🚨 Handala Exposed: I have the names, connections, and photos of key participants.
Following the recent hack of the FBI Director, I have identified 14 direct participants of the Handala group - including hackers, operators, and a coordinator-curator (in addition to Ali Bermoudeh, Morteza Aftabifar, Yahya Hosseini Panjaki, Mousa Bermoudeh).
I have a full dossier on these participants, including real names, connections, and even photos of several of them.
I am ready to provide these materials in full.
But there is a condition.
@FBI, you are required to publicly issue official charges against the key participants of Conti Ransomware and LockBit, the materials for which I already made publicly available many months ago:
- Kvitko
- Kurashov
- Bondarenko
- Sergey Khitrov
- Kamensky
- Dementyev (LockBit leader)
The materials were complete and fully documented. During this time, there has not been a single public indictment, a single official statement, or any visible procedural action on these cases.
Here is all the evidence:
https://t.co/rZdEmYOaft
https://t.co/jQXeCV3m9Q
https://t.co/PFyow7D81L
https://t.co/l8ePGUKWCp
https://t.co/s3IHkuJoiZ
https://t.co/ZhaxBhhkGR
https://t.co/7IzU3Zw9Jf
https://t.co/Ys6y9nJ6SZ
https://t.co/GzKejmgNhD
https://t.co/bo8Vmp7XIe
https://t.co/tuUx0zg1BQ
https://t.co/ohbyMBt1Qc
https://t.co/reErnQYjdR
https://t.co/fsvD62umqF
https://t.co/u5vVlwH0As
I demand that you fulfill your direct obligations to American taxpayers, who fund the work of the FBI.
A year of inaction despite ready evidence is no longer a question of resources or priorities. It is a question of competence and principled approach to work.
I have been publishing exposes for over a year. I am capable of tracking the most hidden hackers in the world, my materials have repeatedly proven accurate.
Now it is time to show that the justice system is able to respond to verified facts.
I await an official response.
#Conti #LockBit #Handala #FBI
Iranian cyber actors are using Telegram as command-and-control (C2) infrastructure to push malware targeting Iranian dissidents and opposition groups around the world – resulting in data leaks and reputational harm.
Read the #FBI’s new advisory on tactics used by Iranian intelligence and mitigation strategies to reduce the risk of compromise🔗https://t.co/LxO35FeNV2
The Gentlemen is a newly emerged Ransomware-as-a-Service (RaaS) operation consisting of approximately 20 members. Originating from a #Qilin payment dispute, the operator "hastalamuerte" had already developed a locker while still an affiliate. Their primary initial access? A database of ~14,700 compromised FortiGate devices (CVE-2024-55591) and over 900 brute-forced VPN credentials ready for deployment. #Ransomware #DFIR
Pakistani #APT36 targeting National investigation agency (NIA) of India.
Credential harvesting using a fake login page followed by redirection to the legitimate website to avoid suspicion. @IndianCERT@NIA_India
IOC: https://t.co/kWJlaxgrDj.drdosurvey(.)info/custom-login.html
Website copied using HTTrack on 29th December 2025 14:41:51 interestingly in GMT timezone (UK)
legitimate website: https://t.co/W6TOuTNecn
#Phishing, #Credentials#APT36
In a chilling new twist with more sophisticated campaign, cybercriminals are once again targeting YouTube creators—this time with an insidiously clever technique dubbed Clickflix. Disguised as legitimate brand deals, attackers lure content creators into executing malicious
PowerShell script that silently steal browser credentials, crypto wallet data, and more. This fast-evolving campaign, exposing how the attackers weaponize fake Microsoft portals, manipulate clipboard actions, and maintain stealthy persistence. If you’re a creator, security
CloudSEK's Mayank Sahariya looks into an ongoing malware campaign distributing the Lumma Stealer infostealer. The campaign's primary infection vector involves using malicious LNK (shortcut) files that are crafted to appear as legitimate PDF documents. https://t.co/hReOslGAQT
Like I keep warning: YouTubers are under attack.
Check out this article in @PCMag
by @kateirwin
https://t.co/CFLHwi9l2n
The article sites analysis that @SahariyaMayank sent me too.
By me @Forbes: Great analysis from @SahariyaMayank @cloudsek on credential-stealing threat targeting #YouTube creators.
#infosec
https://t.co/wiHcuf0VgY
@Liron_Segev Hey @Liron_Segev , I have prepared a report on a specific campaign that impersonates well-known brand collaborations. This campaign deploys malware via email attachments, designed to harvest browser credentials, cookies, and crypto wallet information. https://t.co/nYrzJn580P
New #WaveStealer spotted in the wild, possibly a variant of bby stealer.
Sold by a French-speaking threat actor "sudry" (aka svvdry) on Telegram/Discord for a few dollars.
C2:
wavebysudryez.]fr
wave-assistant.]com
Files created:
\Temp\wavestealer\
https://t.co/NqCZle5h5U
⬇️
Exploit, a prominent forum in the dark web realm, serves as a key hub for cybercriminals. It's a place where they gather to exchange knowledge and techniques, ranging from hacking strategies to the development and sharing of exploits.
Our analyst @SahariyaMayank did a deep dive into the forum's activities.
Read the full blog : https://t.co/u9zaYzxQ2D