Matt Kapko
@mattkapko.com
Reporter @cyberscoop.bsky.social covering cybercrime and software defects • Grateful lifelong Californian • matt.49 on Signal • matt.kapko@cyberscoop.com • mattkapko.com
Reposted by Matt Kapko
An incredibly sad loss for Computerworld, the larger tech journalism community, and for me personally....
In Memoriam: Lucas Mearian, 1962-2025
Computerworld Senior Reporter Lucas Mearian passed away suddenly last week. Here’s a look at his professional career and his life.
www.computerworld.com
October 29, 2025 at 5:15 PM
An incredibly sad loss for Computerworld, the larger tech journalism community, and for me personally....
Reposted by Matt Kapko
The emails, which are littered with broken English, aim to instill fear, apply pressure, threaten public exposure and seek negotiation for a ransom payment. via @mattkapko.com cyberscoop.com/extortion-em...
Here is the email Clop attackers sent to Oracle customers
The emails, which are littered with broken English, aim to instill fear, apply pressure, threaten public exposure and seek negotiation for a ransom payment.
cyberscoop.com
October 2, 2025 at 7:47 PM
The emails, which are littered with broken English, aim to instill fear, apply pressure, threaten public exposure and seek negotiation for a ransom payment. via @mattkapko.com cyberscoop.com/extortion-em...
Reposted by Matt Kapko
CYBERSCOOP AFTER DARK: Attackers appearing to be aligned with the Clop ransomware group have sent emails to Oracle customers seeking extortion payments, claiming they stole data from the tech giant’s E-Business Suite. Early signs point to it being legit cyberscoop.com/clop-claims-...
Oracle customers being bombarded with emails claiming widespread data theft
Researchers tell CyberScoop that notorious ransomware group Clop may be behind the email barrage.
cyberscoop.com
October 2, 2025 at 2:39 AM
CYBERSCOOP AFTER DARK: Attackers appearing to be aligned with the Clop ransomware group have sent emails to Oracle customers seeking extortion payments, claiming they stole data from the tech giant’s E-Business Suite. Early signs point to it being legit cyberscoop.com/clop-claims-...
New from me. CyberScoop after dark. cyberscoop.com/clop-claims-...
Oracle customers being bombarded with emails claiming widespread data theft
Researchers tell CyberScoop that notorious ransomware group Clop may be behind the email barrage.
cyberscoop.com
October 2, 2025 at 2:40 AM
New from me. CyberScoop after dark. cyberscoop.com/clop-claims-...
The DOJ recently announced it seized $2.8M from an alleged ransomware operator living in California back in early 2024. The Russian national was arrested and charged a year ago, but released on bail the same day. He's still out, despite multiple run-ins with police. cyberscoop.com/ianis-antrop...
Prolific Russian ransomware operator living in California enjoys rare leniency awaiting trial
Ianis Aleksandrovich Antropenko allegedly committed ransomware attacks from 2018 to 2022. He’s been out on bond since his arrest almost a year ago, despite multiple run-ins with police.
cyberscoop.com
September 2, 2025 at 3:47 PM
The DOJ recently announced it seized $2.8M from an alleged ransomware operator living in California back in early 2024. The Russian national was arrested and charged a year ago, but released on bail the same day. He's still out, despite multiple run-ins with police. cyberscoop.com/ianis-antrop...
Likewise, and your story on this is fantastic.
I find this push-and-pull over a bunch of things — cyber offense, active defense, hacking back, letters of marque, industry issues, policymaking issues — to be really fascinating. cyberscoop.com/google-cyber...
Google previews cyber ‘disruption unit’ as U.S. government, industry weigh going heavier on offense
Google says it is starting a cyber “disruption unit,” a development that arrives in a potentially shifting U.S. landscape toward more offensive-oriented approaches in cyberspace.
cyberscoop.com
August 27, 2025 at 6:44 PM
Likewise, and your story on this is fantastic.
21-year-old former Army soldier pleaded guilty Tuesday to charges stemming from a series of attacks and extortion attempts last year on telecommunications companies, including AT&T. tip @techmeme.com cyberscoop.com/cameron-wage...
Former Army soldier pleads guilty to widespread attack spree linked to AT&T, Snowflake and others
Cameron Wagenius faces a maximum of 27 years in prison. A researcher that helped with the investigation called this ‘one of the most significant wins in the fight against cybercrime.'
cyberscoop.com
July 15, 2025 at 10:52 PM
21-year-old former Army soldier pleaded guilty Tuesday to charges stemming from a series of attacks and extortion attempts last year on telecommunications companies, including AT&T. tip @techmeme.com cyberscoop.com/cameron-wage...
Reposted by Matt Kapko
Scattered Spider weaves web of social-engineered destruction. The cybercrime ring has infiltrated more than 100 businesses since 2022, including more than a dozen since it regrouped earlier this year. via @mattkapko.com cyberscoop.com/scattered-sp...
