The BlackSuit ransomware group, an evolution of the Royal ransomware, has emerged as a significant cyber threat since mid-2023, utilizing advanced tactics to extort over $500 million from various industries worldwide. This analysis delves into their operational strategies, notable incidents, and defense mechanisms to mitigate their impact.…
Read More
Author: Picussecurity
Kimsuky, a North Korean cyber threat group, has been active since at least 2013, focusing on espionage against political, economic, and military targets. Their sophisticated tactics include spear phishing, malware deployment, and advanced evasion techniques, making them a persistent threat in the cybersecurity landscape. #Kimsuky #CyberThreat #APT
Read More
Keypoints :
Kimsuky, also known as Black Banshee, has been active since 2013 and is state-sponsored by North Korea.…
OilRig, also known as APT34, is a state-sponsored threat actor recognized for its sophisticated cyber espionage tactics primarily targeting the Middle East. This article details OilRig’s history, notable attacks, and advanced techniques, emphasizing its adaptability and persistence in exploiting vulnerabilities. #APT34 #OilRig #CyberEspionage
Read More
Keypoints :
OilRig, also known as APT34 and Helix Kitten, is linked to Iranian state interests.…
Volt Typhoon, a state-sponsored APT group linked to China, is known for sophisticated cyber espionage targeting critical infrastructure, especially in the U.S. Their tactics include exploiting vulnerabilities and using Living-off-the-Land techniques to evade detection. This article explores their operations, impact, and strategies for defense. #CyberSecurity #APT #VoltTyphoon
Read More
Keypoints :
Volt Typhoon is a state-sponsored APT group linked to Chinese cyber operations.…
Credential-based attacks pose significant risks to organizations, leveraging weak credentials for unauthorized access. Picus Attack Path Validation (APV) helps identify and mitigate these vulnerabilities through automated penetration testing and credential harvesting simulations. #CyberSecurity #CredentialAttacks #PenetrationTesting
Read More
Keypoints :
Credential-based attacks exploit weak or misconfigured credentials for unauthorized access.…
Salt Typhoon, a state-sponsored cyber threat group from China, is known for its sophisticated espionage tactics targeting critical sectors like telecommunications and government. Their use of advanced malware, such as the GhostSpider backdoor, poses significant risks to global infrastructure. #CyberSecurity #SaltTyphoon #Malware
Read More
Keypoints :
Salt Typhoon is a Chinese state-sponsored cyber threat actor.…
Androxgh0st is a sophisticated Python-based malware that exploits vulnerabilities in popular web frameworks, particularly Laravel, to execute remote code and harvest sensitive credentials. Its botnet capabilities and advanced evasion techniques make it a significant threat to cloud and web security. Organizations must adopt proactive defense strategies to mitigate this persistent threat.…
Read More
Cozy Bear, also known as APT29, is a sophisticated cyber espionage group believed to operate under the Russian Foreign Intelligence Service. This article explores their history, notable attacks, and advanced tactics that highlight their persistent threat to organizations worldwide. #CozyBear #CyberEspionage #APT29
Read More
Keypoints :
Cozy Bear is linked to the Russian SVR and targets government and private sectors for intelligence gathering.…
The healthcare industry faces significant cybersecurity challenges, with rising data breach costs and persistent ransomware threats. Organizations must adopt proactive strategies and enhance their defenses to protect sensitive patient data and ensure operational continuity. #HealthcareCybersecurity #RansomwareDefense #DataBreachAwareness
Read More
Keypoints :
The healthcare sector is a primary target for data breaches, with average costs reaching $9.77 million in 2024.…Welcome to Picus Security‘s weekly cyber threat intelligence roundup! …
On January 16, 2024, Atlassian disclosed a remote code execution vulnerability affecting the Confluence Data Center and Confluence Server [1]. CVE-2023-22527 is an OGNL injection vulnerability with a CVSS score of 10 (Critical). Although the vulnerability is fixed with patches, the number of outdated and publicly exposed Atlassian Confluence instances is in the thousands, posing significant risks to organizations.…
On December 1, 2022, CISA and FBI released a joint Cybersecurity Advisory (CSA) on Cuba ransomware [1]. Security researchers have track downed a new variant of the Cuba ransomware as Tropical Scorpius. This Cuba ransomware group mainly targets manufacturing, professional and legal services, financial services, construction, high technology, and healthcare sectors [2].…
On February 4th, 2022, the FBI issued a flash report on LockBit 2.0 ransomware and its indicators of compromise (IOCs). Although Picus Labs updated the Picus Threat Library with attack simulations for LockBit 2.0 back in August 2021, the increasing number of attacks led us to write this blog post.…