Summary: CeranaKeeper, a newly identified threat actor, has been linked to a series of data exfiltration attacks targeting governmental institutions in Southeast Asia, particularly in Thailand. The group employs sophisticated …
Tag: LATERAL MOVEMENT
Short Summary:
Cisco Talos has identified a financially motivated threat actor, active since 2022, distributing a MedusaLocker ransomware variant named “BabyLockerKZ.” The actor has targeted organizations globally, with a notable …
Short Summary:
This article discusses a vishing attack that targeted a remote employee in the hospitality sector, leading to unauthorized access to the customer’s network. Darktrace’s anomaly-based threat detection successfully …
Short Summary:
ESET researchers have identified a new China-aligned threat actor named CeranaKeeper, which has been targeting governmental institutions in Thailand since 2023. This group utilizes advanced techniques and tools, …
Silent Push research reveals that the FIN7 threat group is employing new tactics, including the use of an AI “DeepNude Generator” across multiple websites to distribute malware. The …
Meow, a ransomware group that emerged in 2022, has gained attention for its unique operational model and rising victim count. It is often linked to Meow Leaks, which …
Short Summary:
The article discusses the NetSupport RAT, a remote access trojan used by advanced persistent threat (APT) groups. It highlights the challenges in detecting and removing such malware, along …
Summary: A recent Microsoft alert has revealed that the threat actor Vanilla Tempest is using a new ransomware strain, INC, to target the US healthcare sector, highlighting the ongoing cyber …
Summary: Logpoint has acquired Muninn, a network detection and response startup, to enhance its cybersecurity offerings by integrating AI-driven detection capabilities with its existing SIEM solutions. This acquisition aims to …
Summary: Security researcher Zach Hanley from Horizon3.ai has disclosed a critical vulnerability (CVE-2024-28987) in SolarWinds Web Help Desk software, which involves hardcoded credentials that could allow unauthorized access to sensitive …
Summary: DragonForce ransomware is rapidly expanding its Ransomware-as-a-Service (RaaS) operations, posing a significant global threat to businesses through sophisticated double extortion tactics. Companies are urged to enhance their cybersecurity measures …
UserSec is a pro-Russian hacktivist group that emerged in early 2023, targeting Western governments and critical infrastructure, particularly those affiliated with NATO and Ukraine. Utilizing Telegram for coordination …
Short Summary:
In July 2024, a ReliaQuest customer in the manufacturing sector experienced a data exfiltration attack. The threat actor exploited a Fortinet firewall and used a brute-force attack on …
Summary: Microsoft has reported a multi-staged attack by the threat actor Storm-0501, which compromised hybrid cloud environments leading to data exfiltration, credential theft, and ransomware deployment across various sectors in …
Short Summary:
In November 2023, a BlackCat ransomware intrusion was initiated by Nitrogen malware, which was disguised as Advanced IP Scanner. The attack involved deploying Sliver and Cobalt Strike beacons, …
In light of the escalating frequency and complexity of ransomware attacks, are security leaders confident in their organization’s defenses? According to Group-IB’s Hi-Tech Crime Trends 2023/2024 Report, ransomware will have …
Short Summary:
This report by CYFIRMA investigates the infrastructure of the APT group “Transparent Tribe,” identifying command-and-control (C2) servers linked to the group. The investigation reveals the use of Mythic …
Short Summary:
In the first half of 2024, Darktrace Threat Research observed multiple cyber attack campaigns targeting vulnerabilities in internet-facing systems, particularly focusing on Fortinet’s FortiClient EMS. A critical SQL …
Summary: A new cryptojacking campaign has been discovered that targets Docker Engine API, enabling lateral movement to Docker Swarm, Kubernetes, and SSH servers. The threat actor utilizes compromised Docker hosts …
Short Summary:
A new cryptojacking campaign has been discovered, targeting Docker Engine API and capable of lateral movement to Docker Swarm, Kubernetes, and SSH servers. The threat actor utilizes Docker …
