Russian Turla Cyberspies Target Polish NGOs With New Backdoor

February 22, 2024 at 10:51AM Turla, a Russian state-sponsored threat actor, has deployed a new backdoor called TinyTurla-NG in recent attacks on NGOs in Poland. The malware, an evolution of TinyTurla, was first used in December 2023 and is designed for implant administration and file management. Turla also deployed other tools in this attack. From … Read more

New SSH-Snake malware steals SSH keys to spread across the network

February 21, 2024 at 03:32PM SSH-Snake, an open-source network mapping tool, is being used by a threat actor to stealthily search for private keys and move laterally through victim infrastructure. It was discovered by Sysdig’s Threat Research Team, who describe it as a self-modifying worm that avoids typical detection patterns, making it a more efficient … Read more

Russian-Linked Hackers Breach 80+ Organizations via Roundcube Flaws

February 19, 2024 at 12:45AM Belarus and Russia-linked threat actors, identified as Winter Vivern, conducted a cyber espionage campaign exploiting vulnerabilities in Roundcube webmail servers, targeting over 80 organizations in Georgia, Poland, and Ukraine. The campaign aimed to gather intelligence on European political and military activities, demonstrating high sophistication in attack methods. TAG-70 also targeted … Read more

Iranian Hackers Target Middle East Policy Experts with New BASICSTAR Backdoor

February 18, 2024 at 11:57PM Charming Kitten, an Iranian-origin threat actor also known as APT35, has been linked to new attacks aimed at Middle East policy experts using a new backdoor called BASICSTAR through a fake webinar portal. The group, affiliated with Iran’s Revolutionary Guard Corps, uses a range of social engineering tactics, including phishing … Read more

Ex-Employee’s Admin Credentials Used in US Gov Agency Hack

February 16, 2024 at 10:03AM A threat actor gained access to a US government organization’s network using compromised credentials from a former employee’s administrative account, enabling reconnaissance and data theft. CISA advises organizations to review administrative accounts, implement MFA, and maintain robust security measures to prevent similar incidents. Key takeaways from the meeting notes are … Read more

Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization

February 15, 2024 at 02:19PM CISA and MS-ISAC conducted an incident response assessment revealing a threat actor gaining unauthorized access to a state government organization’s network environment. Moreover, the attacker compromised network administrator credentials through the account of a former employee, successfully accessing the organization’s internal and Azure environments. A Cybersecurity Advisory containing mitigation strategies … Read more

Russian Turla Hackers Target Polish NGOs with New TinyTurla-NG Backdoor

February 15, 2024 at 10:18AM Russian threat actor Turla has been using a new backdoor, TinyTurla-NG, in a campaign targeting Polish non-governmental organizations. The backdoor is similar to TinyTurla, used in previous intrusions. Turla, linked to the FSB, has also targeted the defense sector in Ukraine and Eastern Europe with a .NET-based backdoor called DeliveryCheck. … Read more

Turla hackers target NGOs with new TinyTurla-NG ‘secret backdoor’

February 15, 2024 at 09:56AM Security researchers have discovered new malware called TinyTurla-NG and TurlaPower-NG, utilized by the Russian hacker group Turla for network access and data theft. Turla exploits vulnerable WordPress websites for command and control, targeting organizations across various sectors. The malware’s backdoor functionality and data exfiltration methods were detailed in a report … Read more

Bumblebee malware wakes from hibernation, forgets what year it is, attacks with macros

February 14, 2024 at 06:06AM The Bumblebee malware loader, initially linked to ransomware groups, has resurfaced using old-school VBA macros to target US organizations in a new campaign. Its reappearance signals a change in attack tactics, bucking the trend towards more advanced methods. Although this may seem outdated, vigilance and security measures should not be … Read more

DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability

February 14, 2024 at 02:39AM A zero-day exploit in Microsoft Defender SmartScreen, leveraged by the threat actor Water Hydra (aka DarkCasino), targets financial market traders. Exploiting CVE-2024-21412, the attacker convinces victims to click on a booby-trapped URL, bypassing security checks. The end goal is to deliver the DarkMe trojan, capable of executing additional instructions and … Read more