December 6, 2024

Snowblind: The Invisible Hand of Secret Blizzard

Lumen’s Black Lotus Labs uncovered a longstanding campaign orchestrated by the Russian threat actor “Secret Blizzard” (aka Turla). The group has successfully infiltrated 33 command-and-control (C2) nodes used by Pakistani-based actor, “Storm-0156.”

North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks

"Phishing emails were sent mainly through email services in Japan and Korea until early September," Korean cybersecurity firm Genians said. "Then, from mid-September, some phishing emails disguised as if they were sent from Russia were observed."
December 3, 2024

APT35 Forges Recruitment Sites, Launches Attacks on Aerospace and Semiconductor Industries in Multiple Countries

In one of its campaigns, APT35 launched a fake recruitment site, particularly aimed at experts in drone design within the aerospace sector in Thailand. The site featured high-paying job postings, adding legitimacy to the ruse.

Attack Group APT-C-60 Targets Japan Using Trusted Platforms

First identified in August 2024, the attack involved phishing emails disguised as job applications to infiltrate recruitment departments, introducing malware via malicious links hosted on legitimate platforms such as Google Drive.

Matrix Botnet Exploits IoT Devices in Widespread DDoS Botnet Campaign

The attack chains are characterized by the exploitation of known security flaws as well as default or weak credentials to obtain access to a broad spectrum of internet-connected devices such as IP cameras, DVRs, routers, and telecom equipment.
November 27, 2024

CyberVolk: A Deep Dive into the Hacktivists, Tools, and Ransomware Fueling Pro-Russian Cyber Attacks

CyberVolk’s roots trace back to India, with its current form emerging in May 2024. Initially known by names such as GLORIAMIST India and Solntsevskaya Bratva, the group shifted to ransomware-as-a-service (RaaS) operations in June 2024.
November 26, 2024

PROSPERO & Proton66: Tracing Uncovering the Links Between Bulletproof Hosting Networks

Intrinsec’s analysis reveals operational similarities between PROSPERO and Proton66. Both systems share nearly identical peering agreements and are linked to the same internet exchange point in St. Petersburg.
November 25, 2024

Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions

Earth Estries, a Chinese APT group, has primarily targeted critical sectors like telecommunications and government entities across the US, Asia-Pacific, Middle East, and South Africa since 2023.

China-Linked TAG-112 Targets Tibetan Media with Cobalt Strike Espionage Campaign

A China-linked nation-state group called TAG-112 compromised Tibetan media and university websites in a new cyber espionage campaign designed to facilitate the delivery of the Cobalt Strike post-exploitation toolkit.

APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware

The attack campaign is said to have used Hajj-themed lures to trick victims into executing a malicious payload under the guise of a Microsoft Compiled HTML Help (CHM) file.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags