December 7, 2023 at 11:40AM The UK and US warn of Russian state-aligned Callisto Group’s global spear-phishing attacks targeting data and credentials. Active since 2015, Callisto employs sophisticated social engineering and cyber tactics, recently shifting techniques to evade detection. Two group members have been sanctioned for undermining UK democracy. Meeting Takeaways: 1. The Russian state-backed … Read more
December 7, 2023 at 10:28AM Star Blizzard, believed to be linked to Russia’s FSB, continues targeted spear-phishing attacks for intelligence gathering. They impersonate trusted contacts using researched information to deceive individuals and organizations in the UK and beyond. Numerous cyber security agencies warn of their expanded targeting since 2019, including the defense industry and energy … Read more
December 7, 2023 at 10:06AM The COLDRIVER threat actor, tracked as Star Blizzard by Microsoft and linked to Russia’s FSB, has been targeting entities aligned with Russian interests using advanced credential theft and evasion techniques. They use impersonating domains, email campaigns, and server-side scripts for phishing while avoiding detection. Recently, the U.K. sanctioned two of … Read more
December 5, 2023 at 03:12AM A new cyber threat, AeroBlade, targeted a U.S. aerospace company in a suspected espionage attempt. The BlackBerry team identified the attack, which utilized spear-phishing, remote template injection, and a malicious VBA macro. Attacks started in September 2022 and became more stealthy over time, culminating in July 2023 with a reverse … Read more
December 4, 2023 at 10:01AM BlackBerry uncovered ‘AeroBlade’, a new hacking group targeting the U.S. aerospace sector. Using spear-phishing attacks, AeroBlade deployed reverse-shell payloads for data theft, focusing on cyber espionage. The threat evolved from testing in 2022 to sophisticated attacks in 2023, with unknown origins and objectives speculated to be selling or leveraging stolen … Read more
November 17, 2023 at 08:09AM Israeli private investigator Aviram Azari has been sentenced to 80 months in prison in the US for hacking companies and individuals, earning him nearly $5 million. Azari owned an Israeli intelligence firm, Aviram Hawk or Aviram Netz, and hired hacking groups to access online accounts and steal information. Targets included … Read more
November 2, 2023 at 05:30AM MuddyWater, an Iranian nation-state actor, has launched a spear-phishing campaign targeting Israeli entities. This campaign deploys a legitimate remote administration tool from N-able called Advanced Monitoring Agent. While MuddyWater has previously used similar attack chains, this is the first time it has been observed using N-able’s software. The group is … Read more
October 27, 2023 at 12:01AM SonicWall released the findings of its 2023 SonicWall Threat Mindset Survey, revealing that 55% of its customers are more concerned about cyberattacks in 2023, with the main threats being ransomware and spear phishing. The survey also highlighted concerns about slow patching of vulnerabilities, increased fears around insider threats, and the … Read more
October 26, 2023 at 04:48AM A new threat actor called YoroTrooper, likely consisting of operators from Kazakhstan, has been identified. The group employs various tactics to hide their activities, including targeting Kazakhstani entities and using VPN exit nodes in Azerbaijan. YoroTrooper primarily uses spear-phishing and malware to steal data, and has now shifted to custom … Read more
October 19, 2023 at 10:21AM The MATA backdoor framework has been used in a cyber espionage operation targeting Eastern European companies in the oil and gas sector and defense industry. Spear-phishing emails were used to deliver malware, exploiting a vulnerability in Internet Explorer. The MATA framework is linked to the Lazarus Group and a new … Read more