May 2026 Dark Web Threat Actor Trend Report

May 2026 Dark Web Threat Actor Trend Report

Notes the May 2026 Dark Web Threat Actor Trend Report summarizes the trends of threat actors and hacktivists operating on the deep web and dark web. some statements are not factually verifiable. Major Issues hacktivist activity targeting the South Korean Region was concentrated. some hacktivist groups claimed DDoS attacks against

cShell DDoS Bot Attack Case Targeting Linux SSH Server (screen and hping3)

cShell DDoS Bot Attack Case Targeting Linux SSH Server (screen and hping3)

AhnLab SEcurity intelligence Center (ASEC) monitors attacks against poorly managed Linux servers using multiple honeypots. Among the prominent honeypots are SSH services using weak credential information, which are targeted by numerous DDoS and CoinMiner threat actors. ASEC recently identified a new DDoS malware strain targeting Linux servers while monitoring numerous

Botnet Installing NiceRAT Malware

Botnet Installing NiceRAT Malware

1. Overview AhnLab Security intelligence Center (ASEC) confirmed that botnets trending since 2019 have been continuously used to install NiceRAT malware. A botnet is a group of devices infected by malware and controlled by a threat actor. Because threat actors mainly launched DDoS attacks using botnets in the past, Nitol