Combating the Funnull cybercrime ecosystem. An in-depth analysis of the RingH23 and MacCMS poisoning attack chain

After being sanctioned by the United States, the Funnull cybercrime group quickly resurfaced under a new guise. By leveraging its self-developed RingH23 attack toolkit and supply chain poisoning, it has achieved persistent hijacking and traffic monetization affecting millions of users. This demonstrates a very high level of technical sophistication and refined operational capability, posing an unprecedented threat to the global cybersecurity ecosystem.