BERT Ransomware Group Targets Asia and Europe on Multiple Platforms

In April, a new ransomware group known as BERT, has been observed targeting organizations across Asia and Europe. Trend™ Research telemetry has confirmed the emergence and activity of this ransomware. This blog entry examines BERT’s tools and tactics across multiple variants. By comparing its different iterations, we unpack how the ransomware group operates, how their methods have evolved, and the tactics they employed to evade detection and defenses. We found initial incidents impacting organizations in the US and parts of Asia. Affected sectors include healthcare, technology, and event services. More recently, we discovered this ransomware emerging in our telemetry, indicating an expansion in its targeting activity. There have already been several victims since it first emerged in April.

Suspected Chinese cybersnoop grounded in Italy after US tipoff

A man who US authorities allege is a member of Chinese state-sponsored cyberespionage outfit Silk Typhoon was arrested in Milan last week following a tipoff from the US embassy. Zewei Xu, 33, is alleged by American authorities to have been involved in China’s espionage efforts during the COVID-19 pandemic, tasked with spying on vaccine development at the University of Texas. According to Italian news agency Ansa, the US issued an extradition request to Italian authorities, and Xu was arrested upon arriving at Milan’s Malpensa airport on July 3. The agency also said today that court documents indicated Xu is also suspected of being part of Hafnium, now known as Silk Typhoon, which was previously tracked for masterminding a spate of activity targeting US computers and networks.

Hackers abuse leaked Shellter red team tool to deploy infostealers

Shellter Project, the vendor of a commercial AV/EDR evasion loader for penetration testing, confirmed that hackers used its Shellter Elite product in attacks after a customer leaked a copy of the software. The abuse has kept going for several months and even though security researchers caught the activity in the wild, Shellter did not receive a notification. The vendor underlined that this is the first known incident of misuse since it introduced its strict licensing model in February 2023.

UK looking to revamp defense laws as undersea cable sabotage and cyber attacks create ‘gray zone threats’

As technology moves forward there will always be laws, frantically running behind them desperate to keep up. The problem is technology moves fast. Really fast. Especially compared to lawmakers. It’s why we see countless of uncertain law cases around fields in tech especially when it comes to things like the internet and AI. It’s also why the UK is needing to rethink its laws around sabotage when it comes to the undersea cables that connect most of this tech.

Isolated Recovery Environments: A Critical Layer in Modern Cyber Resilience

As adversaries grow faster, stealthier, and more destructive, traditional recovery strategies are increasingly insufficient. Mandiant’s M-Trends 2025 report reinforces this shift, highlighting that ransomware operators now routinely target not just production systems but also backups. This evolution demands that organizations re-evaluate their resilience posture. One approach gaining traction is the implementation of an isolated recovery environment (IRE)—a secure, logically separated environment built to enable reliable recovery even when an organization’s primary network has been compromised.