November 25, 2024 at 01:29PM Russian APT group Fancy Bear employed a novel “Nearest Neighbor” cyber-espionage technique during the Russia-Ukraine war, infiltrating a US organization by compromising nearby Wi-Fi networks. This remote attack underscores the security risks of proximity and emphasizes the need for stronger defenses against Wi-Fi vulnerabilities and enhanced monitoring practices. ### Meeting … Read more
November 25, 2024 at 04:54AM A Russian cyberespionage group executed a Nearest Neighbor Attack to infiltrate Organization A’s network via Wi-Fi, after compromising a nearby organization. Investigated by Volexity, the attack involved credential theft and sophisticated methods like using Microsoft’s Cipher.exe to erase traces. The incident highlights Wi-Fi security vulnerabilities for organizations. ### Meeting Notes … Read more
November 25, 2024 at 03:34AM Earth Estries, a Chinese APT group, has been targeting critical sectors globally since 2023, utilizing advanced malware like GHOSTSPIDER and SNAPPYBEE. Their tactics involve exploiting public server vulnerabilities for espionage, impacting over 20 organizations across various industries. They employ a complex command-and-control infrastructure, indicating shared tools with other APTs. **Meeting … Read more
November 22, 2024 at 12:17PM A China-linked group, TAG-112, compromised Tibetan media and university websites, delivering the Cobalt Strike toolkit via malicious JavaScript. Visitors were tricked into downloading disguised malware, highlighting ongoing cyber-espionage targeting Tibet. Although linked to a more advanced group (TAG-102), TAG-112 exhibits less sophistication in its attacks. ### Meeting Takeaways – Nov … Read more
November 22, 2024 at 07:12AM Russian-linked threat group TAG-110 has been conducting a cyber espionage campaign targeting Central Asia, East Asia, and Europe, utilizing custom malware HATVIBE and CHERRYSPY. The campaign, focused on government and educational institutions, aims to gather intelligence to support Russia’s geopolitical interests, particularly in post-Soviet states. **Meeting Takeaways – Cyber Espionage … Read more
November 22, 2024 at 07:02AM A Russia-linked cyberespionage group, TAG-110, has targeted over 60 victims across Asia and Europe, mainly in government and education, since at least 2021. Utilizing malware like HatVibe and CherrySpy, the group’s activities align with Russian geopolitical interests, particularly in Central Asia, impacting multiple sectors and national institutions. ### Meeting Takeaways … Read more
November 21, 2024 at 11:57AM China-aligned APT actor Gelsemium is using a new Linux backdoor, WolfsBane, targeting East and Southeast Asia for cyber espionage. Recent findings by ESET reveal WolfsBane and another implant, FireWood, aiming to gather sensitive data. This marks a shift towards Linux malware amidst enhanced security measures in the APT ecosystem. ### … Read more
November 20, 2024 at 02:27AM A new China-linked cyber espionage group named Liminal Panda targets telecommunications entities in South Asia and Africa, employing advanced tools for unauthorized access and data extraction. CrowdStrike highlights prior misattribution and notes that these activities exploit trust relationships among telecom providers, underscoring vulnerabilities in critical infrastructure to state-sponsored attacks. ### … Read more
November 19, 2024 at 11:31AM T-Mobile USA has confirmed being targeted by the Chinese cyber threat group Salt Typhoon, part of a larger espionage campaign affecting multiple telecoms. While T-Mobile found no evidence of data breaches, federal agencies report sensitive information may have been accessed. Experts warn of further attacks and cybersecurity vulnerabilities. ### Meeting … Read more
November 19, 2024 at 02:57AM T-Mobile has confirmed it was targeted by Chinese threat actors, known as Salt Typhoon, during a prolonged cyber espionage campaign. Although no significant impact on T-Mobile’s data has been reported, the situation highlights broader vulnerabilities in U.S. telecoms, including potential theft of sensitive communications. Investigations continue. ### Meeting Takeaways 1. … Read more