216.73.217.80

Warning About NightSpire Ransomware Following Cases of Damage in South Korea

· Published 01/09/2025 09:53 · Modified 01/09/2025 10:34

Export JSON

Essential information

Published
01/09/2025 09:53
Modified
01/09/2025 10:34
Tags
2025-08-29 2025-09-01 aes cyber-extortion dedicated leak site double-extortion encryption nightspire ransomware rsa south korea
Related entities
2 observables, 1 intrusion sets (apt), 8 techniques (mitre), 1 malware, 15 others

Description

, a group active since February 2025, employs an aggressive strategy and specialized infrastructure similar to -as-a-Service models. They operate a , posting victim information and countdown timers for data release. Using highly threatening language, offers various communication channels for negotiations. The group targets corporations across multiple countries and industries, employing a strategy of encrypting and leaking data. uses block for specific file types and full for others, adding the .nspire extension to encrypted files. The inserts the symmetric key at the end of encrypted files, further secured by public key .

External references