April 17, 2024 at 08:48AM Mandiant’s report details the recent activities of the Russian Sandworm group, now tracked as APT44, known for disruptive malware and cyber operations tied to conventional military activities. APT44 has been linked to several cyber incidents, hacktivist personas, supply chain attacks, and espionage activities, uncovering new connections and disruptive tactics. Summary: … Read more
March 22, 2024 at 06:07PM Chinese spies exploited critical-severity bugs in F5 and ConnectWise equipment to gain access to US defense organizations, UK government agencies, and other entities, according to Mandiant. The exploits were attributed to a group known as UNC5174, who also targeted other vulnerabilities and used custom software and a remote command-and-control framework … Read more
February 29, 2024 at 09:27AM Iranian hackers have been utilizing Microsoft Azure cloud infrastructure in attacks on aerospace, aviation, and defense organizations in the Middle East, particularly in Israel and the UAE. The hacking group, UNC1549, has deployed two backdoors named MiniBike and MiniBus. These activities are linked to Iran’s Islamic Revolutionary Guard Corps. Mandiant … Read more
January 22, 2024 at 06:12AM Mandiant reports that a Chinese cyberespionage group exploited a zero-day vulnerability in VMware vCenter Server (CVE-2023-34048) since 2021. The flaw allows remote code execution and was actively exploited, with evidence suggesting a sophisticated China-linked group, UNC3886, as responsible. VMware released patches and urged customers to apply them promptly. Key Takeaways … Read more
January 19, 2024 at 11:38AM Summary: A Chinese hacking group exploited a vCenter Server vulnerability (CVE-2023-34048) as a zero-day since late 2021, using it to breach targets’ servers, escalate privileges, and exfiltrate files. The group, UNC3886, also targeted Fortinet firewall devices with a zero-day. Its preferred targets include defense, government, telecom, and tech sectors in … Read more