Internet Archive hacked, data breach impacts 31 million users

October 9, 2024 at 06:26PM The Internet Archive’s “Wayback Machine” experienced a data breach, exposing a user authentication database with 31 million records. The breach was confirmed after hacker alerts appeared on the site. The stolen data includes email addresses and hashed passwords. A DDoS attack was also reported, claimed by the BlackMeta group. ### … Read more

GoldenJackal Target Embassies and Air-Gapped Systems Using Malware Toolsets

October 8, 2024 at 06:07AM GoldenJackal, a little-known threat actor, has been linked to cyber attacks on embassies and governmental organizations. They aim to infiltrate air-gapped systems using bespoke toolsets. The attacks targeted a South Asian embassy in Belarus and a European Union government organization. The group has displayed advanced capabilities, using multiple malware families … Read more

AT&T, Verizon reportedly hacked to target US govt wiretapping platform

October 7, 2024 at 10:56AM Multiple U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, were breached by the Chinese hacking group Salt Typhoon. The attack aimed at gathering intelligence from systems used by the U.S. federal government for network wiretapping requests. This sophisticated group has also targeted entities in other countries and utilizes various … Read more

China-Backed APT Group Culling Thai Government Data

October 2, 2024 at 09:08PM CeranaKeeper, a China-aligned threat actor, has conducted large-scale data exfiltration in Southeast Asia. ESET researchers found that the group has been active since early 2022, using tools associated with Mustang Panda and exploiting file-sharing services. They breached Thai government systems and conducted extensive data harvesting, demonstrating rapid evolution and persistence. … Read more

China-Linked CeranaKeeper Targeting Southeast Asia with Data Exfiltration

October 2, 2024 at 12:15PM CeranaKeeper, a new threat actor, has been conducting data exfiltration attacks in Southeast Asia, targeting countries like Thailand, Myanmar, the Philippines, Japan, and Taiwan. Utilizing backdoors through legitimate cloud and file-sharing services, the group demonstrates a relentless and creative approach, with an extensive custom toolset for massive data siphoning. ESET … Read more

New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet

October 1, 2024 at 01:27AM Cybersecurity researchers have uncovered a new cryptojacking campaign targeting the Docker Engine API, enabling attackers to co-opt instances into a malicious Docker Swarm. The attacks leverage Docker for access, spawning a cryptocurrency miner, and orchestrating lateral movement to related hosts. The campaign also demonstrates the use of evolving malware and … Read more

Microsoft: Cloud Environments of US Organizations Targeted in Ransomware Attacks

September 30, 2024 at 08:00AM Microsoft warns of cybercriminal gang Storm-0501 targeting US organizations’ hybrid cloud environments with ransomware deployments. Active since 2021, the financially motivated group employs various ransomware families and exploits weak credentials and known vulnerabilities to gain control of networks, compromise devices, and deploy ransomware, posing a threat across multiple sectors. Based … Read more

N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks

September 26, 2024 at 08:54AM Threat actors linked to North Korea have introduced two new malware strains, named KLogEXE and FPSpy, as part of their cyber activity. These strains enhance the capabilities of the group known as Sparkling Pisces and are used for espionage and data collection. The targets have mainly been in South Korea … Read more

Watering Hole Attack on Kurdish Sites Distributing Malicious APKs and Spyware

September 26, 2024 at 07:51AM French cybersecurity firm Sekoia discovered a long-running cyber espionage campaign, dubbed SilentSelfie, targeting Kurdish websites. The attacks aimed to steal sensitive information using a watering hole technique and various information-stealing frameworks. The campaign, of low sophistication, affected multiple Kurdish sites, indicating a new threat targeting the Kurdish community. The attackers’ … Read more

India-Linked Hackers Targeting Pakistani Government, Law Enforcement

September 25, 2024 at 08:48AM A threat actor called SloppyLemming, likely based in India, is using cloud services to target energy, defense, government, telecom, and tech entities in Pakistan and other South and East Asian countries. Cloudflare reports the group’s operations align with Outrider Tiger, known for using Sliver and Cobalt Strike in attacks. SloppyLemming … Read more