Former British Cyberespionage Agency Employee Gets Life in Prison for Stabbing an American Spy

November 1, 2023 at 07:09AM A former British cyberespionage employee, Joshua Bowles, was sentenced to life in prison for the attempted murder of an American intelligence worker. Bowles carried out a pre-meditated and politically motivated attack, targeting the woman solely because of her role with the National Security Agency. The attack was driven by Bowles’ … Read more

Arid Viper Targeting Arabic Android Users with Spyware Disguised as Dating App

October 31, 2023 at 11:17AM A cyber espionage group known as Arid Viper has been identified as responsible for an Android spyware campaign targeting Arabic-speaking users. The campaign uses a counterfeit dating app to gather data from infected devices. The malware has features that allow for the collection of sensitive information and the deployment of … Read more

France says Russian state hackers breached numerous critical networks

October 26, 2023 at 12:45PM The Russian APT28 hacking group, also known as ‘Strontium’ or ‘Fancy Bear,’ has been targeting various entities in France since the second half of 2021. They have exploited vulnerabilities in WinRAR and Microsoft Outlook, compromised peripheral devices, and utilized VPN clients. ANSSI recommends focusing on email security to defend against … Read more

StripedFly malware framework infects 1 million Windows, Linux hosts

October 26, 2023 at 10:56AM StripedFly is a sophisticated cross-platform malware that infected over a million Windows and Linux systems for five years. Kaspersky discovered it in 2022 and found evidence of its activity since 2017. The malware features TOR-based traffic concealing mechanisms, automated updating, worm-like spreading, and an exploit created before it was publicly … Read more

Winter Vivern APT Blasts Webmail Zero-Day Bug With One-Click Exploit

October 25, 2023 at 11:41AM Winter Vivern, a low-profile threat group, has been exploiting a zero-day flaw in Roundcube Webmail servers to target governmental organizations and a think tank in Europe. The group sends a specially crafted email that loads an arbitrary JavaScript code, exploiting a newly discovered cross-site scripting flaw. Roundcube has released security … Read more

Russian hackers exploit Roundcube zero-day to steal govt emails

October 25, 2023 at 09:19AM The Winter Vivern Russian hacking group has been targeting European government entities and think tanks since at least October 11. They have been exploiting a Roundcube Webmail zero-day vulnerability and using phishing emails to inject arbitrary JavaScript code. The group has also targeted Zimbra and previously exploited vulnerabilities in Roundcube … Read more

Ex-NSA Employee Pleads Guilty to Leaking Classified Data to Russia

October 24, 2023 at 12:30PM A former NSA employee, Jareh Sebastian Dalke, has pleaded guilty to charges of attempting to transmit classified defense information to Russia. Dalke used an encrypted email account to send excerpts of classified documents to an individual he believed to be a Russian agent, but was actually an FBI employee. He … Read more

DoNot Team’s New Firebird Backdoor Hits Pakistan and Afghanistan

October 23, 2023 at 02:09PM DoNot Team, a threat actor suspected to be of Indian origin, has been using a new .NET-based backdoor called Firebird to target victims in Pakistan and Afghanistan. The attack also involves a downloader named CSVtyrei. Kaspersky discovered the attack and noted ongoing development efforts. Transparent Tribe, another hacking group, has … Read more

Sophisticated MATA Framework Strikes Eastern European Oil and Gas Companies

October 19, 2023 at 10:21AM The MATA backdoor framework has been used in a cyber espionage operation targeting Eastern European companies in the oil and gas sector and defense industry. Spear-phishing emails were used to deliver malware, exploiting a vulnerability in Internet Explorer. The MATA framework is linked to the Lazarus Group and a new … Read more

Iran-Linked OilRig Targets Middle East Governments in 8-Month Cyber Campaign

October 19, 2023 at 06:39AM Between February and September 2023, the Iran-linked threat actor, OilRig, conducted an eight-month cyber espionage campaign against an unnamed Middle East government. The attack involved the theft of files and passwords, as well as the deployment of a PowerShell backdoor called PowerExchange. Additional malware used included Tokel, Dirps, and Clipog. … Read more