<ciso brief/>
Tag Banner

All news with #gold blade tag

all tags →

Tue, December 9, 2025

STAC6565 Targets Canada; Gold Blade Deploys QWCrypt

#Ransomware #Phishing #Gold Blade #Active Exploitation #Data Exfil via Tools

🛡️ Sophos links nearly 40 intrusions from Feb 2024 to Aug 2025 to STAC6565, a cluster assessed to overlap the criminal group Gold Blade (aka RedCurl/Red Wolf). The campaign shows an unusually narrow geographic focus — almost 80% of attacks targeted Canadian organizations — and combines targeted data theft with selective ransomware deployment using QWCrypt. Attack chains abuse recruitment platforms to deliver multi‑stage loaders such as RedLoader and tools designed to evade AV and disable recovery, often leveraging WebDAV, Cloudflare Workers and program‑compatibility execution paths.

read more →