Kyber is a ransomware group first observed in September 2025, distinguishing itself through the use of the Kyber1024 post-quantum encryption standard in its Windows variant to create encryption keys, an approach aimed at rendering future decryption permanently impossible. The group operates under a double extortion model, encrypting victim files and exfiltrating sensitive data, which it threatens to publish on a Tor-based leak site if ransom demands are not met. While the Windows variant genuinely implements Kyber1024, the Linux ESXi version often relies on traditional cryptographic algorithms like RSA-4096 and ChaCha8, despite marketing claims. This group specializes in cross-platform attacks, simultaneously targeting both Windows file servers and VMware ESXi virtualization infrastructure within enterprise environments to achieve widespread operational disruption.

URLs nuevas detectadas en IntelTracker