November 20, 2024 at 03:38PM A new threat actor, Liminal Panda, has been spying on mobile phones in Asia and Africa for over four years, targeting telecommunications networks to gather sensitive data for potential use by the Chinese state. The group’s tactics involve network-based attacks and exploiting telecommunications infrastructure for economic and political espionage. ### … Read more
October 31, 2024 at 09:24AM China accused foreign entities of spying using maritime equipment shortly after state-sponsored hackers targeted Trump and Harris’ campaigns. The Ministry of State Security raised concerns over espionage in maritime activities. Recent reports also revealed attempts to infiltrate U.S. telecommunications by Chinese hackers, emphasizing the urgent need for improved cybersecurity measures. … Read more
October 29, 2024 at 05:11PM The China-sponsored hacking group Evasive Panda has launched CloudScout, a sophisticated toolset to exploit stolen Web session cookies and access data from cloud services like Google Drive and Gmail. This post-compromise tool evades authentication checks and illustrates the group’s advanced cyberespionage skills targeting civil society and political entities. ### Meeting … Read more
October 24, 2024 at 09:05AM Lazarus APT developed a fraudulent website leveraging a Chrome zero-day vulnerability to install malware and steal cryptocurrency, as reported by SecurityWeek. **Meeting Notes Takeaways:** 1. **Event Overview**: The Lazarus APT (Advanced Persistent Threat) group has developed a deceptive website. 2. **Exploitation Method**: The group exploited a zero-day vulnerability in Chrome … Read more
October 17, 2024 at 06:42AM An APT group known as SideWinder, linked to India, has launched numerous attacks on key entities in the Middle East and Africa, utilizing multi-stage infection methods with a new toolkit called StealerBot. Targeted sectors include government, military, finance, and telecommunications across various countries, highlighting their evolving cyber capabilities. ### Meeting … Read more
October 14, 2024 at 09:15AM Iran-linked APT OilRig has escalated its cyber activities targeting the United Arab Emirates and the Gulf region, exploiting recent vulnerabilities in the Windows kernel, according to a report by SecurityWeek. **Meeting Takeaways:** 1. **APT OilRig Activity**: The threat actor group OilRig, linked to Iran, has increased its cyber operations targeting … Read more
October 9, 2024 at 07:37PM The cyberespionage group GoldenJackal hacked air-gapped government and diplomatic PCs using custom malware twice, targeting a European government from May 2022 to March 2024 and a South Asian embassy in 2019. This Russian-speaking group has developed sophisticated tools over several years, employing various infection methods for data theft. ### Meeting … Read more
September 13, 2024 at 08:03AM David Rose of Rose Tech Ventures discussed two startups, one hit by scammers and another surviving due to better security. Startups often overlook cybersecurity, but Volt Typhoon’s attack on Versa Networks and other startups shows the critical need for improved security. Investors are increasingly pushing for cybersecurity plans, especially in … Read more
February 15, 2024 at 10:52AM The Russia-sponsored APT group Turla launched a cyberespionage campaign targeting Polish NGOs, using a new backdoor named “TinyTurla-NG” with modular capabilities. The backdoor allows execution of PowerShell and Windows Command Line Interface commands, and a new implant, TurlaPower-NG, for exfiltrating files. Turla also employs old tactics like compromised WordPress-based websites … Read more
February 14, 2024 at 02:51PM Foreign government-backed hacking teams are leveraging OpenAI’s ChatGPT for malicious activities, including vulnerability research, target reconnaissance, and malware creation. Microsoft and OpenAI collaborated to study the use of large language models (LLMs) by these actors and found multiple known APTs experimenting with ChatGPT for malicious purposes. Microsoft took measures to … Read more