SentinelOne – Cyber Security News Aggregator

AcidPour | New Embedded Wiper Variant of AcidRain Appears in Ukraine

March 21, 2024 SentinelOne

Executive Summary SentinelLabs has discovered a novel malware variant of AcidRain, a wiper that rendered Eutelsat KA-SAT modems inoperative in Ukraine and caused additional disruptions throughout Europe at the onset…

Threat Research

Doppelgänger | Russia-Aligned Influence Operation Targets Germany

February 22, 2024May 16, 2024 SentinelOne

Executive Summary SentinelLabs and ClearSky Cyber Security have been tracking the activities of a suspected Russia-aligned influence operation network named Doppelgänger. We observed Doppelgänger intensively targeting German audiences, coinciding with…

Threat Research

Gaza Cybergang | Unified Front Targeting Hamas Opposition

December 14, 2023May 24, 2024 SentinelOne

Executive Summary Overlaps in targeting, malware characteristics, and long-term malware evolutions post 2018 suggest that the Gaza Cybergang sub-groups have likely been consolidating, possibly involving the establishment of internal and/or…

Threat Research

Cyber Soft Power | China’s Continental Takeover

September 22, 2023May 24, 2024 SentinelOne

Executive Summary SentinelLabs observes sustained tasking towards strategic intrusions by Chinese threat actors in Africa, designed to extend influence throughout the continent. New attacks include those against telecommunication, finance and…

Threat Research

Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector

August 17, 2023May 24, 2024 SentinelOne

By Aleksandar Milenkoski and Tom Hegel

Executive Summary SentinelLabs has identified suspected-Chinese malware and infrastructure potentially involved in China-associated operations directed at the gambling sector within Southeast Asia. The threat…

Threat Research

Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company

August 7, 2023May 24, 2024 SentinelOne

By Tom Hegel and Aleksandar Milenkoski

Executive Summary SentinelLabs identified an intrusion into the Russian defense industrial base, specifically a missile engineering organization NPO Mashinostroyeniya. Our findings identify two instances…

Threat Research

Operation Magalenha | Long-Running Campaign Pursues Portuguese Credentials and PII

May 25, 2023May 24, 2024 SentinelOne

By Aleksandar Milenkoski and Tom Hegel

Executive Summary Over the first quarter of 2023, SentinelLabs observed a campaign targeting users of Portuguese financial institutions conducted by a Brazilian threat group.…

Threat Research

Kimsuky | Ongoing Campaign Using Tailored Reconnaissance Toolkit

May 23, 2023May 24, 2024 SentinelOne

By Aleksandar Milenkoski and Tom Hegel

Executive Summary SentinelLabs has observed an ongoing campaign by Kimsuky, a North Korean APT group, targeting North Korea-focused information services, human rights activists, and…

Threat Research

Dissecting AlienFox | The Cloud Spammer’s Swiss Army Knife

March 30, 2023May 24, 2024 SentinelOne

Executive Summary SentinelLabs analyzed several iterations of “AlienFox,” a comprehensive toolset for harvesting credentials for multiple cloud service providers. Attackers use AlienFox to harvest API keys & secrets from popular…

Threat Research

WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks

February 16, 2023May 24, 2024 SentinelOne

By Aleksandar Milenkoski, Collin Farr, and Joey Chen, in collaboration with QGroup

Executive Summary A new threat cluster we track as WIP26 has been targeting telecommunication providers in the Middle…

Author: SentinelOne