Sentinel One

X Phishing Campaign Targets High-Profile Accounts to Promote Crypto Scams

This campaign has been observed targeting various accounts such as U.S. political figures, leading international journalists, an X employee, large technology organizations, cryptocurrency organizations, and owners of valuable, short usernames.

HellCat and Morpheus: Two Brands, One Payload as Ransomware Affiliates Drop Identical Code

HellCat emerged in mid-2024. The primary operators behind HellCat are high-ranking members of the BreachForums. Morpheus RaaS launched a data leaks site (DLS) in December 2024, though the group’s activity can be traced back to at least September.
December 11, 2024

Operation Digital Eye: Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels

The threat actors used a lateral movement capability indicative of the presence of a shared vendor or digital quartermaster maintaining and provisioning tooling within the Chinese APT ecosystem.
November 27, 2024

CyberVolk: A Deep Dive into the Hacktivists, Tools, and Ransomware Fueling Pro-Russian Cyber Attacks

CyberVolk’s roots trace back to India, with its current form emerging in May 2024. Initially known by names such as GLORIAMIST India and Solntsevskaya Bratva, the group shifted to ransomware-as-a-service (RaaS) operations in June 2024.

North Korean APT BlueNoroff Targets Macs with Fake Crypto News and Novel Persistence

SentinelLabs found a new type of malware being used by North Korean hackers to target businesses that deal with cryptocurrency. This malware is similar to attacks previously linked to BlueNoroff.

Kryptina RaaS: From Unsellable Cast-Off to Enterprise Ransomware

Mallox, known for targeting Windows systems, has expanded its operations to Linux by using a modified version of the Kryptina ransomware, named "Mallox Linux 1.0." The ransomware utilizes the same encryption algorithm as Kryptina.

DPRK Crypto Theft | macOS RustBucket Droppers Pivot to Deliver KandyKorn Payloads

It begins with a Discord user downloading a malicious Python application, Cross-Platform Bridges.zip. Initially, links to the malware were sent to targets via direct message with the malware hosted on Google Drive.
September 22, 2023

Sandman APT Infiltrates Telecommunications Companies Using LuaDream Backdoor

The activities of Sandman suggest espionage motivations, with a focus on telecommunications providers and a potential connection to a private contractor or mercenary group.
September 19, 2023

Transparent Tribe’s CapraRAT Mimics YouTube to Hijack Android Phones

The CapraRAT mobile RAT hidden within these YouTube-themed apps gives the attacker control over various data on infected Android devices, including recording audio and video, collecting messages and call logs, and modifying files.

New Family of Obfuscated Go Info-stealers 'MetaStealer' Spread in Targeted Attacks

Unlike other recent macOS malware, MetaStealer relies on social engineering tactics to persuade victims to launch malicious payloads, often disguised as legitimate files or software.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags