August 29, 2024 at 07:48AM U.S. cybersecurity agencies have exposed an Iranian hacking group, Pioneer Kitten, coordinating ransomware attacks in the U.S. and abroad, targeting various sectors including education, finance, healthcare, defense, as well as local government entities. The group also utilizes fake HR websites to collect personal information and surveillance threats aligned with the … Read more
August 28, 2024 at 02:04PM Iranian government-sponsored cybercriminals continue to attack US and foreign networks, using VPN and firewall vulnerabilities. The FBI, CISA, and the Department of Defense warn that Pioneer Kitten targets schools, banks, hospitals, and government agencies. Another group, Peach Sandstorm, linked to the Iranian Islamic Revolutionary Guard Corps, employs a new custom … Read more
August 27, 2024 at 10:06PM Chinese companies are planning to launch multiple satellite constellations for broadband services, potentially extending their content censorship system beyond their borders. The system could be used to monitor, block, and filter content, impacting information flow and imposing state control on a global scale. This presents security and diplomatic concerns, but … Read more
August 27, 2024 at 12:33PM Chinese instant messaging app users are targeted by HZ RAT, a backdoor malware on Apple macOS replicating Windows version. Distributed via RTF documents and software installers, it connects to C2 server for instructions, likely for credential harvesting and reconnaissance. Recent sample impersonates OpenVPN, collecting user data, with most C2 servers … Read more
August 27, 2024 at 10:33AM Volt Typhoon, a China-based cyber espionage group, has been linked with exploiting a high-severity security flaw in Versa Director. The attacks targeted U.S. and non-U.S. victims in ISP, MSP, and IT sectors. The flaw allows malicious file uploads, potentially leading to large-scale supply chain attacks. Recommendations include security mitigations and … Read more
August 21, 2024 at 12:36PM A new remote access trojan called MoonPeak is being used by a state-sponsored North Korean threat activity cluster in a new campaign. This variant of Xeno RAT malware is developed to access and set up new infrastructure to support the campaign, with constant evolution and obfuscation techniques to prevent analysis. … Read more
August 21, 2024 at 07:33AM The Styx Stealer, a new information stealer, was found to have leaked data related to clients, profit information, nicknames, phone numbers, and email addresses due to an operational security lapse by the operator. It is advertised for $75 a month and linked to a Turkey-based threat actor. Check Point uncovered … Read more
August 20, 2024 at 05:06AM State-level Iranian APT TA453 (aka APT42) recently executed a phishing attack by disguising as the research director of ISW and engaging with an Israeli rabbi. They delivered a new monolithic PowerShell Trojan, “AnvilEcho,” bundling their previous espionage tools into a single script. This change aims to reduce malware download size … Read more
August 15, 2024 at 06:39AM Google’s threat intelligence has uncovered an Iranian-linked group’s attempt to infiltrate the personal email accounts of individuals connected to President Biden and former President Trump. The group targeted Biden, Trump, and Vice President Harris, and its activities align with a broader pattern of attempts to disrupt the U.S. election. This … Read more
August 15, 2024 at 03:21AM A new threat actor, known as Actor240524, has launched cyber attacks targeting Azerbaijan and Israel to steal sensitive data, using spear-phishing emails and malware like ABCloader and ABCsync. The attacks aim to avoid detection through anti-sandbox and anti-analysis techniques. NSFOCUS attributes the attacks to disrupt the cooperative relationship between the … Read more