Google: Russian FSB hackers deploy new Spica backdoor malware

January 18, 2024 at 11:03AM Google’s Threat Analysis Group (TAG) has uncovered a Russian-backed hacking group, ColdRiver, spreading previously unknown backdoor malware through fake PDF decryption tools. The malware, named Spica, allows attackers to establish control over compromised devices and steal sensitive information. Google has taken action to protect users and has linked ColdRiver to … Read more

ShinyHunters member gets 3 years in prison for breaching 60 firms

January 10, 2024 at 09:51AM Sebastien Raoult, a member of the ShinyHunters hacking group, was sentenced to 3 years in prison in the U.S. for conspiracy to commit wire fraud and identity theft, with a $5,000,000 restitution order. His activities caused financial damages exceeding $6 million by stealing personal information and selling it on the … Read more

Stealthy KV-botnet hijacks SOHO routers and VPN devices

December 13, 2023 at 05:50PM The Chinese state-sponsored hacking group Volt Typhoon, also known as Bronze Silhouette, has been linked to the sophisticated botnet ‘KV-botnet’ since 2022. The group targets SOHO routers, firewalls, and VPN devices, aiming to disrupt critical communications infrastructure. The botnet’s activities indicate a focus on espionage and information gathering, with recent … Read more

Kelvin Security hacking group leader arrested in Spain

December 11, 2023 at 09:34AM Spanish police have arrested a leader of the ‘Kelvin Security’ hacking group responsible for 300 cyberattacks in 90 countries since 2020. The group targeted government institutions and critical infrastructure, with notable breaches including Vodafone Italia and U.S. firm Frost & Sullivan. The arrest aims to uncover co-conspirators and data buyers. … Read more

UK and South Korea: Hackers use zero-day in supply-chain attack

November 24, 2023 at 01:28PM The National Cyber Security Centre (NCSC) and Korea’s National Intelligence Service (NIS) have issued a joint advisory warning about a hacking group called Lazarus, based in North Korea. The group has been using a zero-day vulnerability in the MagicLine4NX software, developed by South Korean company Dream Security, to conduct supply-chain … Read more

Microsoft extends Purview Audit log retention after July breach

October 19, 2023 at 04:27PM Microsoft is extending Purview Audit log retention following the breach of Exchange and Microsoft 365 accounts by the Chinese hacking group Storm-0558. The affected organizations included government agencies, with the US State and Commerce Departments among them. The changes will roll out to customers with Standard licenses, providing longer retention … Read more