Scattered Spider weaves web of social-engineered destruction
The cybercrime ring has infiltrated more than 100 businesses since 2022, including more than a dozen since it regrouped earlier this year.
cyberscoop.com
July 7, 2025 at 7:17 PM
Scattered Spider weaves web of social-engineered destruction. The cybercrime ring has infiltrated more than 100 businesses since 2022, including more than a dozen since it regrouped earlier this year. via @mattkapko.com cyberscoop.com/scattered-sp...
Reposted by Matt Kapko
NEW: The head of the FBI's cyber div told @timstarks.bsky.social that Salt Typhoon is “largely contained” and “dormant” in the networks, “locked into the location they’re in” and “not actively infiltrating information" in an exclusive intv with @cyberscoop.bsky.social cyberscoop.com/top-fbi-cybe...
Top FBI cyber official: Salt Typhoon ‘largely contained’ in telecom networks
Brett Leatherman told CyberScoop in an interview that while the group still poses a threat, the bureau is focused on resilience and victim support, and going on offense could be in the future.
cyberscoop.com
July 2, 2025 at 5:28 PM
NEW: The head of the FBI's cyber div told @timstarks.bsky.social that Salt Typhoon is “largely contained” and “dormant” in the networks, “locked into the location they’re in” and “not actively infiltrating information" in an exclusive intv with @cyberscoop.bsky.social cyberscoop.com/top-fbi-cybe...
Reposted by Matt Kapko
Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report cyberscoop.com/hacker-helpe...
Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
A cartel affiliate notified an FBI agent about a hacker who infiltrated cameras and phones to track an FBI official’s meetings, the DOJ inspector general said.
cyberscoop.com
June 28, 2025 at 7:09 PM
Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report cyberscoop.com/hacker-helpe...
Supposed experts and mainstream media have spent the past few days hyperventilating over reports of a colossal data breach that exposed more than 16 billion credentials. There’s just one inconvenient detail: evidence to support its sensational claim is lacking. cyberscoop.com/colossal-dat...
The ‘16 billion password breach’ story is a farce
Experts told CyberScoop the research 'doesn’t pass a sniff test' and detracts from needed conversations around credential abuse and information stealers.
cyberscoop.com
June 24, 2025 at 3:45 PM
Supposed experts and mainstream media have spent the past few days hyperventilating over reports of a colossal data breach that exposed more than 16 billion credentials. There’s just one inconvenient detail: evidence to support its sensational claim is lacking. cyberscoop.com/colossal-dat...
Reposted by Matt Kapko
Cybercrime crackdown disrupts malware, infostealers, marketplaces across the globe. A burst of global law enforcement actions during the past few weeks marked by a flurry of successful takedowns gives cybercrime experts a jolt of hope. via @mattkapko.com cyberscoop.com/cybercrime-c...
Cybercrime crackdown disrupts malware, infostealers, marketplaces across the globe
A burst of global law enforcement actions during the past few weeks marked by a flurry of successful takedowns gives cybercrime experts a jolt of hope.
cyberscoop.com
June 16, 2025 at 3:21 PM
Cybercrime crackdown disrupts malware, infostealers, marketplaces across the globe. A burst of global law enforcement actions during the past few weeks marked by a flurry of successful takedowns gives cybercrime experts a jolt of hope. via @mattkapko.com cyberscoop.com/cybercrime-c...
The Com’s chaotic, sprawling network, composed of mostly teenagers and young adults, are committing their crimes primarily for notoriety amongst their peers on the internet,
@nixonnixoff.bsky.social said during a presentation @sleuthcon.bsky.social. cyberscoop.com/the-com-subc...
@nixonnixoff.bsky.social said during a presentation @sleuthcon.bsky.social. cyberscoop.com/the-com-subc...
Internet infamy drives The Com's crime sprees
Unit 221B’s Allison Nixon said crackdowns have effectively shown the group that their actions carry real consequences.
cyberscoop.com
June 9, 2025 at 3:23 PM
The Com’s chaotic, sprawling network, composed of mostly teenagers and young adults, are committing their crimes primarily for notoriety amongst their peers on the internet,
@nixonnixoff.bsky.social said during a presentation @sleuthcon.bsky.social. cyberscoop.com/the-com-subc...
@nixonnixoff.bsky.social said during a presentation @sleuthcon.bsky.social. cyberscoop.com/the-com-subc...
Reposted by Matt Kapko
CrowdStrike and Microsoft announced an agreement Monday to formally connect the different names each company uses for the same threat groups in their attribution analysis. via @mattkapko.com cyberscoop.com/crowdstrike-...
