June 13, 2024 at 06:08AM A new report from Cisco Talos details a group called “Cosmic Leopard,” operating as “Operation Celestial Force,” which has been conducting cyber espionage against Indian government and defense entities for at least six years. The group’s tactics include using malware like GravityRAT and HeavyLift to target individuals and organizations. Preventative … Read more
June 11, 2024 at 12:28PM Dutch Military Intelligence and Security Service (MIVD) warned of the significant impact of a Chinese cyber-espionage campaign. Exploiting a critical vulnerability in FortiOS/FortiProxy, Chinese hackers infected 14,000 devices, targeting governments, organizations, and defense industry. They deployed a remote access trojan malware, giving them permanent access to systems and breaching at … Read more
June 7, 2024 at 12:06PM Cybersecurity researchers have discovered that the LightSpy spyware targeting Apple iOS users is actually an undocumented macOS variant, capable of infecting various platforms and devices. The macOS version has been active since January 2024, with capabilities to harvest various types of information and intercept communications. The ongoing development sheds light … Read more
June 6, 2024 at 09:40AM Google and Microsoft warn of high cyber threat risk for the 2024 Paris Olympics, particularly from Russian threat actors. Threats include espionage, disruption, and financially motivated activities targeting event organizers, infrastructure, and spectators. State-sponsored groups from China, Iran, and North Korea represent a moderate to low risk. Microsoft observes malign … Read more
June 6, 2024 at 07:42AM Multiple China-linked state-sponsored cyberespionage groups, known as Operation Crimson Palace, targeted a Southeast Asian government over years. They utilized various tools, including a new malware named PocoProxy, for reconnaissance and data harvesting. Sophos identified three clusters of activity, suggesting a coordinated campaign under a central authority to support Chinese state … Read more
June 5, 2024 at 04:14PM Since at least March 2023, Chinese state-sponsored actors have launched the Crimson Palace cyberespionage campaign against a Southeast Asian government agency. The campaign involved new malware variants and three coordinated activity clusters. These clusters, operating during Chinese work hours, engaged in reconnaissance, lateral movement, and persistent access management. Sophos researchers … Read more
June 5, 2024 at 07:54AM A high-profile government organization in Southeast Asia became the target of a lengthy Chinese state-sponsored cyber espionage campaign named Crimson Palace. The operation aimed to maintain network access for espionage, focusing on accessing critical systems, gathering sensitive information, and deploying various malware. The attackers utilized an array of tools and … Read more
June 5, 2024 at 06:00AM Cisco released a security advisory following reports that the German government’s use of Cisco Webex was compromised. Vulnerabilities in the on-premises version of Webex allowed access to internal meetings and high-ranking officials’ rooms, potentially exposing sensitive information. The German government took its Webex instance offline and Cisco has released patches … Read more
May 31, 2024 at 09:36AM SecurityWeek compiles important cybersecurity news, highlighting impactful stories. Recent articles cover threats like abusing BitLocker for ransomware, critical data exposure in India, AI-as-a-service vulnerability, and surveillance using Wi-Fi-based positioning systems. Additionally, a memorandum of understanding aims to boost electric sector cybersecurity, while cyberspying targets political entities in multiple regions. Based … Read more
May 29, 2024 at 08:12AM Microsoft reports a new North Korean threat actor, Moonstone Sleet, targeting education, defense, and IT for espionage and revenue. The group combines tactics of other North Korean actors with unique methods, using fake companies and job opportunities to engage potential targets, employing trojanized tools, launching a custom ransomware, and engaging … Read more