February 12, 2024 at 05:05AM An ongoing campaign targeting Microsoft Azure corporate clouds has compromised dozens of environments and hundreds of user accounts. The attacks involve data exfiltration, financial fraud, and impersonation across various industries and geographic regions. The threat actors show sophistication and adaptability, using tailor-made phishing and diverse toolkits. To defend against this, … Read more
January 19, 2024 at 10:03PM TA866, a threat actor, has returned after a hiatus, launching a large phishing campaign to distribute malware such as WasabiSeed and Screenshotter. The campaign targeted North America with PDFs containing OneDrive URLs that initiate a multi-step infection chain. Other actors, such as TA571, are involved in spam email campaigns to … Read more
January 5, 2024 at 03:06PM TA444, a North Korean state-backed threat actor, has introduced “SpectralBlur,” a new macOS-targeting malware. It offers various capabilities, including file upload/download, shell execution, and command execution. This development underscores the group’s consistent generation of proprietary malware. The malware shares similarities with Lazarus Group’s tools, indicating a significant focus on macOS … Read more
November 14, 2023 at 09:57AM The pro-Palestinian cyber espionage group, TA402, has developed a new tool called IronWind to target government agencies in the Middle East and North Africa. Despite the conflict in the region, TA402 continues to operate and has shown sophistication in its tactics. The group uses geofencing to limit attacks and has … Read more
November 7, 2023 at 05:24AM October 2023 saw a total of 31 cybersecurity-related merger and acquisition (M&A) deals. Some notable acquisitions include Arctic Wolf’s acquisition of Revelstoke to enhance its security orchestration, automation, and response (SOAR) capabilities, and Okta’s acquisition of Uno to accelerate the release of its consumer password manager. Other acquisitions were made … Read more