April 26, 2024 at 10:23AM A campaign named “Dev Popper” is targeting developers with fake job interviews to trick them into downloading and running a Python remote access trojan (RAT), enabling the threat actors to gather system information and gain remote access. Analysts suspect North Korean involvement based on observed tactics. Similar tactics have been … Read more
April 24, 2024 at 10:48AM An elite team of Iranian hackers infiltrated US companies and government agencies’ employee accounts in a multiyear cyber espionage campaign, aiming to steal military secrets. Entities including the US Departments of Treasury and State, defense contractors, and a hospitality company were compromised. Four Iranian nationals have been indicted, but their … Read more
April 24, 2024 at 10:10AM The US has charged and sanctioned four Iranian nationals for their alleged roles in cyber attacks on US companies and government departments. They worked for fake companies linked to Iran’s military, carrying out multiple computer intrusions using methods like spearphishing and social engineering. The accused face up to 35 years … Read more
April 23, 2024 at 04:00PM Four Iranian nationals were indicted in Manhattan federal court for conducting a cyber-espionage campaign targeting U.S. government departments, defense contractors, and private firms, using sophisticated hacking techniques to access and compromise critical systems. The group, still at large, is accused of targeting over a dozen private US companies, primarily cleared … Read more
March 2, 2024 at 12:18AM The U.S. Department of Justice unsealed an indictment against an Iranian national, Alireza Shafie Nasab, for his alleged involvement in a cyber campaign targeting U.S. entities. The campaign involved spear-phishing and hacking techniques, leading to more than 200,000 victim devices being infected. Nasab faces significant prison time if convicted and … Read more
March 1, 2024 at 09:57AM The US Justice Department announced charges against Iranian national Alireza Shafie Nasab, accused of involvement in hacking operations targeting government and private sector organizations. His firm, Mahak Rayan Afraz, linked to cyberespionage, had ties to the IRGC. Nasab, now at large, faces charges carrying up to 20-year prison sentences, with … Read more
February 22, 2024 at 02:49PM Russian-linked threat actors carried out Operation Texonto, a multi-wave campaign targeting Ukraine. The operation involved PsyOps and spear-phishing to spread misinformation and steal Microsoft 365 credentials across Europe. It ran in two waves from October-December 2023. The tactics employed aimed to influence Ukrainian citizens and featured fake Microsoft login pages … Read more
February 21, 2024 at 01:15AM A recently discovered influence operation targeted Ukraine, using spam emails to spread war-related disinformation. Slovak cybersecurity company ESET linked the activity to Russia-aligned threat actors, uncovering spear-phishing campaigns and disinformation emails with PDF attachments. The campaign, named Operation Texonto, sent messages to Ukrainian government, energy companies, and individuals, while also … Read more
February 16, 2024 at 02:03AM The U.S. government disrupted a botnet using SOHO routers linked to APT28 for cyber-espionage against U.S. and foreign targets. The botnet, dubbed MooBot, allowed threat actors to harvest credentials and conceal their location. The operation, known as Dying Ember, involved deleting stolen data and modifying firewall rules to block access. … Read more
February 4, 2024 at 12:19PM Russian state-sponsored APT28 group has been actively conducting NTLM v2 hash relay attacks since April 2022, targeting various industries worldwide. Managed by Russia’s GRU military intelligence, the group employs multiple aliases and has a history of spear-phishing and using router vulnerabilities to carry out attacks. Their tactics continue to evolve … Read more