{"id":4486,"date":"2026-02-13T00:38:47","date_gmt":"2026-02-13T00:38:47","guid":{"rendered":"http:\/\/ft365.org\/index.php\/2026\/02\/13\/world-leaks-ransomware-group-adds-stealthy-custom-malware-rustyrocket-to-attacks\/"},"modified":"2026-02-13T00:38:47","modified_gmt":"2026-02-13T00:38:47","slug":"world-leaks-ransomware-group-adds-stealthy-custom-malware-rustyrocket-to-attacks","status":"publish","type":"post","link":"http:\/\/ft365.org\/index.php\/2026\/02\/13\/world-leaks-ransomware-group-adds-stealthy-custom-malware-rustyrocket-to-attacks\/","title":{"rendered":"World Leaks Ransomware Group Adds Stealthy, Custom Malware \u2018RustyRocket\u2019 to Attacks"},"content":{"rendered":"
\n

\"Photo<\/p>\n<\/div>\n

\n

World Leaks, the cyber-criminal data extortion group which has targeted some of the world\u2019s biggest companies, has added a novel, never-before-seen malware to their arsenal, research by Accenture Cybersecurity has revealed.<\/p>\n

Accenture has named the malware \u2018RustyRocket\u2019. It allows World Leaks to stealthily maintain persistence on networks and forms a key part of the extortion groups\u2019 attacks.<\/p>\n

\u201cThe sophisticated toolset is a critical component of World Leaks\u2019 operations and has functioned entirely under the radar, enabling affiliates to stealthily exfiltrate data and proxy traffic across victim environments,\u201d T. Ryan Whelan, MD and global head of Accenture cyber intelligence said in a LinkedIn post, which revealed the research.<\/p>\n

World Leaks is classed as a ransomware group, but rather than encrypting data and demanding a ransom for a decryption key, they steal sensitive corporate and personal data then threaten to publish it if they are not paid a ransom.<\/p>\n

The group has claimed Nike among their victims and exposed over 188,000 stolen files after the sports brand refused to give in to extortion demands.<\/p>\n

RustyRocket, A Sophisticated Rust Malware<\/strong><\/h2>\n

Written in Rust and designed to target both Microsoft Windows and Linux environments, RuskyRocket malware is described as a \u201csophisticated data exfiltration and proxy tool\u201d which allows attackers to steal data through heavily obfuscated, multi-layered encrypted tunnels.<\/p>\n

This blends the malicious activity within legitimate network activity. Researchers note that this makes RustyRocket activity by World Leaks \u201cexceptionally difficult\u201d to detect.<\/p>\n

The malware is also designed to be difficult to monitor. To achieve this, RustyRocket employs a novel execution guardrail of requiring the user to input a pre-encrypted configuration at runtime.<\/p>\n

\u201cIn short,\u00a0this means\u00a0RustyRocket\u00a0is extremely hard to spot and\u00a0highly flexible,\u00a0making it perfectly\u00a0crafted to steal data, proxy networks, and spearhead\u00a0extortion\u2011focused cyber-attacks,\u201d said Whelan.<\/p>\n

World Leaks has been active since early 2025 and typically gains initial network access via social engineering, stolen credentials or exploiting exposed infrastructure.<\/p>\n

By deploying sophisticated, stealthy tools like RustyRocket, World Leaks can maintain persistence within the network, taking that time to gather the data which is ultimately used for blackmail extortion.<\/p>\n

\u201cRustyRocket\u00a0is\u00a0a good example of\u00a0how\u00a0hackers\u00a0are evolving\u00a0techniques to confound traditional defenses,\u201d said Whelan<\/p>\n

\u201cIt\u00a0demonstrates\u00a0that the\u00a0best defense\u00a0for\u00a0enterprises is\u00a0to\u00a0strengthen\u00a0defenses\u00a0by leaning into\u00a0advanced\u00a0approaches\u00a0for\u00a0continuous threat exposure management,\u00a0security testing, and\u00a0red teaming,\u00a0all\u00a0while\u00a0preparing\u00a0your people\u00a0to\u00a0be\u00a0ready\u00a0for such attacks,\u201d he added.<\/p>\n

To help defend against World Leaks cyber-attacks which deploy RustyRocket, as well as similar malware, ransomware and extortion campaigns, Accenture recommended that organizations monitor for anomalous outbound data transfers and that network segmentation should be applied to limit lateral movement by attackers.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"

World Leaks, the cyber-criminal data extortion group which has targeted some of the world\u2019s biggest companies, has added a novel, never-before-seen malware to their arsenal, research by Accenture Cybersecurity has revealed. Accenture has named the malware \u2018RustyRocket\u2019. It allows World Leaks to stealthily maintain persistence on networks and forms a key part of the extortion<\/p>\n","protected":false},"author":2,"featured_media":4487,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-4486","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4486-27e9fb86-9132-45a9-bbdf-e657a5607717.jpg",300,300,false],"thumbnail":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4486-27e9fb86-9132-45a9-bbdf-e657a5607717-150x150.jpg",150,150,true],"medium":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4486-27e9fb86-9132-45a9-bbdf-e657a5607717.jpg",300,300,false],"medium_large":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4486-27e9fb86-9132-45a9-bbdf-e657a5607717.jpg",300,300,false],"large":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4486-27e9fb86-9132-45a9-bbdf-e657a5607717.jpg",300,300,false],"1536x1536":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4486-27e9fb86-9132-45a9-bbdf-e657a5607717.jpg",300,300,false],"2048x2048":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4486-27e9fb86-9132-45a9-bbdf-e657a5607717.jpg",300,300,false],"morenews-featured":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4486-27e9fb86-9132-45a9-bbdf-e657a5607717.jpg",300,300,false],"morenews-large":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4486-27e9fb86-9132-45a9-bbdf-e657a5607717.jpg",300,300,false],"morenews-medium":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4486-27e9fb86-9132-45a9-bbdf-e657a5607717.jpg",300,300,false],"crawlomatic_preview_image":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4486-27e9fb86-9132-45a9-bbdf-e657a5607717-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"http:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/4486","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=4486"}],"version-history":[{"count":0,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/4486\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/4487"}],"wp:attachment":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=4486"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=4486"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=4486"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}