Cybersecurity experts have identified a new ransomware-as-a-service (RaaS) operation called GLOBAL GROUP, which has launched attacks in Australia, Brazil, Europe, and the U.S. since June 2025. Promoted by the actor known as ‘$$$,’ it’s linked to earlier operations like BlackLock and Mamona. GLOBAL GROUP aims to modernize tactics by leveraging initial access brokers (IABs) to exploit vulnerabilities in Cisco, Fortinet, and Palo Alto Networks devices, using brute-force tools on Microsoft Outlook and RDP portals to infiltrate networks, particularly in sectors such as healthcare and BPO. The platform offers an 85% revenue-sharing model for affiliates and utilizes AI-driven chatbots for ransom negotiations, enhancing engagement with victims. While ransomware incidents rose in early 2025, a dip in total victims was noted in June, highlighting fluctuating cyber threat landscapes. To keep updated on cybersecurity trends, follow us on Twitter and LinkedIn.
Source link
Share
Read more