September 24, 2024 at 01:37AM An advanced persistent threat (APT) linked to Iran’s Ministry of Intelligence and Security (MOIS) provides initial access to Iranian state hacking groups, targeting valuable networks across sectors like government, media, and telecommunications. UNC1860 deploys a range of custom malware tools and backdoors to establish a foothold, staying undetected by focusing … Read more
September 21, 2024 at 11:37AM The hacktivist group Twelve has been observed conducting destructive cyber attacks against Russian targets. They encrypt victims’ data and destroy infrastructure, causing maximum damage without financial gain. The group, linked to the Russo-Ukrainian war, utilizes various tools and tactics, sharing similarities with the ransomware group DARKSTAR. Their attacks involve exploiting … Read more
August 7, 2024 at 10:07PM Symantec’s threat hunters have observed an increase in state-sponsored cyber spies and criminals using legitimate cloud services for attacking victims. The criminals are making use of platforms like Google Drive and Microsoft for free accounts, along with encryption to avoid detection. Symantec has identified several campaigns and published a list … Read more
June 20, 2024 at 01:49PM Threat actor UNC3886, suspected to be Chinese, uses open-source rootkits like ‘Reptile’ and ‘Medusa’ on VMware ESXi virtual machines to conduct credential theft, command execution, and lateral movement. Mandiant tracked UNC3886’s attacks on government organizations and revealed their recent use of rootkits, custom malware tools, and attacks targeting various industries … Read more