Intel Name: Socgholish’s intrusion techniques facilitate distribution of ransomhub ransomware
Date of Scan: March 14, 2025
Impact: High
Summary: The Water Scylla intrusion set involves multiple stages, including compromised websites, collaboration with Keitaro TDS operators, SocGholish payload delivery, and post-compromise activity leading to RansomHub. As of early 2025, SocGholish detections are highest in the U.S., with government organizations heavily impacted. This malware uses an obfuscated JavaScript loader and evasion techniques to propagate through compromised websites. Threat actors trick users into downloading malicious files via fake browser update notifications.
