May 28, 2024 at 11:33PM A cyber-espionage group, Transparent Tribe, known for targeting government and defense sectors in India, has expanded its tactics to include targeting Linux systems using legitimate software techniques, including Google Drive and Telegram. Despite a history of targeting India, the group has also attacked the US, Europe, and Australia. They utilize … Read more
May 28, 2024 at 02:01PM Microsoft has linked the North Korean hacking group Moonstone Sleet to FakePenny ransomware attacks, causing millions of dollars in ransom demands. Moonstone Sleet has adopted novel attack methods and infrastructure, targeting various industries and employing trojanized software, malicious games, and fake companies. This expansion into ransomware may indicate a shift … Read more
May 27, 2024 at 03:54AM The Pakistan-based Transparent Tribe has been linked to new attacks targeting Indian government, defense, and aerospace sectors using cross-platform malware. The attacks, spanning from late 2023 to April 2024, utilized popular online services for spear-phishing campaigns. The group is known for cyber espionage operations and has experimented with new intrusion … Read more
May 24, 2024 at 06:00AM Cybersecurity researchers have identified BLOODALCHEMY, a new form of malware targeting government organizations in Southern and Southeastern Asia, as an updated version of Deed RAT and a successor to ShadowPad. This discovery is crucial due to the history of ShadowPad in APT campaigns. The malware’s capabilities, attack chains, and code … Read more
May 23, 2024 at 10:45AM Sharp Panda, a China-linked threat actor, has broadened its scope to target government organizations in Africa and the Caribbean, utilizing Cobalt Strike Beacon to execute cyber espionage and displaying a sophisticated understanding of its targets. This expansion aligns with China’s strategic efforts to extend influence, as seen in the wider … Read more
May 23, 2024 at 07:36AM Chinese APT group targets governmental entities in the Middle East, Africa, and Asia in cyber espionage campaign dubbed Operation Diplomatic Specter since late 2022. Palo Alto Networks researchers found long-term espionage operations and rare email exfiltration techniques. The attacks include diplomatic and economic missions, embassies, military operations, political meetings, and … Read more
May 22, 2024 at 01:40PM China-linked state-backed hackers are using operational relay box (ORB) networks as proxy meshes for cyberespionage operations. These ORBs involve hybrid combinations of VPS services and compromised IoT devices. Two networks, ORB3/SPACEHOP and ORB2/FLORAHOX, are being used for reconnaissance and vulnerability exploitation, creating challenges for detection and attribution. Attackers are evading … Read more
May 17, 2024 at 05:54AM The US government has charged, seized funds, and made arrests in an effort to disrupt a North Korean scheme involving IT workers infiltrating companies. The workers stole identities to secure jobs and diverted their earnings to fund North Korea’s nuclear program. Two individuals have been arrested, with rewards offered for … Read more
May 16, 2024 at 10:15AM The Kimsuky hacking group is behind a new social engineering attack, using fictitious Facebook accounts to target individuals via Messenger and deliver malware. The campaign impersonates a legitimate individual to trick activists in the North Korean human rights and anti-North Korea sectors. This approach aims to avoid detection and may … Read more
May 16, 2024 at 09:35AM North Korean hacker group Kimsuki, linked to military intelligence, used trojanized software packages to deliver Linux malware Gomir in cyberespionage campaigns against South Korean targets. The malware, a variant of GoBear, exhibits persistent behaviors on Linux machines and supports 17 operations through HTTP POST requests. It’s part of a supply-chain … Read more