November 8, 2024 at 07:51AM High-profile entities in India are being targeted by the Pakistan-based Transparent Tribe and the new China-linked IcePeony cyber espionage groups. Transparent Tribe uses ElizaRAT and ApoloStealer malware, while IcePeony employs SQL Injection and web shells to steal credentials. Both groups demonstrate sophisticated attack methodologies and tools. ### Meeting Takeaways – … Read more
November 7, 2024 at 07:30PM The Chinese APT group MirrorFace has expanded its espionage activities into the European Union, utilizing SoftEther VPN. Previously known for interfering in Japanese elections, MirrorFace now targets diplomatic entities. Other China-backed groups are also adopting SoftEther VPN to avoid detection, indicating a rise in cyber espionage tactics in Europe. ### … Read more
November 7, 2024 at 06:21AM The China-aligned hacking group MirrorFace has targeted a European Union diplomatic organization using a phishing lure related to the upcoming 2025 World Expo in Japan. This marks their first attack in the EU, continuing a trend of targeting Japan and expanding into Taiwan and India since 2023. ### Meeting Takeaways … Read more
November 5, 2024 at 09:37PM Chinese government-backed hackers, Volt Typhoon, breached Singapore Telecommunications in June, marking a test for future attacks on U.S. telecoms. This is part of broader cyber intrusions targeting critical infrastructure globally, with another group, Salt Typhoon, also reportedly compromising U.S. telecoms. China denies these accusations. **Meeting Takeaways:** 1. **Volt Typhoon Cyber … Read more
November 5, 2024 at 12:36PM The FBI is investigating cyber intrusions involving malware targeting sensitive data from companies and government networks by Chinese state-sponsored groups. Reports by Sophos reveal attacks leveraging multiple vulnerabilities, shifting from widespread to targeted attacks since 2021, compromising critical infrastructure mainly in South and Southeast Asia. ### Meeting Takeaways: 1. **FBI … Read more
October 30, 2024 at 12:01PM The North Korean hacking group Andariel is linked to the Play ransomware operation, potentially as an affiliate or initial access broker. Researchers found they compromised a network to deploy Play ransomware. This collaboration may help evade sanctions, similar to tactics used by other sanctioned groups like Evil Corp and Iranian … Read more
October 29, 2024 at 05:11PM The China-sponsored hacking group Evasive Panda has launched CloudScout, a sophisticated toolset to exploit stolen Web session cookies and access data from cloud services like Google Drive and Gmail. This post-compromise tool evades authentication checks and illustrates the group’s advanced cyberespionage skills targeting civil society and political entities. ### Meeting … Read more
October 28, 2024 at 01:45PM Evasive Panda, a China-linked cyber espionage group, launched a new toolset, CloudScout, targeting Taiwanese government and religious organizations. This .NET-based malware extracts data from cloud services by hijacking authenticated sessions using stolen cookies. ESET noted the malware’s modular design includes specific functions for accessing Google Drive, Gmail, and Outlook. ### … Read more
October 25, 2024 at 12:44PM Amazon has seized domains utilized by the Russian hacking group APT29, known for sophisticated cyber-espionage targeting government entities. The phishing campaign aimed to steal Windows credentials via deceptive RDP files masquerading as AWS domains. Amazon clarified it and its cloud services were not direct targets of these attacks. **Meeting Takeaways: … Read more
October 22, 2024 at 09:22AM Trend Micro reports that the cyber espionage group Earth Simnavaz (APT34/OilRig) has intensified its attacks on Middle Eastern infrastructure, particularly in the energy sector. They exploit Microsoft Exchange vulnerabilities and utilize sophisticated tools like PowerShell scripts to evade detection, seeking persistent access to compromised networks for espionage. ### Meeting Notes … Read more