from encrypting devices with ransomware to focusing on cloud-based encryption, data theft, and extortion.
The hackers now abuse native cloud features to exfiltrate data, wipe backups, and destroy storage accounts, thereby applying pressure and extorting victims without deploying traditional ransomware encryption tools.
Storm-0501 is a threat actor who has been active since at least 2021, deploying the Sabbath ransomware in attacks against organizations worldwide. Over time, the threat actor joined various ransomware-as-a-service (RaaS) platforms, where they used encryptors from Hive, BlackCat (ALPHV), Hunters International, LockBit, and, more recently, Embargo ransomware.
Experimental PromptLock ransomware uses AI to encrypt, steal data
Threat researchers discovered the first AI-powered ransomware, called PromptLock, that uses Lua scripts to steal and encrypt data on Windows, macOS, and Linux systems.
The malware uses OpenAI’s gpt-oss:20b model through the Ollama API to dynamically generate the malicious Lua scripts from hard-coded prompts.
Researchers Demonstrate QuantumShield-BC Blockchain Framework
Researchers have developed QuantumShield-BC, a blockchain framework designed to resist attacks from quantum computers by integrating post-quantum cryptography (PQC) utilising algorithms such as Dilithium and SPHINCS+, quantum key distribution (QKD), and quantum Byzantine fault tolerance (Q-BFT) leveraging quantum random number generation (QRNG) for unbiased leader selection. The framework was tested on a controlled testbed with up to 100 nodes, demonstrating resistance to simulated quantum attacks and achieving fairness through QRNG-based consensus. An ablation study confirmed the contribution of each quantum component to overall security, although the QKD implementation was simulated and scalability to larger networks requires further investigation.
Microchip Provides Made-to-Order Photons
A 10-µm-wide microchip can generate light with any desired direction, polarization, and intensity, which will be handy for future quantum technologies.
Emerging technologies for quantum computing and cryptography require small components capable of emitting photons whose properties are precisely controlled. Researchers have been developing such components, and now a team has demonstrated a technique that provides control of direction, polarization, and intensity simultaneously [1]. Like previous experiments, the technique uses microscopic structures on a semiconductor surface to convert wave-like surface excitations to light waves. But the new demonstration uses shapes for these structures that allow more precise control over the outgoing light. The team expects the new technique to find wide use in efforts to build quantum technologies in miniature solid-state devices.
Solid-state miniaturization is one of the few realistic routes toward making quantum technologies practical, scalable, and easily manufacturable, says Fei Ding of the University of Southern Denmark. But there are not many good compact photon sources. “The technology really requires a compact and flexible solid-state photon source that gives us full control over how light is emitted—its direction, polarization, and spatial profile,” Ding says. “This is crucial for building scalable quantum and nanophotonic technologies, where single photons are used as the fundamental carriers of information.”