April 25, 2024 at 12:06PM A state-sponsored threat actor named UAT4356 conducted a global cyber espionage campaign by exploiting two Cisco zero-day vulnerabilities in firewall devices. Dubbed “ArcaneDoor,” the campaign targeted government networks and utilized custom backdoor malware called “Line Dancer” and “Line Runner.” Organizations are advised to patch their systems and monitor for any … Read more
April 25, 2024 at 03:01AM A new state-sponsored malware campaign, named ArcaneDoor by Cisco Talos, used two zero-day flaws in Cisco networking gear to deploy custom malware for covert data collection. The U.S. CISA added the vulnerabilities to its KEV catalog, requiring federal agencies to apply fixes by May 1, 2024. The campaign exemplifies increased … Read more
April 24, 2024 at 01:10PM Cisco warns of state-backed hacking involving zero-day vulnerabilities in ASA and FTD firewalls used to infiltrate government networks globally. The cyber-espionage campaign, known as ArcaneDoor, targeted vulnerable edge devices since November 2023. Cisco discovered and fixed two zero-days – CVE-2024-20353 and CVE-2024-20359 – and urges customers to upgrade their devices … Read more
April 24, 2024 at 10:48AM An elite team of Iranian hackers infiltrated US companies and government agencies’ employee accounts in a multiyear cyber espionage campaign, aiming to steal military secrets. Entities including the US Departments of Treasury and State, defense contractors, and a hospitality company were compromised. Four Iranian nationals have been indicted, but their … Read more
April 24, 2024 at 09:45AM The U.S. Treasury Department sanctioned two firms and four individuals for cyber activities on behalf of the Iranian IRGC-CEC. The DoJ unsealed an indictment against the individuals for cyber attacks targeting the U.S. government and private entities. A reward of up to $10 million was announced for information leading to … Read more
April 23, 2024 at 04:00PM Four Iranian nationals were indicted in Manhattan federal court for conducting a cyber-espionage campaign targeting U.S. government departments, defense contractors, and private firms, using sophisticated hacking techniques to access and compromise critical systems. The group, still at large, is accused of targeting over a dozen private US companies, primarily cleared … Read more
April 23, 2024 at 09:27AM A Russian APT group, Fancy Bear, has been using a tool called GooseEgg to exploit a vulnerability in the Windows Print Spooler service, enabling privileges elevation and credential theft in intelligence-gathering attacks globally. The group’s history includes targeting Microsoft product vulnerabilities for cyber-espionage, with significant recent activity in attacks against … Read more
April 23, 2024 at 03:39AM The U.S. Department of State plans to impose visa restrictions on 13 individuals linked to commercial spyware activities targeting journalists and human rights defenders. The move aims to counter the misuse and proliferation of spyware, including recent sanctions on the Intellexa Consortium. Additionally, Kaspersky reported an increase in stalkerware victims, … Read more
April 19, 2024 at 02:45AM Government entities in the Middle East are targets of cyber espionage through a new backdoor named CR4T. Russian cybersecurity firm Kaspersky discovered the activity in February 2024 and uncovered a previously undocumented campaign codenamed DuneQuixote. The attackers exhibit advanced evasion capabilities and techniques through various methods to establish persistence. (Words: … Read more
April 18, 2024 at 11:03AM Summary: Ukrainian government networks have been infected with OfflRouter malware since 2015, spreading through infected documents and USB media. The malware targets .DOC files and can modify Windows Registry. Its unusual propagation mechanism and coding mistakes indicate an inventive but inexperienced creator. The malware has been relatively contained within Ukraine. … Read more