BPFDoor is a highly evasive surveillance tool using the Berkeley Packet Filter (BPF). It is allegedly attributed to Chinese threat actors. It is assumed to be deployed on thousands of Linux systems, its controller has gone almost completely unnoticed by endpoint protection vendors despite it being in use for at least five years.

Quantum ransomware is the re-branded version of the MountLocker Ransomware. Threat actors uses IcedID malware as one of the initial access vectors that deploys Cobalt Strike. It then remotely access victim computers for data theft and to deploy Quantum Locker ransomware for encryption.

Stormous Ransomware gang is well know for website defacement and data theft. They recently targeted Coca Cola and stole 161 GB of data from there servers. They are currently asking a ransom of 1.65 Bitcoin for not publicly releasing stolen files.

Onyx Ransomware is the based on the Chaos Ransomware. It encrypts used data ask a ransom of $100,000 in BTC to get the files back. It starts is operations in mid April of 2022.

REvil or Sodinokibi ransomware operation is apparently resumes again. Its operation was shutdown by law enforcement agencies in October 2021. Their TOR website is resumed and a new sample is captured in the wild.