Summary: UNC1860 is an Iranian state-sponsored threat actor linked to the Ministry of Intelligence and Security, known for its sophisticated tooling and persistent access to high-priority networks in the Middle …
Summary: Cybersecurity researchers at Darktrace have reported on the exploitation of Fortinet’s FortiClient Endpoint Management Server (EMS) through a critical SQL injection vulnerability (CVE-2023-48788), allowing attackers to gain unauthorized access …
Short Summary:
UNC1860 is an Iranian state-sponsored threat actor associated with espionage and cyber operations, particularly targeting government and telecommunications sectors in the Middle East. The group employs specialized tools …
Summary: Microsoft has identified a financially motivated threat actor named Vanilla Tempest, which is using a ransomware strain called INC to target the U.S. healthcare sector for the first time. …
The Summer Intelligence Insights report by Securonix Threat Labs highlights significant cyber threats identified over the last three months, including phishing campaigns, cyber-espionage efforts, and ransomware attacks. The …
Summary: SolarWinds has announced two critical vulnerabilities in their Access Rights Manager (ARM) software, which could lead to unauthorized access and remote code execution. Users are urged to update to …
Summary: Cisco Talos has revealed a new threat actor named “DragonRank,” which primarily targets web application services in Asia and Europe to manipulate search engine rankings through the deployment of …
Summary: Aqua Nautilus researchers have discovered a new Linux malware named Hadooken, which targets Weblogic servers and deploys a cryptominer and Tsunami malware. The attack exploits weak passwords to gain …
Short Summary:
Aqua Nautilus researchers have identified a new Linux malware named Hadooken, targeting Weblogic servers. The malware exploits weak passwords to gain initial access, drops Tsunami malware, and deploys …
Medusa is a ransomware group that emerged in 2023, known for its unique presence on both the surface and dark web. By 2024, they have intensified their cyberattacks, …
Summary: In August 2024, the ransomware group “Inc Ransom” targeted a ReliaQuest customer in the healthcare sector with a double-extortion attack that involved data exfiltration without encryption. The attack utilized …
Summary: The RansomHub ransomware gang has adopted new tactics by utilizing TDSSKiller to disable endpoint detection systems and LaZagne for credential harvesting, marking a significant shift in their attack methodology. …
Short Summary:
Kimsuky, a North Korean hacking group active since 2018, focuses on espionage and financially motivated cybercrime. They target various technologies and countries, employing sophisticated tactics and exploiting vulnerabilities …
Short Summary:
Ransomware activity surged in Q2 2024, with a 36% increase in claimed attacks compared to Q1, totaling 1,310 incidents. The resurgence is attributed to the recovery of LockBit …
Short Summary:
Cisco Talos has identified a new cyber threat named “DragonRank,” which targets web application services primarily in Asia and parts of Europe. This threat utilizes the PlugX and …
Rapid7 has been recognized as a Leader in the IDC MarketScape: Worldwide SIEM for SMB 2024 Vendor Assessment. The company highlights the unique features of its InsightIDR product, …
Short Summary:
Repellent Scorpius is a newly emerged ransomware-as-a-service (RaaS) group distributing Cicada3301 ransomware, first identified in May 2024. The group employs a double extortion scheme, encrypting data and threatening …
Summary: Researchers from Indiana University Bloomington have uncovered a thriving underground market for malicious large language models (LLMs), dubbed “Mallas,” which are being used for various cybercriminal activities. These models, …
Summary: The report discusses the growing trend of threat actors exploiting legitimate IT tools for malicious operations, termed CAMO (Commercial Applications, Malicious Operations), which allows them to bypass security measures …
Short Summary:
EclecticIQ analysts have researched ransomware operations, particularly focusing on SCATTERED SPIDER, a group targeting cloud infrastructures in the insurance and financial sectors. They employ social engineering tactics, including …
Short Summary:
The RansomHub ransomware gang has been identified using TDSSKiller and LaZagne in a new attack method to disable EDR systems and harvest credentials. This marks the first recorded …