CrowdStrike, Microsoft aim to eliminate confusion in threat group attribution
Wild variances in naming taxonomies aren’t going away, but a new initiative from the security vendors aims to more publicly address obvious overlap in threat group attribution.
cyberscoop.com
June 3, 2025 at 5:26 PM
CrowdStrike and Microsoft announced an agreement Monday to formally connect the different names each company uses for the same threat groups in their attribution analysis. via @mattkapko.com cyberscoop.com/crowdstrike-...
Reposted by Matt Kapko
Treasury sanctions crypto scam facilitator that allegedly stole $200M from US victims. The Philippines-based company Funnull operated a large cybercrime platform encompassing more than 332,000 domains, the FBI said. via @mattkapko.com youtu.be/ytmg-jbyl6o?... | cyberscoop.com/funnull-cryp...
Treasury sanctions crypto scam facilitator that allegedly stole $200M from US victims
YouTube video by CyberScoop
youtu.be
May 30, 2025 at 7:51 PM
Treasury sanctions crypto scam facilitator that allegedly stole $200M from US victims. The Philippines-based company Funnull operated a large cybercrime platform encompassing more than 332,000 domains, the FBI said. via @mattkapko.com youtu.be/ytmg-jbyl6o?... | cyberscoop.com/funnull-cryp...
Reposted by Matt Kapko
This is good news!
Just as ransomware has a whole ecosystem built up around it, so do these scam call centers, but at a much larger scale. Taking down one of the bigger ecosystem players will, hopefully, have a disruptive effect.
via @mattkapko.com & @cyberscoop.bsky.social
Just as ransomware has a whole ecosystem built up around it, so do these scam call centers, but at a much larger scale. Taking down one of the bigger ecosystem players will, hopefully, have a disruptive effect.
via @mattkapko.com & @cyberscoop.bsky.social
Treasury sanctions crypto scam facilitator that allegedly stole $200M from US victims
The Treasury Department on Thursday sanctioned Philippines-based Funnull Technology on Thursday for its role in "pig butchering schemes."
cyberscoop.com
May 29, 2025 at 7:34 PM
This is good news!
Just as ransomware has a whole ecosystem built up around it, so do these scam call centers, but at a much larger scale. Taking down one of the bigger ecosystem players will, hopefully, have a disruptive effect.
via @mattkapko.com & @cyberscoop.bsky.social
Just as ransomware has a whole ecosystem built up around it, so do these scam call centers, but at a much larger scale. Taking down one of the bigger ecosystem players will, hopefully, have a disruptive effect.
via @mattkapko.com & @cyberscoop.bsky.social
Reposted by Matt Kapko
Multiple attackers are raiding Ivanti customers’ systems again by exploiting a pair of closely intertwined vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) to achieve unauthenticated remote code execution. via @mattkapko.com cyberscoop.com/ivanti-epmm-...
Questions mount as Ivanti tackles another round of zero-days
The besieged security vendor maintains the latest exploited vulnerabilities in its products are entirely linked to unspecified security issues in open-source libraries. Some researchers aren’t buying ...
cyberscoop.com
May 28, 2025 at 9:54 PM
Multiple attackers are raiding Ivanti customers’ systems again by exploiting a pair of closely intertwined vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) to achieve unauthenticated remote code execution. via @mattkapko.com cyberscoop.com/ivanti-epmm-...
Reposted by Matt Kapko
Laundry Bear, a group recently identified by Dutch intelligence and security services, stole work-related contact details on the Netherlands’ national police force in September 2024, Microsoft researchers said. via @mattkapko.com www.youtube.com/watch?v=b53l... | cyberscoop.com/laundry-bear...
New Russian state-sponsored APT quickly gains global reach, hitting expansive targets
YouTube video by CyberScoop
www.youtube.com
May 28, 2025 at 3:46 PM
Laundry Bear, a group recently identified by Dutch intelligence and security services, stole work-related contact details on the Netherlands’ national police force in September 2024, Microsoft researchers said. via @mattkapko.com www.youtube.com/watch?v=b53l... | cyberscoop.com/laundry-bear...
Reposted by Matt Kapko
A newly discovered Russian state-sponsored threat group has targeted a large swath of industries, especially in #NATO member states and #Ukraine, part of a global #espionage campaign in support of Moscow’s interests, Microsoft Threat Intelligence said in a Tuesday blog post. via @mattkapko.com
New Russian state-sponsored APT quickly gains global reach, hitting expansive targets
Laundry Bear, a group recently identified by Dutch intelligence and security services, stole work-related contact details on the Netherlands’ national police force in September 2024, Microsoft researc...
cyberscoop.com
May 27, 2025 at 8:22 PM
A newly discovered Russian state-sponsored threat group has targeted a large swath of industries, especially in #NATO member states and #Ukraine, part of a global #espionage campaign in support of Moscow’s interests, Microsoft Threat Intelligence said in a Tuesday blog post. via @mattkapko.com
Reposted by Matt Kapko
The successful break-up of DanaBot marks the second high-profile law enforcement disruption of a widespread malware operation in as many days. via @mattkapko.com cyberscoop.com/danabot-malw...
