New Nork-ish cyberespionage outfit uncovered after three years

May 31, 2024 at 11:33AM Researchers uncovered a new cybercrime group, LilacSquid, exhibiting espionage-focused behavior akin to other North Korean state-sponsored groups. LilacSquid has targeted organizations in the US, Europe, and Asia, successfully breaching software, oil and gas, and pharmaceutical companies. The group deploys customized malware, including the heavily obfuscated PurpleInk, to evade detection. From … Read more

Iranian hackers pose as journalists to push backdoor malware

May 4, 2024 at 12:19PM APT42, an Iranian state-backed threat actor, is using social engineering, specifically posing as journalists, to breach Western and Middle Eastern corporate networks and cloud environments. The group, affiliated with Iran’s IRGC-IO, targets NGOs, media outlets, and more. They employ custom backdoors “Nicecurl” and “Tamecat” to gain access and exfiltrate data. … Read more