December 5, 2023 at 03:12AM A new cyber threat, AeroBlade, targeted a U.S. aerospace company in a suspected espionage attempt. The BlackBerry team identified the attack, which utilized spear-phishing, remote template injection, and a malicious VBA macro. Attacks started in September 2022 and became more stealthy over time, culminating in July 2023 with a reverse … Read more
December 4, 2023 at 10:01AM BlackBerry uncovered ‘AeroBlade’, a new hacking group targeting the U.S. aerospace sector. Using spear-phishing attacks, AeroBlade deployed reverse-shell payloads for data theft, focusing on cyber espionage. The threat evolved from testing in 2022 to sophisticated attacks in 2023, with unknown origins and objectives speculated to be selling or leveraging stolen … Read more
November 17, 2023 at 08:09AM Israeli private investigator Aviram Azari has been sentenced to 80 months in prison in the US for hacking companies and individuals, earning him nearly $5 million. Azari owned an Israeli intelligence firm, Aviram Hawk or Aviram Netz, and hired hacking groups to access online accounts and steal information. Targets included … Read more
November 2, 2023 at 05:30AM MuddyWater, an Iranian nation-state actor, has launched a spear-phishing campaign targeting Israeli entities. This campaign deploys a legitimate remote administration tool from N-able called Advanced Monitoring Agent. While MuddyWater has previously used similar attack chains, this is the first time it has been observed using N-able’s software. The group is … Read more
October 27, 2023 at 12:01AM SonicWall released the findings of its 2023 SonicWall Threat Mindset Survey, revealing that 55% of its customers are more concerned about cyberattacks in 2023, with the main threats being ransomware and spear phishing. The survey also highlighted concerns about slow patching of vulnerabilities, increased fears around insider threats, and the … Read more
October 26, 2023 at 04:48AM A new threat actor called YoroTrooper, likely consisting of operators from Kazakhstan, has been identified. The group employs various tactics to hide their activities, including targeting Kazakhstani entities and using VPN exit nodes in Azerbaijan. YoroTrooper primarily uses spear-phishing and malware to steal data, and has now shifted to custom … Read more
October 19, 2023 at 10:21AM The MATA backdoor framework has been used in a cyber espionage operation targeting Eastern European companies in the oil and gas sector and defense industry. Spear-phishing emails were used to deliver malware, exploiting a vulnerability in Internet Explorer. The MATA framework is linked to the Lazarus Group and a new … Read more
October 18, 2023 at 12:28PM The MATA backdoor framework has been observed in attacks targeting oil and gas firms and the defense industry in Eastern Europe between August 2022 and May 2023. The attacks used spear-phishing emails to trick victims into downloading malicious executables that exploit a vulnerability in Internet Explorer. The updated MATA framework … Read more
October 18, 2023 at 12:15PM North Korea’s Kimsuky cyber threat group has been found to be using Remote Desktop Protocol (RDP) and other tools to remotely take over targeted systems. The group has also been leveraging open source software such as TightVNC and Chrome Remote Desktop. Kimsuky continues to use spear phishing as its initial … Read more