May 4, 2024 at 05:30AM Czechia and Germany were targeted by a long-term cyber espionage campaign by Russia-linked APT28, utilizing a security flaw in Microsoft Outlook. The attack compromised email accounts and targeted various industry verticals. The European Union, NATO, U.K., and U.S. condemned the cyber campaign. Additionally, there were reports of DDoS attacks and … Read more
May 3, 2024 at 09:57AM Threat actors are increasingly using Microsoft Graph API for malicious purposes to evade detection, enabling communication with command-and-control (C&C) infrastructure on Microsoft cloud services. Symantec uncovered instances of nation-state-aligned hacking groups using this method, including the deployment of previously undocumented malware called BirdyClient. The popularity of Graph API among attackers … Read more
May 3, 2024 at 09:10AM Trend Micro reports that the APT28 cyberespionage group, linked to Russia, used a botnet of Ubiquiti routers for espionage. The FBI dismantled the botnet in January 2024, but Trend Micro found remnants and expanded botnet details. APT28 used infected devices for various illicit activities, including proxying stolen credentials and cryptocurrency … Read more
April 24, 2024 at 09:15AM The US cybersecurity agency CISA has added a two-year-old Windows Print Spooler flaw, CVE-2022-38028, to its Known Exploited Vulnerabilities catalog due to exploitation by APT28. Federal agencies are required to address this vulnerability within three weeks, while all organizations are urged to perform vulnerability assessments and apply the available patches … Read more
April 23, 2024 at 10:13AM APT28, a Russia-linked cyberespionage group, utilized Windows Print Spooler vulnerabilities to deploy GooseEgg, a custom post-exploitation tool targeting organizations in the US, Ukraine, and Western Europe. The tool can grant attackers elevated privileges, enabling activities such as remote code execution and backdoor deployment. Microsoft advises applying security updates and disabling … Read more
April 23, 2024 at 09:27AM A Russian APT group, Fancy Bear, has been using a tool called GooseEgg to exploit a vulnerability in the Windows Print Spooler service, enabling privileges elevation and credential theft in intelligence-gathering attacks globally. The group’s history includes targeting Microsoft product vulnerabilities for cyber-espionage, with significant recent activity in attacks against … Read more
April 23, 2024 at 01:27AM APT28, also known as Fancy Bear and Forest Blizzard, perpetrated cyber attacks using GooseEgg malware exploiting a Windows Print Spooler flaw, targeting organizations in Ukraine, Western Europe, and North America. The group, affiliated with Russia’s military intelligence agency, has a history of using public exploits for intelligence gathering. IBM X-Force … Read more
April 22, 2024 at 01:25PM Microsoft warns of the Russian APT28’s GooseEgg tool exploiting Windows Print Spooler vulnerability to escalate privileges and steal data. The group, linked to Russia’s GRU, deploys GooseEgg using Windows batch scripts, dropping a malicious DLL to gain SYSTEM-level access. GooseEgg has been used in cyber attacks against various government and … Read more
March 19, 2024 at 10:12AM Generative AI, used in cyber threats, can create self-augmenting malware to evade YARA rules. This allows for the modification of malware code to bypass detection, posing risks in impersonation and reconnaissance operations. Organizations are urged to be cautious with publicly accessible images and videos to mitigate such threats. Additionally, there … Read more
March 18, 2024 at 02:21AM APT28, a Russia-linked threat actor, has been implicated in multiple ongoing phishing campaigns targeting entities in Europe, the South Caucasus, Central Asia, and North and South America. IBM X-Force is tracking the activity under the alias ITG05 and has observed the group using various tactics, including deploying unique backdoors and … Read more