Data Dramas: Cyberduck and Notepad.exe Join Forces in Eastern European Cyber Heist!
Talos spotted a surge in data leaks, peaking with 100 victims in June and August 2025. Qilin’s antics include using Cyberduck for sneaky data exfiltration and repurposing innocent notepad.exe and mspaint.exe for mischief. Their persistence includes swapping victim wallpapers with ransom notes—a makeover nobody asked for!
Hot Take:
Looks like the cybercriminals are getting a bit Cyrillic with their scripts! Talos has been busy playing cyber detective, unmasking a villainous cast of characters that include Notepad and Paint in their latest whodunit. Who knew these benign programs had a dark side? It seems the Qilin crew might not just be after your data but also your faith in trusty Notepad.exe. Time to find a new muse for your digital doodles!
Key Points:
- Talos noted a spike in data leak incidents in June and August 2025.
- Suspicious use of Cyrillic scripts hints at Eastern European/Russian origins.
- Qilin uses tools like Cyberduck, Notepad, and MSPaint for mischief and mayhem.
- Credential theft and disabling security features are part of their tactics.
- Manufacturing is the most targeted sector, with 23% of incidents reported.
Already a member? Log in here