October 11, 2024 at 07:05PM Researchers at Palo Alto’s Unit 42 suggest that the INC ransomware group has rebranded as Lynx following a notable period of attacks. Comparisons reveal a 70.8% code overlap, indicating a shared foundation. Despite INC’s recent activity, both groups exhibit similarities in their operations and web presence, raising questions about their … Read more
October 9, 2024 at 07:37PM The cyberespionage group GoldenJackal hacked air-gapped government and diplomatic PCs using custom malware twice, targeting a European government from May 2022 to March 2024 and a South Asian embassy in 2019. This Russian-speaking group has developed sophisticated tools over several years, employing various infection methods for data theft. ### Meeting … Read more
October 7, 2024 at 10:56AM Criminal IP, an AI SPERA Cyber Threat Intelligence (CTI) search engine, has partnered with Hybrid Analysis for advanced threat research. This integration offers deeper insights into malware and domain analysis, filtering out false positives and providing enhanced threat profiles. Criminal IP enhances Hybrid Analysis with real-time domain scanning and AI-powered … Read more
September 9, 2024 at 03:44AM Earth Preta has enhanced its attacks by incorporating new malware and strategies, such as the propagation of PUBLOAD via a variant of the worm HIUPAN. Additional tools like FDMTP and PTSOCKET are utilized to extend control and data exfiltration capabilities. These attacks are highly targeted and time-sensitive, focusing on specific … Read more
September 4, 2024 at 03:51AM Summary: The Chinese-speaking threat actor Earth Lusca has been found using a new multiplatform backdoor named KTLVdoor, which is highly obfuscated and has both Windows and Linux versions. The malware allows attackers to carry out various tasks and features sophisticated encryption and obfuscation techniques. The attack campaign involves significant infrastructure … Read more
September 3, 2024 at 11:00AM Cicada3301, a new ransomware-as-a-service, is impersonating the legitimate Cicada 3301 organization, conducting cyber attacks and recruiting affiliates. This operation uses double-extortion tactics and targets specific file extensions on Windows and Linux/VMware ESXi systems. Its strategic design is aimed at maximizing damage in enterprise environments and pressuring victims to pay ransoms. … Read more
August 23, 2024 at 05:12PM A new version of XenoRAT malware called MoonPeak, with ties to North Korea’s Kimsuky group, is actively evolving and deploying complex infrastructure for command and control. It exhibits functional changes from the original XenoRAT, making detection challenging. Cisco Talos discovered the variant, analyzing its code modifications, infrastructure changes, and connections … Read more
August 21, 2024 at 07:33AM The Styx Stealer, a new information stealer, was found to have leaked data related to clients, profit information, nicknames, phone numbers, and email addresses due to an operational security lapse by the operator. It is advertised for $75 a month and linked to a Turkey-based threat actor. Check Point uncovered … Read more
August 16, 2024 at 07:45AM Cybercriminals are promoting Banshee Stealer, a new macOS malware capable of stealing various data from compromised systems. Advertised for $3,000/month, it targets macOS passwords, hardware/software info, keychain passwords, browser data, and cryptocurrency wallets. While it evades detection by checking for analysis signs, its evasion methods are basic, leaving it susceptible … Read more
August 15, 2024 at 03:21AM A new threat actor, known as Actor240524, has launched cyber attacks targeting Azerbaijan and Israel to steal sensitive data, using spear-phishing emails and malware like ABCloader and ABCsync. The attacks aim to avoid detection through anti-sandbox and anti-analysis techniques. NSFOCUS attributes the attacks to disrupt the cooperative relationship between the … Read more