"Bearlyfy operates as a dual-purpose group aimed at inflicting maximum damage upon Russian businesses; its attacks serve the dual objectives of extortion for financial gain and acts of sabotage."
"Beginning May 2025, Bearlyfy actors also utilized a modified version of PolyVice, a ransomware family attributed to Vice Society, which has a history of delivering third-party lockers."
"Attacks mounted by the group have obtained initial access through the exploitation of external services and vulnerable applications, followed by dropping tools like MeshAgent to facilitate remote access."
Bearlyfy, a pro-Ukrainian hacking group, has executed more than 70 cyber attacks against Russian companies since January 2025. The group employs a custom ransomware strain named GenieLocker for extortion and sabotage. Initially targeting smaller firms, Bearlyfy escalated its demands to €80,000. The group has also utilized modified ransomware from PolyVice and has connections to PhantomCore, another group with similar objectives. Their attacks exploit vulnerabilities in external services and applications, using tools like MeshAgent for remote access and data manipulation.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]