Cyjax monitors and analyses the initial access broker (IAB) market on the most prominent cybercriminal forums. As noted in Cyjax’s 2024 IAB market in review, it is almost certain that extortion groups, APTs, data brokers, and other threat groups use IABs to gain initial access to targeted networks. Though at first glance it is not immediately obvious how important the IAB market is to the threat landscape, Cyjax has conducted a deep analysis of public IAB listings and extortion group DLSs.

On 11 February 2025, a Telegram user called ExploitWhispers shared a ZIP file to a Russian-language Telegram channel. The user claimed that this file contained the internal Matrix chat logs of the BlackBasta ransomware group and was captured between 18 September 2023 and 28 September 2024. The user also shared information about some of the BlackBasta members, including one of the operation’s admins, the group’s administrator, and leader Oleg Nefedov.

While malware growth is something we have been experiencing over the past few years, the increase observed by WatchGuard's threat lab team in Q3 2024 was the highest to date. Q3 saw astronomical growth in total endpoint malware threats, reaching 300.48% with 420,304 threats. The previous high was recorded in Q1 2024, when there was an 81.77% rise, almost double the previous quarter. However, Q3 almost quadrupled the figure for Q2 2024 when 104,951 threats were detected.

Reverse engineering the AsyncRat malware infection, exploring the means of deployment and staging.

Imagine you are the owner of a bustling casino casually observing the vibrant scene: The clatter of slot machines, wagers are being placed, the cheerful chatter of gamblers, and waiters are serving cocktails. Everything appears normal until, without warning, the machines fall silent. However, it doesn’t stop there. Elevators grind to a halt, parking gates freeze shut, and guests find themselves locked out of their rooms as digital door keys fail to function.

In 2024, Cyjax observed the emergence of 72 extortion and ransomware group data-leak sites (DLSs). As of late February 2025, Cyjax has identified DLSs for six new groups in 2025, as noted in recent blogs on extortion groups Kraken, Morpheus, GD LockerSec, Babuk2, and Linkc. The latest DLS which Cyjax has identified is named Anubis. This Ransomware-as-a-Service (RaaS) group appears to be sophisticated and professional, providing services including affiliates, data ransoms, and access monetisation.

Cybercrime has rapidly evolved, and one of the most dangerous models that has emerged in recent years is malware as a service (MaaS). This criminal business model allows anyone without advanced programming knowledge to deploy highly effective malware campaigns by paying a subscription or a one-time fee. MaaS democratizes access to malicious tools and amplifies both the quantity and sophistication of cyberattacks.