June 28, 2024 at 03:08PM TeamViewer disclosed that it was infiltrated by Russian cyber-spies, Cozy Bear, who gained access to its systems through a worker’s login. The breach was limited to non-production systems, with no evidence of accessing customer data. Similar to previous attacks, the group’s tactics align with known techniques, raising concerns about potential … Read more
June 28, 2024 at 10:48AM TeamViewer, a widely used RMM software, has reported a breach in their corporate network believed to be orchestrated by the Russian state-sponsored hacking group Midnight Blizzard. The company believes the breach occurred using an employee’s credentials. TeamViewer assures customers that their production environment and customer data were not accessed, recommending … Read more
June 28, 2024 at 05:48AM TeamViewer detected a network compromise by a Russian APT group. The company’s internal IT environment was affected, but there’s no evidence of impact on the product environment or customer data. NCC Group and Health-ISAC reported the APT group’s involvement, recommending a review of remote desktop traffic. TeamViewer promises transparency during … Read more
June 28, 2024 at 02:27AM TeamViewer detected an “irregularity” in its internal IT environment on June 26, 2024. The company immediately activated a response team and began investigations with cyber security experts. It stated that no customer data was impacted and an investigation is ongoing. The U.S. Health-ISAC issued a bulletin about threat actors’ exploitation … Read more
June 20, 2024 at 08:37AM The CERT-FR report on Nobelium’s cyber activities revealed the group’s espionage focus and targeting of French diplomatic entities, including the Ministry of Foreign Affairs. The report warns of Nobelium’s threat to national security and diplomatic interests, amid concerns about Russian interference in French affairs, particularly during election periods. The group’s … Read more
March 28, 2024 at 12:38PM Cisco has released recommendations to address password-spraying attacks targeting Remote Access VPN services on Cisco Secure Firewall devices, which are believed to be part of reconnaissance activity. The company suggests indicators of compromise for detection and blocking, such as abnormal authentication requests and inability to establish VPN connections. Security researcher … Read more
March 23, 2024 at 03:58AM Russian cyberspies targeted German political parties using phishing emails disguised as dinner invitations. The emails contained a backdoor, WINELOADER, that aimed to infect targets’ PCs for long-term access to networks and data. The espionage group, linked to the Russian Foreign Intelligence Service, has expanded its targets, techniques, and even lurked … Read more
March 22, 2024 at 03:33PM Researchers warn that a Russian intelligence-linked hacking group, APT29, has shifted focus to target political parties in Germany, utilizing phishing tactics to deploy backdoor malware, WineLoader. This marks a significant change for the group, previously known for targeting governments and embassies. The shift suggests an intention to influence or monitor … Read more
March 22, 2024 at 12:48PM Mandiant discovered Russia’s APT29 hacking group targeting German political parties, marking a potential shift from diplomatic targets. The group used phishing emails with a malware dropper and backdoor to infiltrate systems. Mandiant noted the group’s evolving tactics and previous high-profile attacks, cautioning about their adaptability and broad threat to Western … Read more
March 8, 2024 at 11:57PM Microsoft disclosed that the Kremlin-backed threat actor Midnight Blizzard gained access to some source code repositories and internal systems following a hack in January 2024. The company stated that it is investigating the extent of the breach and has increased its security investments in response to the attack. The breach … Read more