December 10, 2024 at 05:00AM Radiant Capital was targeted by a North Korean threat actor in a $50 million heist on October 16. Malware infected developers’ devices, enabling fraudulent transactions during normal operations. The attack, linked to group UNC4736, started in September through a deceptive Telegram message and exploited various blockchain platforms before erasing evidence. … Read more
December 9, 2024 at 03:29PM Radiant Capital attributed a $50 million cryptocurrency heist to North Korean hackers known as Citrine Sleet, following a cyberattack on October 16. The attack involved sophisticated malware evading security measures. Radiant is working with U.S. law enforcement to recover stolen funds and emphasizes the need for improved transaction security. **Meeting … Read more
November 13, 2024 at 07:21AM A Chinese state-sponsored hacking group has compromised two Tibetan community websites to install malware on users’ computers, according to a cybersecurity group. The attack highlights ongoing cybersecurity threats targeting specific communities. ### Meeting Notes Takeaways: 1. **Incident Overview**: – A hacking group, suspected to be state-sponsored by China, has compromised … Read more
October 24, 2024 at 06:06AM The Lazarus Group exploited a now-patched zero-day vulnerability in Google Chrome to control devices by targeting cryptocurrency sector individuals via a fake game website. Disguised as a decentralized finance game, the attack, discovered by Kaspersky, began in February 2024 and involved advanced social engineering tactics. ### Meeting Takeaways on Lazarus … Read more
October 16, 2024 at 10:08AM North Korean hacking group ScarCruft executed a large-scale attack in May using an Internet Explorer zero-day vulnerability (CVE-2024-38178) to disseminate the RokRAT malware via deceptive toast ads. A joint report from South Korea’s NCSC and AhnLab highlights the threat, with Microsoft releasing a security update in August 2024. **Meeting Notes … Read more
September 23, 2024 at 11:18AM A new version of the Necro Trojan malware for Android infected 11 million devices through Google Play via malicious advertising SDK. The Trojan was found in legitimate apps like Wuta Camera and Max Browser, with Kaspersky identifying obfuscation techniques used to hide malicious activities. Outside Google Play, it spread through … Read more
September 19, 2024 at 10:30AM A new malware called SambaSpy targets Italian users through phishing. It uses HTML attachments or links to deploy a multi-functional RAT payload. The attack chains involve redirecting to a legitimate invoice or a malicious web server. SambaSpy can perform various functions, such as managing files, remote desktop, keylogging, and stealing … Read more
September 18, 2024 at 11:50AM Dr.Web, a Russian anti-malware company, revealed a security breach on Tuesday following a cyberattack over the weekend. Based on the meeting notes, it appears that Russian anti-malware company Doctor Web (Dr.Web) experienced a security breach after a cyberattack over the weekend. This information should be communicated transparently and promptly to … Read more
September 15, 2024 at 02:18PM A new malware campaign locks users in their browser’s kiosk mode to prompt them for Google credentials, which are then stolen by information-stealing malware. This uncommon method serves to frustrate and deceive users into entering sensitive information. Based on the meeting notes, it appears that a malware campaign has been … Read more
September 11, 2024 at 09:41AM Researchers from the Acronis Threat Research Unit discovered an attack dubbed “WordDrone,” targeting Taiwanese drone makers. The attack involves weaponizing an old version of Microsoft Word to install a persistent backdoor, ClientEndPoint. There are similarities to a previous “TIDrone” campaign, with the attackers possibly exploiting a side-loading flaw in the … Read more