In November 2024, ten hacking groups were detected engaging in various cybercriminal activities, including stealing sensitive information, deploying ransomware, and mining cryptocurrency. Each group employed different methods such as phishing, malware distribution, and obfuscation techniques to achieve their objectives, often targeting companies and individuals across multiple countries.…
Read More
US Cybersecurity Efforts for Spacecraft Are Up in the Air
Summary: The cybersecurity of US space systems continues to lag behind current threats, raising concerns as the Trump administration pushes for deregulation and as private industry, particularly SpaceX, seeks to ease stringent cybersecurity requirements. Experts warn that failure to address vulnerabilities in spacecraft cybersecurity could result in heightened risks from adversarial nations, especially given recent attacks like the disruption of satellite communications in Ukraine.…
Read More
Russia uses messaging apps to recruit terrorists, Ukraine’s police says
Summary: Russian intelligence services are reportedly using messaging apps and online forums to recruit Ukrainians for terrorist attacks, particularly targeting vulnerable groups like the unemployed and young people. These recruits often face dire consequences, such as death or imprisonment, after completing their missions. A significant increase in these attacks in Ukraine has been observed, which aims to destabilize the nation and undermine public confidence in its security forces.…
Read More
APT QUARTERLY HIGHLIGHTS : Q4 2024
In Q4 2024, APT groups from China, North Korea, Iran, and Russia significantly escalated their cyber operations, demonstrating advanced techniques such as cyber espionage, credential theft, and disruptive assaults. These developments highlight a persistent threat to critical sectors, including government infrastructure and financial institutions worldwide. Affected: governments, critical infrastructure, defense, financial institutions, research entities

Keypoints :

APT groups showcased increasingly sophisticated techniques across a range of cyber threats in Q4 2024.…
Read More
This article discusses the activities of ten hacking groups observed in December, focusing on their financial exploitation methods through ransomware, data theft, and phishing attacks. Affected: SectorJ09, SectorJ14, SectorJ25, SectorJ39, SectorJ47, SectorJ93, SectorJ115, SectorJ135, SectorJ149, SectorJ194

Keypoints :

Ten hacking groups identified in December include SectorJ09, SectorJ14, SectorJ25, SectorJ39, SectorJ47, SectorJ93, SectorJ115, SectorJ135, SectorJ149, and SectorJ194.…
Read More
SmokeLoader malware aimed at multiple Ukrainian industries, using bug in file archiver
Summary: A Russian hacking campaign has leveraged a vulnerability in 7-Zip to distribute SmokeLoader malware to various Ukrainian organizations, facilitating cyber espionage. The flaw allows the malware to bypass Windows defenses, enabling attacks via phishing emails that imitate legitimate government communications. This ongoing threat poses serious risks to sensitive personal and corporate data within the targeted entities.…
Read More
Cyber Insights 2025: OT Security
Summary: SecurityWeek’s Cyber Insights 2025 highlights expert views on the evolving landscape of operational technology (OT) cybersecurity, underscoring increased risks and potential threats to critical infrastructure. Experts predict that while advancements may mitigate some risks, new sophisticated cyber threats and attacks leveraging AI and geopolitical tensions will emerge.…
Read More
Hacker Conversations: David Kennedy – an Atypical Typical Hacker
Summary: David Kennedy, an accomplished hacker and CEO of TrustedSec, uniquely embodies the hacker ethos, shaped by his ADHD and military experiences. His unconventional learning style emphasizes hands-on problem-solving over traditional methods, leading him to a successful career in cybersecurity. Despite his challenging beginnings, Kennedy maintains a strong ethical compass and believes in the importance of creativity and fun in his work.…
Read More
New Russian Threat Group Hacks Into U.S. Oil and Gas Facilities
Summary: A newly identified pro-Russian hacktivist group, Sector 16, has been exploiting vulnerabilities in U.S. oil and gas facility control panels, claiming responsibility for various cyber incidents. They are collaborating with another group, Z-Pentest, known for similar attacks on critical infrastructure. Their activities are marked by public boasting through videos showcasing their exploits, raising concerns over the security of essential systems.…
Read More
Summary: A recently exposed cyber espionage operation known as “Operation Phantom Circuit,” led by North Korea’s Lazarus Group, has targeted cryptocurrency firms and supply chains globally since September 2024. This sophisticated attack employs advanced obfuscation techniques and a specialized web-based dashboard for real-time control and data management.…
Read More
Russian cyber research companies post alerts about infostealer, industrial threats
Summary: Recent reports by Russian cybersecurity firms reveal a significant information-stealing campaign leveraging a malware known as Nova, targeting local organizations. Nova, available for purchase on dark web marketplaces, is linked to increased hacking activity against Russian entities, particularly amidst ongoing geopolitical tensions. The malware, a variant of SnakeLogger, aims to harvest sensitive data through deceptive phishing tactics.…
Read More
California man steals  million using fake investment sites, gets 7 years
Summary: A 59-year-old man from Irvine, California, was sentenced to 87 months in prison for his role in an investor fraud scheme that defrauded over 70 victims of approximately million using fraudulent financial websites. Allen Giltman, along with others, impersonated financial institutions to attract investors promising high returns through fake certificates of deposit.…
Read More
Threat Context Monthly: Executive Intelligence Briefing for January 2025
This article discusses the recent activities in the cybersecurity landscape, highlighting the leak of sensitive data from Fortigate firewalls by a group called Belsen Group, and various cybersecurity vulnerabilities, including a 0-day exploit affecting Ivanti Connect Secure. Additionally, emerging threats such as doubleclickjacking and malware distribution are detailed.…
Read More
Taiwan Bans DeepSeek AI Over National Security Concerns, Citing Data Leakage Risks
Summary: Taiwan has banned government agencies from using the Chinese AI platform DeepSeek due to national security concerns, highlighting issues of data privacy and information leakage. DeepSeek has faced multiple DDoS attacks, and malicious packages disguised as its API client have appeared on developer repositories. The situation underscores the growing scrutiny of AI applications and heightened security measures being implemented globally.…
Read More
Operation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign
In December 2024, the Lazarus Group from North Korea initiated a sophisticated cyberattack called “Phantom Circuit,” targeting cryptocurrency and technology developers worldwide by embedding malware in trusted software packages. This campaign leveraged a complex network of command-and-control servers, VPNs, and proxies to exfiltrate sensitive data, including development credentials and authentication tokens.…
Read More
Kazakhstan to audit foreign ministry after suspected Russia-linked cyberattack
Summary: Kazakhstan’s Foreign Ministry will undergo an audit following a cyberattack suspected to be linked to Kremlin-backed hackers, as indicated by a report from French cybersecurity firm Sekoia. The hacker group UAC-0063 has targeted multiple diplomatic entities in Central Asia, utilizing malware strains CherrySpy and Hatvibe to gather sensitive information.…
Read More
DeepSeek AI tools impersonated by infostealer malware on PyPI
Summary: Threat actors exploited the popularity of DeepSeek to upload two malicious infostealer packages, “deepseeek” and “deepseekai”, on the Python Package Index (PyPI). These packages, masquerading as developer tools, stole sensitive information from developers’ machines, including API keys and database credentials, before exfiltrating the data to a command and control server.…
Read More