DPRK’s APT37 Targets Cambodia With Khmer, ‘VeilShell’ Backdoor

October 3, 2024 at 09:03PM APT37, a North Korean state-sponsored threat actor, has targeted Cambodian organizations with a new campaign called “Shrouded#Sleep.” Through spreading malicious emails related to Cambodian affairs in the Khmer language, APT37 introduces a backdoor called “VeilShell” disguised as shortcut files in an infection routine. This campaign demonstrates sophisticated persistence and stealth … Read more

North Korea-Linked Malware Targets Developers on Windows, Linux, and macOS

July 31, 2024 at 09:45AM A malware campaign, DEV#POPPER, is targeting software developers across Windows, Linux, and macOS systems. Linked to North Korea, the threat actors use social engineering to trick victims into divulging information or downloading malicious software. The campaign uses obfuscated JavaScript and Python backdoors, along with enhanced obfuscation and remote monitoring to … Read more

Ukraine Military Targeted With Russian APT PowerShell Attack

February 1, 2024 at 03:56PM A Russian advanced persistent threat (APT) group, believed to be related to Shuckworm, has initiated a targeted PowerShell attack campaign against the Ukrainian military using a newly discovered backdoor, STEADY#URSA. The attackers employ various evasion and obfuscation techniques, and their approach involves distributing malicious payloads through phishing emails and USB … Read more

Hackers target Microsoft SQL servers in Mimic ransomware attacks

January 9, 2024 at 01:57PM Financially motivated Turkish hackers are targeting Microsoft SQL servers worldwide, encrypting victims’ files using Mimic ransomware. Tracked as RE#TURGENCE, the attacks have hit targets in the EU, US, and Latin America. The hackers compromise insecure MSSQL servers using brute force attacks, then deploy ransomware payloads and execute other malicious activities. … Read more

Turkish Hackers Target Microsoft SQL Servers in Americas, Europe

January 9, 2024 at 11:24AM A new report from cybersecurity firm Securonix warns that financially motivated threat actors based in Turkey have been targeting Microsoft SQL Server databases with ransomware attacks. The campaign, primarily aimed at organizations in the US, Europe, and Latin America, involves various malicious activities including brute-forcing credentials, executing shell commands, and … Read more

Wiz-Securonix Partnership Promises Unified Threat Detection

November 30, 2023 at 09:31AM Securonix and Wiz have partnered to offer a comprehensive security solution across cloud and on-premises environments. Their integrated system combines Wiz’s cloud analysis with Securonix’s threat detection to improve enterprises’ risk visibility and threat response. The goal is to enhance security teams’ abilities to detect threats and understand their impact … Read more