PandaBuy pays ransom to hacker only to get extorted again

June 6, 2024 at 11:18AM Pandabuy, a Chinese shopping platform, revealed to BleepingComputer that it paid a ransom to prevent stolen data from being leaked. The threat actor, known as ‘Sanggiero’, attempted to extort the company again, claiming to have 17 million rows of data. Pandabuy confirmed fixing previous vulnerabilities and ceased cooperation with the … Read more

Ransomware Gang Leaks Data From Australian Mining Company

June 5, 2024 at 05:06AM Northern Minerals, an Australian rare-earth metals producer, fell victim to a data breach by the BianLian ransomware gang. Exfiltrated data, including operational, financial, and personal information, was released on the dark web. Despite the breach, the company’s operations and systems were not materially impacted. The incident coincided with political developments, … Read more

ShinyHunters claims Santander breach, selling data for 30M customers

May 31, 2024 at 11:51AM ShinyHunters, a notorious threat actor, is allegedly selling a massive trove of Santander Bank’s data, impacting 30 million customers and employees. This follows a recent data breach affecting the bank. ShinyHunters is known for similar activities and has a history of selling stolen data from various companies. The legitimacy of … Read more

Iran most likely to launch destructive cyber-attack against US – ex-Air Force intel analyst

May 10, 2024 at 05:15PM China is the top cyber threat to the US government, critical infrastructure, and private-sector networks, according to the nation’s intelligence community. However, cybersecurity strategist Crystal Morin believes a destructive cyber-attack against the US would come from Iran before any other source. She concurs with US spy agencies that China remains … Read more

Muddling Meerkat hackers manipulate DNS using China’s Great Firewall

April 29, 2024 at 04:27PM A new cluster of activity known as “Muddling Meerkat” is linked to a Chinese state-sponsored threat actor manipulating global DNS systems since October 2019. Notable for its manipulation of MX records through China’s Great Firewall, the activity exhibits advanced capabilities to provoke false responses and prompt fake DNS queries. The … Read more

North Korea’s Lazarus Group Deploys New Kaolin RAT via Fake Job Lures

April 25, 2024 at 01:51PM The Lazarus Group utilized job lures to distribute the Kaolin RAT, enabling deployment of the FudModule rootkit. This advanced operation, deemed overkill by Avast, involves a multi-stage sequence to ultimately establish communications with the RAT’s C2 server. The malware is capable of various operations including file manipulation and process execution, … Read more

UNDP, City of Copenhagen Targeted in Data-Extortion Cyberattack

April 19, 2024 at 02:24PM The UNDP experienced a cyberattack in late March, impacting its IT infrastructure and the city of Copenhagen, Denmark. Data, including human resources and procurement information, was stolen. The agency is assessing the attack’s scope, identifying affected data, contacting impacted individuals and stakeholders, and addressing the breach. A ransomware gang, 8Base, … Read more

‘Sandworm’ Group Is Russia’s Primary Cyberattack Unit in Ukraine

April 17, 2024 at 06:07AM The Sandworm hacker group, APT44, has been supporting Russian military objectives in Ukraine while expanding cyberthreat operations globally. Mandiant’s analysis found Sandworm to be integrated with Russia’s GRU, potent in cyberattacks, and broad in its global targeting. Sandworm has used CyberArmyofRussia_Reborn and focuses on espionage while using legitimate tools to … Read more

10-Year-Old ‘RUBYCARP’ Romanian Hacker Group Surfaces with Botnet

April 9, 2024 at 10:45AM RUBYCARP, a suspected Romanian threat group, has been running a botnet for over 10 years, using it for crypto mining, DDoS, and phishing. The group utilizes various public exploits and brute-force attacks, communicates through IRC networks, and employs a malware called ShellBot. Their activities include exploiting security flaws, creating a … Read more

CL0P’s Ransomware Rampage – Security Measures for 2024

April 9, 2024 at 08:27AM In 2023, the CL0P ransomware gang rose to prominence as one of the most active and successful groups worldwide, known for aggressive tactics targeting large organizations. Their methods included Ransomware-as-a-Service and quadruple extortion, significantly impacting ransomware payments. SecurityHQ highlighted the need for proactive defense, threat monitoring, and industry-specific security measures … Read more