#ThreatActor

Watering Hole Attack on Kurdish Sites Distributing Malicious APKs and Spyware

by

September 26, 2024 at 07:51AM French cybersecurity firm Sekoia discovered a long-running cyber espionage campaign, dubbed SilentSelfie, targeting Kurdish websites. The attacks aimed to steal sensitive information using a watering hole technique and various information-stealing frameworks. The campaign, of low sophistication, affected multiple Kurdish sites, indicating a new threat targeting the Kurdish community. The attackers’ … Read more

India-Linked Hackers Targeting Pakistani Government, Law Enforcement

by

September 25, 2024 at 08:48AM A threat actor called SloppyLemming, likely based in India, is using cloud services to target energy, defense, government, telecom, and tech entities in Pakistan and other South and East Asian countries. Cloudflare reports the group’s operations align with Outrider Tiger, known for using Sliver and Cobalt Strike in attacks. SloppyLemming … Read more

Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware

by

September 23, 2024 at 02:18AM A suspected APT from China targeted a Taiwanese government organization and other APAC countries by exploiting a security flaw. The activity uses various techniques and malware like Cobalt Strike and EAGLEDOOR to infiltrate and gather data from government and energy sectors. The threat actor’s sophistication and adaptability are notable. Key … Read more

Dell investigates data breach claims after hacker leaks employee info

by

September 20, 2024 at 12:33PM Dell is investigating claims of a data breach following a threat actor’s leak of data for over 10,000 employees. This has been confirmed by the company to BleepingComputer. Based on the meeting notes, it appears that Dell is investigating claims of a data breach, specifically related to leaked data for … Read more

Iranian APT UNC1860 Linked to MOIS Facilitates Cyber Intrusions in Middle East

by

September 20, 2024 at 06:45AM Mandiant is tracking Iranian APT threat actor UNC1860, linked to MOIS, which facilitates remote network access. UNC1860, known for sophisticated tools and prior destructive attacks, is associated with APT34 and implicated in cyber operations targeting U.S. elections. Iran’s increasing cyber activities coincide with heightened regional involvement. CISA warned of Iranian … Read more

Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomware

by

September 19, 2024 at 02:45PM Microsoft has reported that the ransomware affiliate Vanilla Tempest is now targeting U.S. healthcare organizations, using the INC ransomware. Vanilla Tempest gained network access by deploying malware and backdooring systems, leading to disruptions in IT and phone systems and causing loss of patient information. Vanilla Tempest has a history of … Read more

Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare Sector

by

September 19, 2024 at 06:24AM A financially motivated threat actor, under the name Vanilla Tempest, has been targeting the healthcare sector in the U.S. using a ransomware strain called INC. This actor is known for using various tools and techniques, such as deploying ransomware payloads through Windows Management Instrumentation and exfiltrating data using Azure tools. … Read more

Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC

by

September 19, 2024 at 04:38AM Threat actor Earth Baxia targeted a government organization in Taiwan and possibly other APAC countries using spear-phishing emails and exploiting CVE-2024-36401, a GeoServer vulnerability. Earth Baxia deployed customized Cobalt Strike components and a new backdoor called EAGLEDOOR, which supports multiple communication protocols for information gathering and payload delivery, with evidence … Read more

Temu denies breach after hacker claims theft of 87 million data records

by

September 17, 2024 at 05:00PM Temu denies being hacked or experiencing a data breach. This comes after a threat actor alleged to be selling a stolen database with 87 million customer records. Based on the meeting notes, Temu denies that it was hacked or suffered a data breach, even after a threat actor claimed to … Read more

Fortinet confirms data breach after hacker claims to steal 440GB of files

by

September 12, 2024 at 02:03PM Fortinet, a cybersecurity company, has confirmed a data breach after a threat actor claimed to have stolen 440GB of files from its Microsoft Sharepoint server. Based on the meeting notes, it appears that cybersecurity company Fortinet has confirmed a data breach after a threat actor claimed to have stolen 440GB … Read more