DanaBot malware operation seized in global takedown
The successful break-up of DanaBot marks the second high-profile law enforcement disruption of a widespread malware operation in as many days.
cyberscoop.com
May 22, 2025 at 10:56 PM
The successful break-up of DanaBot marks the second high-profile law enforcement disruption of a widespread malware operation in as many days. via @mattkapko.com cyberscoop.com/danabot-malw...
Reposted by Matt Kapko
Lumma Stealer, a widely used infostealer malware linked to cybercrime sprees and multiple high-profile attacks, was dismantled through a coordinated global operation meant to seize its core infrastructure. via @mattkapko.com cyberscoop.com/lumma-steale...
Lumma Stealer toppled by globally coordinated takedown
Global law enforcement authorities and Microsoft seized or disrupted the prolific infostealer’s central command infrastructure, malicious domains and marketplaces where the malware was sold.
cyberscoop.com
May 21, 2025 at 4:43 PM
Lumma Stealer, a widely used infostealer malware linked to cybercrime sprees and multiple high-profile attacks, was dismantled through a coordinated global operation meant to seize its core infrastructure. via @mattkapko.com cyberscoop.com/lumma-steale...
Reposted by Matt Kapko
An extensive investigation by #Sophos X-Ops, pulled from thousands of posts on two Russian-language and three English-language cybercrime forums, uncovered the dark underbelly of illegal schemes #cybercriminals use to reinvest their money. via @mattkapko.com youtu.be/DVCEMR0hc_4?...
Who needs VC funding? How cybercriminals spread their ill-gotten gains to everyday business ventures
YouTube video by CyberScoop
youtu.be
May 15, 2025 at 10:14 PM
An extensive investigation by #Sophos X-Ops, pulled from thousands of posts on two Russian-language and three English-language cybercrime forums, uncovered the dark underbelly of illegal schemes #cybercriminals use to reinvest their money. via @mattkapko.com youtu.be/DVCEMR0hc_4?...
Reposted by Matt Kapko
Great story from @mattkapko.com and @sophossecurity.bsky.social on what cybercriminals do with their money: it's not all lambos and bottle service, its often laundered through legit businesses (with forums featuring guides on how to bury cash in the ground) cyberscoop.com/what-cybercr...
Who needs VC funding? How cybercriminals spread their ill-gotten gains to everyday business ventures
The benefits of cybercrime aren't all flashy cars and watches. Sophos X-Ops researchers discovered it also fuels a far-reaching mix of ordinary, sometimes unremarkable businesses.
cyberscoop.com
May 15, 2025 at 1:02 PM
Great story from @mattkapko.com and @sophossecurity.bsky.social on what cybercriminals do with their money: it's not all lambos and bottle service, its often laundered through legit businesses (with forums featuring guides on how to bury cash in the ground) cyberscoop.com/what-cybercr...
Vulnerabilities are proliferating in SonicWall devices and software this year. The company is among many network security device vendors targeted by cybercriminals. Yet, unlike almost all of its competitors, SonicWall hasn't signed CISA's secure-by-design pledge. cyberscoop.com/sonicwall-ex...
SonicWall customers confront resurgence of actively exploited vulnerabilities
The network security device vendor is making a regular appearance on CISA’s known exploited vulnerabilities catalog. Unlike its competitors, SonicWall hasn’t signed the secure-by-design pledge.
cyberscoop.com
May 9, 2025 at 9:59 PM
Vulnerabilities are proliferating in SonicWall devices and software this year. The company is among many network security device vendors targeted by cybercriminals. Yet, unlike almost all of its competitors, SonicWall hasn't signed CISA's secure-by-design pledge. cyberscoop.com/sonicwall-ex...
Reposted by Matt Kapko
#CrowdStrike is cutting 5% of its #workforce, about 500 positions, telling its staff that it’s shifting resources and realigning its operating model for growth in new market segments, according to a Wednesday filing with the SEC. via @mattkapko.com cyberscoop.com/crowdstrike-...
CrowdStrike cuts 5% of workforce after revenue jumped 29% last year
CEO George Kurtz said the decision to cut about 500 jobs was driven by internal efficiency gains from AI and multibillion-dollar opportunities in new market segments.
cyberscoop.com
May 7, 2025 at 8:35 PM
#CrowdStrike is cutting 5% of its #workforce, about 500 positions, telling its staff that it’s shifting resources and realigning its operating model for growth in new market segments, according to a Wednesday filing with the SEC. via @mattkapko.com cyberscoop.com/crowdstrike-...