cyberespionage

Cyberespionage Campaign Targets Government, Energy Entities in India

by

March 28, 2024 at 11:12AM A cyberespionage campaign, dubbed Operation FlightNight, targeted government entities and energy organizations in India using phishing emails masquerading as Indian Air Force invitation letters. The malware exfiltrated data from victim machines, including financial documents and employee information. The attackers modified an open-source information stealer and utilized Slack channels for communication … Read more

Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite

by

March 27, 2024 at 12:21PM Indian government entities and energy companies were targeted by unknown threat actors using a modified version of the HackBrowserData malware, exfiltrating sensitive information through Slack. The operation, codenamed FlightNight, impacted multiple government entities and harvested 8.81 GB of data, including confidential documents and financial records. The attackers repurposed legitimate tools … Read more

Two Chinese APT Groups Ramp Up Cyber Espionage Against ASEAN Countries

by

March 27, 2024 at 01:15AM China-linked APT groups have targeted ASEAN member countries in a cyber espionage campaign. Mustang Panda used phishing emails and malware to attack entities during the ASEAN-Australia Special Summit. Trend Micro also uncovered a new threat actor called Earth Krahang targeting 116 entities across 35 countries. Leaked documents from I-Soon revealed … Read more

Finland confirms APT31 hackers behind 2021 parliament breach

by

March 26, 2024 at 05:28PM The Finnish Police confirmed APT31 hacking group, linked to the Chinese MSS, behind the breach of Finland’s parliament in March 2021. A joint investigation revealed offenses including espionage and violation of communication secrecy, identifying one suspect. The U.S. and the UK have sanctioned individuals and entities related to APT31’s operations. … Read more

UK elections are unaffected by China’s cyber-interference, says deputy PM

by

March 26, 2024 at 05:33AM UK’s Deputy Prime Minister, Oliver Dowden, asserts that China’s attempts to undermine UK elections were unsuccessful. The cyberattack on the 2021 Electoral Commission compromised voters’ data. China-linked APT31 targeted UK parliamentarians, prompting sanctions by the UK and US. The National Cyber Security Centre (NCSC) updated its guidance, and China is … Read more

Chinese nationals charged with cyber-spying on US biz and more for Beijing

by

March 25, 2024 at 06:23PM The United States accused seven Chinese individuals, members of cyber-espionage group APT31, of hacking into critical infrastructure organizations’ computer networks, email accounts, and cloud storage. UK also alleged their involvement in email compromises. Both countries sanctioned a front company for China’s Ministry of State Security (MSS) and two of the … Read more

US sanctions APT31 hackers behind critical infrastructure attacks

by

March 25, 2024 at 12:11PM The U.S. Treasury Department sanctioned Wuhan-based company used by Chinese Ministry of State Security for attacks on U.S. critical infrastructure. Two Chinese nationals linked to APT31 hacking group, working for the company, also sanctioned. Joint effort with DOJ, FBI, State Department, and UK FCDO. UK also sanctioned Wuhan XRZ and … Read more

Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks

by

March 25, 2024 at 04:39AM Iran-affiliated threat actor MuddyWater launches a new phishing campaign targeting Israeli entities. They aim to deliver a Remote Monitoring and Management solution called Atera through malicious links in emails and PDF attachments. Another Iranian group, Lord Nemesis, breaches a software services provider, leading to a software supply chain attack on … Read more

N. Korea-linked Kimsuky Shifts to Compiled HTML Help Files in Ongoing Cyberattacks

by

March 24, 2024 at 02:57AM Kimsuky, a North Korea-linked threat actor, has been observed utilizing Compiled HTML Help (CHM) files to distribute malware, targeting entities in South Korea, North America, Asia, and Europe. The cybersecurity firm Rapid7 has attributed this activity to Kimsuky with moderate confidence. The group’s tactics include deploying an Endoor backdoor malware … Read more

Russia’s Cozy Bear caught phishing German politicos with phony dinner invites

by

March 23, 2024 at 03:58AM Russian cyberspies targeted German political parties using phishing emails disguised as dinner invitations. The emails contained a backdoor, WINELOADER, that aimed to infect targets’ PCs for long-term access to networks and data. The espionage group, linked to the Russian Foreign Intelligence Service, has expanded its targets, techniques, and even lurked … Read more