September 26, 2024 at 12:35AM A threat actor known as “SloppyLemming,” identified as an advanced persistent threat (APT) by Crowdstrike, is conducting espionage against government and law enforcement targets in the Indian subcontinent. They utilize Cloudflare Worker cloud services and various tools in phishing attack chains for credential harvesting and email compromise, targeting sensitive organizations … Read more
July 15, 2024 at 02:24PM The Iranian-backed MuddyWatter hacking group has developed a new custom malware called BugSleep. Analysts at Check Point Research discovered the malware being distributed via well-crafted phishing lures. This new backdoor, actively developed and partially distributed, signals a shift from the group’s previous tactics. MuddyWatter’s cyber-espionage campaigns target various global industries. … Read more
June 14, 2024 at 10:27AM Pakistan-based threat actors, identified as Cosmic Leopard and UTA0137, have targeted Indian government entities in separate espionage campaigns. Operation Celestial Force, ongoing since 2018, utilizes Android and Windows malware to target individuals in defense, government, and related technology sectors. Similarly, UTA0137 has been using the ‘Disgomoji’ malware to access Linux … Read more
January 31, 2024 at 03:00AM Pawn Storm, also known as APT28 and Forest Blizzard, has been utilizing brute force and stealth tactics to launch NTLMv2 hash relay attacks against high-value targets, particularly government departments, from April 2022 to November 2023. The group’s aggressive and repetitive spear-phishing campaigns mask their advanced and stealthy post-exploitation actions, often … Read more
November 14, 2023 at 09:57AM The pro-Palestinian cyber espionage group, TA402, has developed a new tool called IronWind to target government agencies in the Middle East and North Africa. Despite the conflict in the region, TA402 continues to operate and has shown sophistication in its tactics. The group uses geofencing to limit attacks and has … Read more
November 1, 2023 at 02:49PM Threat actors are targeting government, technical, and legal organizations globally by exploiting the ‘Citrix Bleed’ vulnerability (CVE-2023-4966) in Citrix NetScaler ADC and Gateway appliances. The attacks have been ongoing since August 2023 and involve credential theft and lateral movement. The attacks are difficult to detect due to limited forensic evidence. … Read more