Cephalus is a ransomware group that emerged in mid-2025, operating with a clear financial motivation. This group distinguishes itself by leveraging stolen Remote Desktop Protocol (RDP) credentials to deploy a custom Go-based ransomware payload. A unique characteristic of Cephalus is its use of DLL sideloading, specifically abusing a legitimate SentinelOne executable to load its malicious code. The group follows a double-extortion model, encrypting data while also exfiltrating sensitive information, which it then publishes on a dedicated dark web leak site to pressure victims into paying. The name Cephalus, derived from a figure in Greek mythology known for an unerring spear, reflects the group's confidence in its targeted approach, primarily impacting sectors such as law firms, healthcare, financial services, IT companies, and manufacturing in regions including the US, Japan, UK, and Netherlands.

Paises afectados

Sectores atacados

URLs nuevas detectadas en IntelTracker