June 5, 2024 at 08:00AM Mandiant’s new threat research revealed a resurgence in criminal extortion in 2023, with more ransomware investigations and a 75% increase in data leak site postings. The use of data exfiltration and breach-shaming in ransomware attacks is growing, with criminals exploring payment in Monero cryptocurrency. The report highlights evolving ransomware techniques … Read more
May 22, 2024 at 01:40PM China-linked state-backed hackers are using operational relay box (ORB) networks as proxy meshes for cyberespionage operations. These ORBs involve hybrid combinations of VPS services and compromised IoT devices. Two networks, ORB3/SPACEHOP and ORB2/FLORAHOX, are being used for reconnaissance and vulnerability exploitation, creating challenges for detection and attribution. Attackers are evading … Read more
January 16, 2024 at 05:36AM Volexity has observed widespread exploitation of two zero-day vulnerabilities in Ivanti Connect Secure VPN appliances by threat actors, including the group UTA0178. These vulnerabilities allow attackers to execute arbitrary commands and compromise internal networks. While the attacks were initially targeted, they have now become widespread, affecting organizations globally, particularly in … Read more
November 9, 2023 at 03:07AM Russian cyberattack group Sandworm was responsible for the coordinated cyberattack and power outage in Ukraine last year, according to Mandiant’s threat intel team. The attack targeted a power plant, compromising its operational technology (OT) environment through a hypervisor hosting a supervisory control and data acquisition (SCADA) management instance. Sandworm executed … Read more