September 26, 2024 at 05:32PM Unit 42 researchers discovered a new variant of the RomCom malware, named SnipBot, used in attacks targeting diverse sectors to steal data and pivot on networks. It employs an extended set of 27 commands for data exfiltration and evades sandboxes through various techniques. Initial vectors include phishing emails and fake … Read more
September 25, 2024 at 03:48AM A new phishing campaign targets transportation and logistics companies in North America, using compromised email accounts to distribute information stealers and remote access trojans. The campaign has evolved with new infrastructure and techniques, including the use of ClickFix to trick victims into downloading malware. Several stealer malware strains have also … Read more
September 24, 2024 at 02:33PM Russia’s use of evolving malware to support its military efforts in Ukraine continues, with a 90 percent increase in incidents involving malware infections. The tactics include impersonating others and using messaging apps to deliver malware. Russia is also targeting energy infrastructure organizations with destructive cyberattacks, including supply chain attacks, in … Read more
September 12, 2024 at 07:18AM Iranian state-sponsored threat actor OilRig targeted Iraqi government networks in a sophisticated cyber attack. The group, also known as APT34, employed a range of custom backdoors and a new set of malware families in the campaign. The attacks involved unique command-and-control mechanisms and aimed to execute PowerShell commands and harvest … Read more
September 9, 2024 at 05:30PM Mustang Panda, a China-based cyber espionage group, has been using new strategies and malware to carry out attacks, targeting government and non-government entities mostly in the Asia-Pacific region. The group’s recent activities involve the deployment of new tools such as FDMTP and PTSOCKET to steal information from breached networks. The … Read more
September 4, 2024 at 09:48AM The FBI warns that North Korean hackers are aggressively targeting the cryptocurrency industry using sophisticated social engineering techniques. They aim to deploy malware and steal virtual assets. The attackers conduct extensive research on potential victims and engage in prolonged conversations to establish trust before delivering malware. Organizations and individuals in … Read more
September 3, 2024 at 01:47PM The FBI warns of North Korean hackers targeting cryptocurrency companies and employees with sophisticated social engineering attacks to steal crypto assets through deploying malware. Based on the meeting notes, the key takeaway is that the FBI has issued a warning about North Korean hackers employing sophisticated social engineering tactics to … Read more
August 6, 2024 at 10:19AM Increased incidents of stolen credentials have been giving rise to a thriving market for brokering initial access. Stolen credentials are commonly obtained through social engineering and malware, leading to a 24% increase in breaches. Various methods including brute force attacks are used to steal credentials, posing a major threat. Cybersecurity … Read more
August 3, 2024 at 03:41PM The Chinese hacking group StormBamboo, also known as Evasive Panda, Daggerfly, and StormCloud, has compromised an internet service provider to inject malware into automatic software updates, targeting organizations across various countries. They exploited insecure HTTP software update mechanisms, deploying malware onto victims’ devices without user interaction. They also targeted software … Read more
July 23, 2024 at 09:31AM Taipei and U.S. NGOs targeted by state-affiliated Chinese hacking group Daggerfly, using upgraded malware tools. Symantec reports the group engages in internal espionage, exploits Apache HTTP server vulnerability, and quickly adapts to continue espionage activities. New malware linked to Daggerfly includes MACMA and Nightdoor, targeting major operating systems. CVERC accuses … Read more