July 24, 2024 at 01:36PM KnowBe4 hired a North Korean state actor posing as a Principal Software Engineer. The company stopped the attempted installation of information-stealing software. The actor evaded background checks and used AI tools to create a fake identity. KnowBe4 detected the threat through its security product and now recommends isolating new hires’ … Read more
July 9, 2024 at 12:43PM Eldorado, a Go-based ransomware, targets Windows and VMware ESXi systems in the US across education, real estate, and healthcare. It offers an affiliate program, customizable attack techniques, and employs Golang for cross-platform capabilities. Its “living off the land” tactics make it evasive, while its ability to impact virtual machines poses … Read more
July 8, 2024 at 10:37PM Law enforcement agencies, led by Australia, have issued an advisory detailing the tradecraft of APT40, a state-sponsored cyber group aligned with China. Known for rapidly exploiting new vulnerabilities, APT40 targets unpatched networks and uses compromised devices to launch attacks. The advisory provides mitigation tactics and highlights APT40’s use of web … Read more
June 21, 2024 at 10:45AM The SneakyChef, a Chinese-speaking threat actor, has conducted an espionage campaign targeting government agencies in Asia and EMEA since August 2023. They have used SugarGh0st malware and a new remote access trojan codenamed SpiceRAT, employing various infection chains and techniques, expanding their scope to countries including Angola, India, Latvia, Saudi … Read more
June 19, 2024 at 07:00AM Cybersecurity firm Trend Micro discovered a new threat group targeting Chinese-speaking users with a campaign dubbed Void Arachne. The attack employs malicious Windows Installer files for VPNs to distribute the Winos 4.0 command-and-control framework. The campaign involves social media and messaging platforms and promotes compromised files with deepfake and AI … Read more
June 13, 2024 at 03:33PM A newly identified North Korean threat actor, Moonstone Sleet, is expanding its distribution of malicious npm packages to public registries, targeting the software supply chain and open source code repositories. It differentiates itself through various techniques, posing a growing risk to the open source community. Organizations are urged to implement … Read more
April 15, 2024 at 12:15PM Israeli citizens received threatening text messages from an Iranian-backed hacking team claiming to have hijacked the nation’s radar systems. The group, named Handala, sent anti-Israeli government rhetoric to citizens, warning of potential damage and urging evacuation. Israeli officials had not verified the group’s claims, which coincided with Iran’s recent attacks … Read more
March 22, 2024 at 06:07PM Chinese spies exploited critical-severity bugs in F5 and ConnectWise equipment to gain access to US defense organizations, UK government agencies, and other entities, according to Mandiant. The exploits were attributed to a group known as UNC5174, who also targeted other vulnerabilities and used custom software and a remote command-and-control framework … Read more
November 21, 2023 at 04:18PM North Korean threat actors are engaging in deceptive tactics on the internet, posing as both job recruiters and job seekers. Palo Alto Networks’ Unit 42 has identified two ongoing campaigns, “Contagious Interview” and “Wagemole”, where the threat actors lure unsuspecting applicants into installing sophisticated malware or impersonate applicants to gain … Read more
November 9, 2023 at 11:22AM Google Ads has been exploited by a threat actor to distribute a trojanized version of the CPU-Z tool, delivering the Redline info-stealing malware. The campaign uses a cloned copy of the legitimate site WindowsReport to host a malicious advertisement. Clicking on the ad leads to a redirect process that tricks … Read more