October 8, 2024 at 12:05PM GoldenJackal, an APT hacking group, breached air-gapped European government systems using custom toolsets to steal sensitive data, including emails, encryption keys, and documents. They utilized malware like GoldenDealer and GoldenAce, spreading through USB drives. Kaspersky warned of their focus on government entities for espionage. ESET reported new modular toolsets used … Read more
July 10, 2024 at 06:08AM Ransomware groups are evolving beyond encrypting and demanding payments to stealing sensitive information with custom malware. Cisco Talos revealed key tactics and identified 14 prominent ransomware groups, emphasizing their unique goals and activities. These groups employ double-extortion tactics and offer bespoke malware for data exfiltration. They utilize social engineering and … Read more
May 22, 2024 at 11:19AM Cybersecurity researchers uncovered a new threat group called Unfading Sea Haze, targeting high-level organizations in South China Sea countries. The attackers have ties to Chinese interests, utilize various malware and persistence techniques, and engage in manual data exfiltration, suggesting a focused espionage campaign. The group’s sophisticated arsenal and tactics aim … Read more
April 5, 2024 at 04:33AM Several China-linked threat actors are exploiting zero-day security flaws impacting Ivanti appliances, with Mandiant tracking multiple clusters, financially motivated actors, and post-exploitation activities involving the deployment of various malware tools. This underscores the threat posed by edge appliances and the actors’ ability to tailor their tradecraft to evade detection. Based … Read more
December 11, 2023 at 11:22AM North Korean hackers, under the Andariel group within the Lazarus collective, continue to exploit Log4Shell by launching attacks using new remote access Trojans written in the “D” programming language. These attacks illustrate their uniqueness as they exploit rare programming languages to evade detection, adding complexity to malware detection efforts. Their … Read more
October 31, 2023 at 01:55PM APT group Arid Viper is targeting Arabic-speaking Android users with a fake dating app called Skipped. It collects sensitive user information by sharing malicious links disguised as updates. The attackers control the domains used in the campaign and have been active since April 2022. The malware can disable security notifications … Read more