Kremlin’s Sandworm blamed for cyberattacks on US, European water utilities

April 17, 2024 at 04:04PM The notorious Russian military cyber unit, Sandworm, linked to GRU intelligence, engaged in cyberattacks on US and European water and hydroelectric utilities, causing disruptions and a water tank overflow. The group has targeted Ukraine and also impacted US and European critical infrastructure. Mandiant warned of the ongoing threat posed by … Read more

Russian Hackers Use ‘WINELOADER’ Malware to Target German Political Parties

March 23, 2024 at 02:33AM Russian-linked hacking group, APT29, has been identified using the WINELOADER backdoor in cyber attacks on diplomatic entities and German political parties. The malware, distributed through wine-tasting phishing emails, allowed for espionage activities, marking a shift in APT29’s focus. This discovery coincides with the arrest of a German military officer involved … Read more

Russian APT29 Hackers Caught Targeting German Political PartiesĀ 

March 22, 2024 at 12:48PM Mandiant discovered Russia’s APT29 hacking group targeting German political parties, marking a potential shift from diplomatic targets. The group used phishing emails with a malware dropper and backdoor to infiltrate systems. Mandiant noted the group’s evolving tactics and previous high-profile attacks, cautioning about their adaptability and broad threat to Western … Read more

China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws

March 22, 2024 at 08:33AM A China-linked threat group utilized security flaws in Connectwise ScreenConnect and F5 BIG-IP to distribute custom malware for creating backdoors on compromised Linux hosts. The group, tracked as UNC5174, has targeted various organizations, including research institutions and government entities in the U.S. and U.K. They have also been observed trying … Read more

Recent SSRF Flaw in Ivanti VPN Products Undergoes Mass Exploitation

February 6, 2024 at 03:15AM A server-side request forgery (SSRF) vulnerability in Ivanti products is being widely exploited, leading to mass attacks from over 170 unique IP addresses. The exploit allows unauthorized access to restricted resources. Security firm Rapid7 released a proof-of-concept exploit, and outdated open-source components in Ivanti VPN appliances pose further security risks. … Read more

Warning: New Malware Emerges in Attacks Exploiting Ivanti VPN Vulnerabilities

February 1, 2024 at 03:33AM Mandiant, owned by Google, reported identifying new malware used by espionage threat actor UNC5221 targeting Ivanti Connect Secure VPN and Policy Secure devices. The malware includes web shells like BUSHWALK, CHAINLINE, FRAMESTING, and a variant of LIGHTWIRE, enabling arbitrary command execution and data exfiltration. Ivanti has disclosed and fixed security … Read more

Italian Businesses Hit by Weaponized USBs Spreading Cryptojacking Malware

January 31, 2024 at 06:22AM UNC4990, a financially motivated threat actor, is using weaponized USB devices to infect organizations in Italy. The attacks target various industries and involve utilizing third-party websites to host and download additional stages of the attack. UNC4990 operates out of Italy and has been active since late 2020. The end goal … Read more

Chinese Spies Exploited Critical VMware Bug for Nearly 2 Years

January 22, 2024 at 05:12PM A critical VMware vulnerability, CVE-2023-34048, was exploited by a Chinese APT, UNC3886, since late 2021 as a zero-day. The group utilized this to gain remote code-execution capabilities and compromise ESXi hosts. Organizations must ensure patching was effective, as many may still be vulnerable due to various challenges in deploying patches. … Read more

Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 Years

January 20, 2024 at 06:45AM A China-linked cyber espionage group, UNC3886, exploited a zero-day vulnerability (CVE-2023-34048) in VMware vCenter Server, allowing privileged access and deployment of malware. These actions enable further exploitation of VMware flaws. VMware advises users to update to avoid potential threats. Additionally, UNC3886 utilized a Fortinet flaw (CVE-2022-41328) to implant malware, targeting … Read more

Russians invade Microsoft’s exec mail while China jabs at VMware vCenter Server

January 19, 2024 at 07:15PM Chinese cyberspies have been exploiting a VMware security vulnerability, CVE-2023-34048, allowing them to hijack vulnerable servers. Meanwhile, a Moscow-backed group breached a small percentage of Microsoft corporate email accounts. Additionally, CISA issued an emergency directive to mitigate Ivanti Connect Secure zero-days, likely targeted by Chinese nation-state attackers. Persistent concerns exist … Read more