And now for some good news for a change.
According to reports, law enforcement has interrupted the malware-as-a-service Rhadamanthys infostealer infrastructure, which steals credentials and authentication cookies, after hackers reveal they can no longer access their servers.
Henrique Teixeira, SVP of Strategy at Saviynt, commented:
“Back in 2022, I wrote research on identity threat detection and response (ITDR) at Gartner. We noted that Initial Access Brokers (IABs), which offer services similar to Rhadamanthys, were fueling identity breaches through a thriving market of stolen credentials, often harvested by infostealer malware. Fast forward to today, and infostealers have exploded, responsible for roughly three-quarters of stolen credentials worldwide. These tools don’t just grab passwords, they are able to extract tokens and cookies that can bypass MFA.
“The continued proliferation of IABs and ‘Malware-as-a-Service’ sites, while seemingly unbelievable, is a persistent reality. Removing one only creates an opportunity for the next criminal enterprise to fill the gap. Modern enterprise cybersecurity, therefore, must move beyond mere prevention. Organizations must adopt a “assume breach” mindset, prioritizing rapid detection and response to identity-related incidents. This requires robust posture management, comprehensive visibility, and effective remediation processes to address security incidents as if a breach has already happened.”
The only thing that is bad about this is that some other ransomware gang will take the place of Rhadamanthys. Which is why there needs to be a concerted effort to make ransomware less profitable for these gangs.
Related
This entry was posted on November 12, 2025 at 3:51 pm and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Hackers Lose Rhadamanthys Infostealer Server Access
And now for some good news for a change.
According to reports, law enforcement has interrupted the malware-as-a-service Rhadamanthys infostealer infrastructure, which steals credentials and authentication cookies, after hackers reveal they can no longer access their servers.
Henrique Teixeira, SVP of Strategy at Saviynt, commented:
“Back in 2022, I wrote research on identity threat detection and response (ITDR) at Gartner. We noted that Initial Access Brokers (IABs), which offer services similar to Rhadamanthys, were fueling identity breaches through a thriving market of stolen credentials, often harvested by infostealer malware. Fast forward to today, and infostealers have exploded, responsible for roughly three-quarters of stolen credentials worldwide. These tools don’t just grab passwords, they are able to extract tokens and cookies that can bypass MFA.
“The continued proliferation of IABs and ‘Malware-as-a-Service’ sites, while seemingly unbelievable, is a persistent reality. Removing one only creates an opportunity for the next criminal enterprise to fill the gap. Modern enterprise cybersecurity, therefore, must move beyond mere prevention. Organizations must adopt a “assume breach” mindset, prioritizing rapid detection and response to identity-related incidents. This requires robust posture management, comprehensive visibility, and effective remediation processes to address security incidents as if a breach has already happened.”
The only thing that is bad about this is that some other ransomware gang will take the place of Rhadamanthys. Which is why there needs to be a concerted effort to make ransomware less profitable for these gangs.
Share this:
Like this:
Related
This entry was posted on November 12, 2025 at 3:51 pm and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.