Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia

December 11, 2024 at 07:30AM A China-based threat actor has been linked to cyber attacks in Southeast Asia targeting key sectors, including government and telecoms, since October 2023. Characterized by sophisticated tools and techniques, attacks involved prolonged network access and data exfiltration. Recent activities indicate persistent cyber espionage amidst ongoing regional geopolitical tensions. ### Meeting … Read more

Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware

December 6, 2024 at 02:48AM Gamaredon, a Russian-affiliated cyber threat group, is using Cloudflare Tunnels to hide its GammaDrop malware in a spear-phishing campaign targeting Ukrainian entities since early 2024. The group employs various techniques, including HTML smuggling and DNS fast-fluxing, to evade detection and maintain access to compromised systems. ### Meeting Takeaways – December … Read more

Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers

December 5, 2024 at 06:24AM A suspected Chinese threat actor targeted a large U.S. organization between April and August 2024, compromising multiple computers and potentially exfiltrating email data. The attack used tactics, such as DLL side-loading and open-source tools. Previous links to another Chinese hacking group were also noted. Specific intrusion details remain unclear. **Meeting … Read more

Spy v Spy: Russian APT Turla Caught Stealing from Pakistani APT

December 4, 2024 at 12:02PM Russian hackers, known as Turla, spent two years infiltrating Pakistani cyberspies, gaining access to sensitive South Asian government networks. By commandeering Pakistani command servers, Turla deployed its own malware and extracted valuable data. This operation showcases their strategy of exploiting other threat actors’ infrastructures for espionage without revealing their own … Read more

Cybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New Attacks

November 25, 2024 at 07:33AM Cybersecurity researchers have identified new attack techniques targeting IaC and PaC tools like Terraform and OPA, enabling data breach through unauthorized Rego policies. Attackers exploit vulnerabilities during CI/CD processes, emphasizing the need for strict access controls, logging, and IaC scanning to mitigate risks and prevent malicious activities in cloud environments. … Read more

Hackers breach US firm over Wi-Fi from Russia in ‘Nearest Neighbor Attack’

November 22, 2024 at 02:34PM Russian state hackers APT28 breached a U.S. company by executing a “nearest neighbor attack” via its enterprise WiFi, compromising nearby organizations first. Discovered on February 4, 2022, the incident involved credential theft and sophisticated lateral movement within the target network. Enhanced WiFi security is necessary to mitigate such risks. ### … Read more

Russian Cyberespionage Group Hit 60 Victims in Asia, Europe

November 22, 2024 at 07:02AM A Russia-linked cyberespionage group, TAG-110, has targeted over 60 victims across Asia and Europe, mainly in government and education, since at least 2021. Utilizing malware like HatVibe and CherrySpy, the group’s activities align with Russian geopolitical interests, particularly in Central Asia, impacting multiple sectors and national institutions. ### Meeting Takeaways … Read more

NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data

November 21, 2024 at 01:48AM Threat hunters report an updated Python NodeStealer targeting Facebook Ads Manager and web browser credit card data. Developed by Vietnamese actors, it uses advanced techniques for data exfiltration, including avoiding detection in Vietnam. Recent phishing campaigns deploy I2Parcae RAT via ClickFix techniques, endangering users’ security and financial stability. ### Meeting … Read more

China’s ‘Liminal Panda’ APT Attacks Telcos, Steals Phone Data

November 20, 2024 at 03:38PM A new threat actor, Liminal Panda, has been spying on mobile phones in Asia and Africa for over four years, targeting telecommunications networks to gather sensitive data for potential use by the Chinese state. The group’s tactics involve network-based attacks and exploiting telecommunications infrastructure for economic and political espionage. ### … Read more

US charges five linked to Scattered Spider cybercrime gang

November 20, 2024 at 02:29PM The U.S. Justice Department has charged five members of the Scattered Spider cybercrime gang with wire fraud and identity theft, accused of stealing over $11 million from cryptocurrency wallets through SMS phishing. This loosely organized group employs varied tactics and has connections to other hacking collectives and ransomware gangs. ### … Read more