Russia’s FIN7 is peddling its EDR-nerfing malware to ransomware gangs

July 18, 2024 at 09:50AM Russian cybercrime syndicate FIN7 has been selling its AvNeutralizer malware to various ransomware gangs. The custom security solution-disabling tool is marketed under different pseudonyms and is effective at evading numerous endpoint security products. Researchers have identified the use of the tool by different ransomware campaigns and highlighted the group’s continuous … Read more

Chinese Threat Clusters Triple-Team a High-Profile Asia Government Org

June 5, 2024 at 06:40AM A new Sophos report reveals the extensive collaboration and sophistication of “Operation Crimson Palace,” an attack by three Chinese state-aligned threat clusters targeting a Southeast Asian government organization. Their teamwork involved advanced malware tools and evasion techniques, allowing them to steal sensitive military and political secrets. The report avoids specific … Read more

How to Identify a Cyber Adversary: What to Look For

March 14, 2024 at 10:07AM Attributing a cyber incident to a specific threat actor involves multiple factors. Based on the meeting notes, it is clear that attributing a cyber incident to a specific threat actor is a complex task with many factors involved. Full Article

October 10, 2023 at 12:16PM – North Korea’s State-Sponsored APTs Organize & Align

October 10, 2023 at 12:16PM North Korean APT groups have increased collaboration and coordination during the COVID-19 pandemic. The lines are blurring between individual groups, making it difficult to determine responsibility for specific threat activities. North Korean actors are diversifying attacks, sharing tools and code, and targeting the supply chain. Collaboration between defenders, governments, and … Read more