Lookout analyzed a system-level Android spyware app named Deblind, part of the Infamous Chisel toolset attributed to Russia’s Sandworm APT, which abuses accessibility services to log user activity and relies on other components for root access and exfiltration…
Tag: CRITICAL INFRASTRUCTURE
Recorded Future’s Insikt Group conducted a study of malicious command-and-control (C2) infrastructure identified using proactive scanning and collection methods throughout 2023.
The report analyzes a threat actor’s activity from an openly accessible directory, profiling their victims and techniques over more than a year with a mix of non-financial and crypto-mining operations. The actor relied on open-source tools (sqlmap, ghauri, htt…
Threat intelligence from X-Force details ITG05’s use of the Israel-Hamas conflict as lure material to deliver the Headlace backdoor across at least 13 countries, leveraging official documents and decoys. The malware chain comprises a dropper, a VBScript launch…
Fighting Ursa exploited a Microsoft Outlook vulnerability (CVE-2023-23397) to conduct NTLM relay campaigns against high-value targets across NATO-aligned nations, using zero-day and later activity to harvest credentials and move within networks. The operation …
The article links cyber operations across the Russia-Ukraine war and the Israel-Hamas conflict, noting shared tactics like denial-of-service, propaganda, espionage, hacking, and defacement. It highlights HermeticWiper, Industroyer2, and decoy ransomware such a…
The research demonstrates that malicious or malformed xApps can exploit weaknesses in the RIC Message Router (RMR) and near-RT RIC components to crash E2Term, spoof routing tables, and hijack message routing, degrading O-RAN service. Specific vulnerabilities i…
Iranian IRGC-affiliated CyberAv3ngers have targeted Unitronics Vision Series PLCs used in water and wastewater facilities in the U.S. and other sectors, leveraging exposed internet-facing devices with default passwords to deface interfaces and potentially disr…
Attacks on a critical infrastructure target in South Africa, supply-chain attack on Linux machines, Telegram doppelganger used to target people in China.
Vidar, evolved from the Arkei Stealer, is a sophisticated credential stealer capable of extracting data from 2FA software and the Tor Browser. Censys tracked Vidar’s TLS-based C2 infrastructure, identifying 22 unique IPs and tying the activity to Scattered Spi…
Volt Typhoon is a state-sponsored APT, widely attributed to China, targeting critical infrastructure and government-adjacent entities with sophisticated, stealthy operations. Recent U.S. government actions disrupted a Volt Typhoon botnet and highlighted the ne…
Resecurity reports an alarming rise in ransomware targeting the energy sector worldwide, including nuclear facilities and related research entities, with attackers expanding across North America, Asia, and the EU. The article highlights evolving tactics such a…
Chinese state-sponsored cyber operations have transformed, emerging as a more mature, stealthy, and coordinated threat than in previous years.
Hive0051 is documented by X-Force as executing large-scale, synchronized multi-channel DNS fluxing to remap its C2 infrastructure across Telegram channels and Telegraph sites, enabling persistent operations and dynamic reallocation of victims across Gamma malw…
Researchers analyze the cyber dimension of the Israel-Hamas conflict, highlighting hacktivist groups Cyber Av3ngers and Moses Staff and their impact on critical infrastructure. The analysis links the October 8 Dorad power station incident to Moses Staff leaks …