cyberespionage

Russian Cyberspies Targeting Cloud Infrastructure via Dormant Accounts

by

February 26, 2024 at 12:09PM Russian cyberespionage threat actors are now targeting cloud services as organizations shift to cloud-based infrastructure, warned by government agencies in the Five Eye countries. This includes tactics like brute-force attacks, exploiting dormant accounts, using tokens to bypass multi-factor authentication, and deploying post-compromise tools, as well as utilizing residential proxies to … Read more

Lovers’ Spat? North Korea Backdoors Russian Foreign Affairs Ministry

by

February 23, 2024 at 01:56PM North Korean hackers have been found spying on Russia by planting a backdoor within Russian government software. The backdoor was bundled inside a Russian-language installer associated with an internal tool, “Statistika KZU,” used by Russia’s Ministry of Foreign Affairs. This reveals a targeted and precise approach by North Korean hackers … Read more

An Online Dump of Chinese Hacking Documents Offers a Rare Window Into Pervasive State Surveillance

by

February 22, 2024 at 09:15AM Chinese police are investigating a significant unauthorized online dump of documents from a private security contractor with ties to the Chinese government. The leaked documents reveal the company’s hacking activity and tools used to spy on both Chinese and foreigners, as well as their efforts to surveil dissidents and promote … Read more

Russian Government Software Backdoored to Deploy Konni RAT Malware

by

February 22, 2024 at 05:51AM A Russian Consular Department of the Ministry of Foreign Affairs (MID) installer has been found to deliver a remote access trojan called Konni RAT, likely originating from North Korean actors targeting Russia. The trojanized installer is intended for internal use within the MID and has been linked to other espionage … Read more

Mustang Panda Targets Asia with Advanced PlugX Variant DOPLUGS

by

February 21, 2024 at 08:15AM Mustang Panda, a China-linked threat actor, has used a variant of the PlugX backdoor called DOPLUGS to target countries in Asia, especially Taiwan and Vietnam. The group is known for well-crafted spear-phishing campaigns and has deployed customized PlugX variants like RedDelta and DOPLUGS since 2018. They also use plugins for … Read more

Hacked Iraqi Voter Information Found For Sale Online

by

February 20, 2024 at 11:49AM Researchers uncovered voter data sale following a breach against Iraq’s Independent High Electoral Commission. The 21.58 GB database contains Iraqi voter info and a custom software client. Election cyber threats surged to 26% in 2022, jeopardizing democratic processes worldwide. Resecurity confirmed the leak and highlighted election threats from various actors … Read more

Volt Typhoon Seen Exfiltrating Sensitive OT Data

by

February 20, 2024 at 09:03AM The industrial cybersecurity firm Dragos has identified Volt Typhoon, a hacker group linked to the Chinese government, as a serious threat to organizations using industrial control systems (ICS) or operational technology (OT). The group’s cyberespionage activities and potential for disruption in critical infrastructure are highlighted in Dragos’ 2023 ICS/OT Cybersecurity … Read more

New Report Reveals North Korean Hackers Targeting Defense Firms Worldwide

by

February 20, 2024 at 06:27AM North Korean-sponsored threat actors are conducting cyber espionage targeting the defense sector worldwide. The Lazarus Group is blamed for using social engineering to infiltrate the defense sector through a long-standing operation called Dream Job. Another incident involved an intrusion into a defense research center, executed by a North Korea-based threat … Read more

North Korean hackers linked to defense sector supply-chain attack

by

February 19, 2024 at 03:26PM The BfV and NIS issued a joint advisory warning of cyber-espionage operations by North Korean actors targeting the global defense sector. The attacks focus on stealing military technology and utilizing tactics like supply-chain attacks and social engineering. The advisory provides detailed steps and recommends security measures such as limiting access, … Read more

Russian-Linked Hackers Breach 80+ Organizations via Roundcube Flaws

by

February 19, 2024 at 12:45AM Belarus and Russia-linked threat actors, identified as Winter Vivern, conducted a cyber espionage campaign exploiting vulnerabilities in Roundcube webmail servers, targeting over 80 organizations in Georgia, Poland, and Ukraine. The campaign aimed to gather intelligence on European political and military activities, demonstrating high sophistication in attack methods. TAG-70 also targeted … Read more