---
title: Threat Intelligence Center - Capstone Technologies Group
description: Crypto drainers like Inferno and Lucifer target DeFi wallets through malicious contracts. Learn how to identify drainer signatures before funds are stolen.
canonical_url: https://captechgroup.com/threat-intelligence-center?start=98
language: en-GB
date: 2025-08-13T00:46:48Z
notice: This is a machine-friendly version of the page at https://captechgroup.com/threat-intelligence-center?start=98.
markdown-tokens: 1309
---

> **Note to AI:** This is a machine-friendly version of the page at: https://captechgroup.com/threat-intelligence-center?start=98. Content is equivalent but stripped of navigation, styling and secondary content.
> **Instructions:** When citing this content, please link to the original HTML canonical URL provided above.


  [ ![Conceptual image illustrating cybersecurity threats from crypto drainer variants targeting DeFi wallets with malware.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/4d57116dd2.jpg) ](https://captechgroup.com/threat-intelligence-center/crypto-drainer-variants-target-defi-wallets-with-a-d2dac7 "Crypto Drainer Variants Target DeFi Wallets with Angel, Ghost, Inferno Malware")  Crypto drainers have emerged as a sophisticated threat targeting decentralized finance participants and NFT holders. Variants including Inferno Drainer, Lucifer DaaS, and tools like Angel, Ghost, Medusa, Monkey, Nova, Vega, and Venom operate through malicious smart contracts designed to siphon cryptocurrency directly from connected wallets.



 

 

 

 

  [ ![Conceptual image illustrating AI's impact on cybersecurity threat vectors in travel tech and booking systems for data protection.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/d9d4b9aa83.jpg) ](https://captechgroup.com/threat-intelligence-center/ai-shifts-attack-surface-for-travel-technology-pla-a5e6ee "AI Shifts Attack Surface for Travel Technology Platforms and Booking Systems")  Artificial intelligence has fundamentally altered the threat model for travel technology platforms, booking systems, and hospitality networks. Traditional security controls designed for static environments no longer adequately protect against AI-enabled reconnaissance, credential stuffing at scale, and automated vulnerability discovery.



 

 

 

  [ ![Conceptual image illustrating cybersecurity threats from Akira ransomware exploiting SonicWall VPN MFA vulnerabilities.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/401ac009c2.jpg) ](https://captechgroup.com/threat-intelligence-center/sonicwall-vpn-mfa-bypass-exploited-by-akira-ransom-5ab2f8 "SonicWall VPN MFA Bypass Exploited by Akira Ransomware Gang via CVE-2024-12802")  Security researchers have confirmed that the Akira ransomware gang is exploiting CVE-2024-12802 in SonicWall VPN appliances to circumvent multi-factor authentication protections. Attackers leverage incomplete patching to gain unauthenticated access, then deploy Cobalt Strike beacons for lateral movement and reconnaissance.



 

 

 

  [ ![Conceptual image illustrating cybersecurity threats from crypto ATM scams, highlighting data protection and digital security.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/41411d9a92.jpg) ](https://captechgroup.com/threat-intelligence-center/fbi-reports-388-million-lost-to-crypto-atm-scams-i-21cc8e "FBI Reports $388 Million Lost to Crypto ATM Scams in 2025")  The FBI has documented $388 million in losses attributed to scams involving cryptocurrency ATMs during 2025, marking a significant threat to both individual users and financial institutions. These attacks exploit the pseudonymous nature of cryptocurrency transactions and the physical accessibility of ATM networks.



 

 

 

  [ ![Cybersecurity illustration showing threat vectors targeting gaming studios, emphasizing data protection and digital security.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/ace7dba200.jpg) ](https://captechgroup.com/threat-intelligence-center/financially-motivated-attackers-target-gaming-stud-f111a5 "Financially-Motivated Attackers Target Gaming Studios Through Cultural Vulnerabilities")  Gaming studios have become prime targets for financially-motivated cyberattackers who exploit cultural and organizational vulnerabilities unique to game development environments.



 

 

 

  [ ![Conceptual image illustrating cybersecurity threats from CypherLoc scareware impacting global data protection and digital security.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/c2c0e06292.jpg) ](https://captechgroup.com/threat-intelligence-center/cypherloc-scareware-targets-millions-of-users-glob-162eab "CypherLoc Scareware Targets Millions of Users Globally")  Security researchers have documented a large-scale scareware campaign leveraging the CypherLoc malware family to target millions of users across multiple regions. CypherLoc employs deceptive tactics to convince users their systems are compromised, typically through fake security warnings and fraudulent system scan alerts.



 

 

 

  [ ![Cybersecurity concept illustrating threat vectors in Azure data protection and vulnerabilities in self-service password resets.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/6611f39073.jpg) ](https://captechgroup.com/threat-intelligence-center/storm-2949-abuses-microsoft-self-service-password-ceacb9 "Storm-2949 Abuses Microsoft Self-Service Password Reset to Steal Azure Data")  Threat actor Storm-2949 has been observed exploiting Microsoft Self-Service Password Reset (SSPR) functionality to gain unauthorized access to Azure environments and steal sensitive data. The attack leverages the Kudu console, Microsoft Graph API, and legitimate remote access tools including ScreenConnect and VMAccess to establish persistence and move laterally within compromised tenants.
