September 27, 2024 at 09:44AM Microsoft issued a warning about Storm-0501’s shift in tactics, targeting hybrid cloud environments. Despite being a relatively new group, Storm-0501 is prolific in carrying out ransomware attacks and has been linked to various ransomware affiliate programs. The group typically targets over-privileged accounts, and Microsoft has provided threat-hunting tips and indicators … Read more
May 7, 2024 at 05:56PM The MITRE Corporation was targeted by China-linked hackers who used various backdoors and web shells. The attackers gained access to NERVE, MITRE’s research network, and deployed five unique payloads over several months. MITRE emphasized the importance of secure design, zero trust, and continuous authentication in light of the attackās aftermath. … Read more
January 30, 2024 at 09:34AM Mustang Panda, a China-based threat actor, is suspected of targeting Myanmar’s Ministry of Defence and Foreign Affairs in two campaigns using backdoors and remote access trojans. The group has been active since 2012 and has targeted Southeast Asian governments and the Philippines. The attacks involve phishing emails, rogue DLLs, and … Read more
October 19, 2023 at 04:33PM North Korean state-backed threat groups, Diamond Sleet and Onyx Sleet, are exploiting a critical vulnerability in JetBrains TeamCity server to carry out cyber espionage, data theft, and other malicious activities. Over 30,000 organizations, including Citibank, Nike, and Ferrari, use TeamCity. The vulnerability allows attackers to gain administrative privileges and execute … Read more