May 31, 2024 at 11:51AM ShinyHunters, a notorious threat actor, is allegedly selling a massive trove of Santander Bank’s data, impacting 30 million customers and employees. This follows a recent data breach affecting the bank. ShinyHunters is known for similar activities and has a history of selling stolen data from various companies. The legitimacy of … Read more
May 10, 2024 at 05:15PM China is the top cyber threat to the US government, critical infrastructure, and private-sector networks, according to the nation’s intelligence community. However, cybersecurity strategist Crystal Morin believes a destructive cyber-attack against the US would come from Iran before any other source. She concurs with US spy agencies that China remains … Read more
April 29, 2024 at 04:27PM A new cluster of activity known as “Muddling Meerkat” is linked to a Chinese state-sponsored threat actor manipulating global DNS systems since October 2019. Notable for its manipulation of MX records through China’s Great Firewall, the activity exhibits advanced capabilities to provoke false responses and prompt fake DNS queries. The … Read more
April 25, 2024 at 01:51PM The Lazarus Group utilized job lures to distribute the Kaolin RAT, enabling deployment of the FudModule rootkit. This advanced operation, deemed overkill by Avast, involves a multi-stage sequence to ultimately establish communications with the RAT’s C2 server. The malware is capable of various operations including file manipulation and process execution, … Read more
April 19, 2024 at 02:24PM The UNDP experienced a cyberattack in late March, impacting its IT infrastructure and the city of Copenhagen, Denmark. Data, including human resources and procurement information, was stolen. The agency is assessing the attack’s scope, identifying affected data, contacting impacted individuals and stakeholders, and addressing the breach. A ransomware gang, 8Base, … Read more
April 17, 2024 at 06:07AM The Sandworm hacker group, APT44, has been supporting Russian military objectives in Ukraine while expanding cyberthreat operations globally. Mandiant’s analysis found Sandworm to be integrated with Russia’s GRU, potent in cyberattacks, and broad in its global targeting. Sandworm has used CyberArmyofRussia_Reborn and focuses on espionage while using legitimate tools to … Read more
April 9, 2024 at 10:45AM RUBYCARP, a suspected Romanian threat group, has been running a botnet for over 10 years, using it for crypto mining, DDoS, and phishing. The group utilizes various public exploits and brute-force attacks, communicates through IRC networks, and employs a malware called ShellBot. Their activities include exploiting security flaws, creating a … Read more
April 9, 2024 at 08:27AM In 2023, the CL0P ransomware gang rose to prominence as one of the most active and successful groups worldwide, known for aggressive tactics targeting large organizations. Their methods included Ransomware-as-a-Service and quadruple extortion, significantly impacting ransomware payments. SecurityHQ highlighted the need for proactive defense, threat monitoring, and industry-specific security measures … Read more
March 25, 2024 at 05:30PM Seven Chinese nationals have been charged by the US and the UK for their involvement in the activities of threat group APT31. Based on the meeting notes, the key takeaways are: 1. The US and the UK have jointly charged seven Chinese nationals for operating as part of threat group … Read more
March 14, 2024 at 04:21AM Blind Eagle threat actor employs Ande Loader to distribute RATs, targeting Spanish-speaking users in the North American manufacturing industry through phishing emails. This expansion includes leveraging RAR and BZ2 archives to activate the infection chain. Additionally, an alternative attack sequence via Discord CDN link distributes NjRAT. Crypters written by Roda … Read more