Water Sigbin (aka the 8220 Gang) exploited Oracle WebLogic vulnerabilities to deploy a cryptocurrency miner using a PowerShell script. The threat actor also adopted new techniques to conceal its activities, making attacks harder to defend against.

Summary Water Sigbin exploited the vulnerabilities CVE-2017-3506 and CVE-2023-21839 to deploy a cryptocurrency miner via a PowerShell script.…
Read More

CryptoChameleon is a phishing kit first discovered in February 2024. As of publication, the identity of CryptoChameleon’s creator remains elusive.

The kit is used by unknown threat actors to harvest usernames, passwords, password reset URLs, and photo IDs from employees and customers’ mobile devices.

Silent Push Threat Analysts have conducted a wide-ranging research campaign that has revealed a large amount of CryptoChameleon fast flux Indicators of Future Attack (IOFAs) targeting Binance, Coinbase and FCC users, and a host of other platforms, including:

Apple iCloud Google Gemini Kraken Gamdom Ledger Swan Bitcoin Trezor Hardware Wallet Uphold Nexo Crypto Shake Pay Crypto Background

On 6th February 2024, Silent Push analysts noticed malicious activity targeting the FCC, and reported it confidentially to CISA.…

Read More

Summary: Check Point Software Technologies warns customers of malicious actors attempting to hack old VPN local accounts with password-only authentication methods.

Threat Actor: Malicious actors | malicious actors Victim: Check Point Software Technologies customers | Check Point Software Technologies

Key Point :

Malicious actors are targeting old VPN local accounts with password-only authentication methods.…
Read More

Published On : 2024-05-29

EXECUTIVE SUMMARY

A critical vulnerability, identified as CVE-2024-3273, has been discovered in certain end-of-life (EOL) D-Link NAS devices, presenting a severe threat due to the lack of ongoing support and their high susceptibility to attacks. With a CVSS base score of 9.8, this vulnerability is extremely serious, potentially allowing unauthorized access, data theft, system modifications, or denial of service attacks.…

Read More

Summary: Over 50% of IP addresses owned by federal agencies will have enhanced data routing security measures in place by the end of the year to prevent hackers from hijacking digital pathways into government networks.

Threat Actor: Hackers | hackers Victim: Federal agencies | federal agencies

Key Point :

Over 50% of IP addresses owned by federal agencies will have enhanced data routing security measures in place by the end of the year.…
Read More

Summary: The MITRE Corporation provides an update on the December 2023 attack, revealing that a China-linked nation-state actor breached their systems using zero-day vulnerabilities and an investigation is ongoing.

Threat Actor: China-linked nation-state actor UNC5221 | UNC5221 Victim: The MITRE Corporation | MITRE Corporation

Key Point :

The MITRE Corporation experienced a security breach in January 2024 by a China-linked nation-state actor known as UNC5221.…
Read More
Background

Cloud cryptomining has become an emerging trend in recent years, powered by the scalability and flexibility of cloud platforms. Unlike traditional on-premises infrastructure, cloud infrastructure allows attackers to quickly deploy resources for cryptomining, making it easier to exploit. One of the most common cryptomining threats for cloud environments is the Kinsing malware.…

Read More
Hacked! zljzx.gov.cn

Notified by: https://zljzx.gov.cn notified by ./KeyzNet Date: Mon, 27 May 2024 22:05:30 +0000 URL: https://zljzx.gov.cn Country: China Sector: Government – This website belongs to the government sector and provides information and services related to the local administration.

Check It ! | source:zone-h

Web Defacement?

“There will be a delay in taking screenshots, there is a possibility that the defacement page has been removed.”…

Read More

Summary: The content discusses the need for European research universities to collaborate with intelligence agencies to protect their research from being stolen by hostile states, particularly in sensitive technology areas.

Threat Actor: Chinese state | Chinese state Victim: European research universities | European research universities

Key Point:

EU member states recommend closer collaboration between research universities and intelligence agencies to safeguard research from theft by hostile states.…
Read More

A decade-old advanced persistent threat (APT) group called “Stately Taurus,” also known as “Mustang Panda” and “Earth Preta,” was recently observed targeting Association of Southeast Asian Nations (ASEAN) countries in cyberespionage activities. Specifically, Palo Alto Networks observed two malware packages that may have been used to target Japan, Myanmar, the Philippines, and Singapore.…

Read More

Summary: The content discusses the discovery of a backdoor known as KeyPlug, which has been targeting various industries in Italy. The backdoor is attributed to the APT41 threat actor group, believed to have ties to China.

Threat Actor: APT41 | APT41 Victim: Italian industries | Italian industries

Key Point :

The backdoor known as KeyPlug has been targeting Italian industries for several months.…
Read More

Summary: This content discusses the increasing use of operational relay box (ORB) networks by China-linked state-backed hackers for cyberespionage operations, posing challenges in detection and attribution.

Threat Actor: China-linked state-backed hackers | China-linked state-backed hackers Victim: Not specified

Key Point :

China-linked state-backed hackers are using operational relay box (ORB) networks, which are proxy server networks created from virtual private servers and compromised online devices, for cyberespionage operations.…
Read More

Summary: Microsoft’s president and vice chair, Brad Smith, will testify before the House Committee on Homeland Security to discuss recent cyberattacks and the company’s security strategy.

Threat Actor: N/A Victim: Microsoft | Microsoft

Key Point :

A top Microsoft executive, Brad Smith, will testify before the House Committee on Homeland Security on June 13 to address the company’s security shortcomings and plans to strengthen security measures.…
Read More

Summary: Hacktivist group Ikaruz Red Team is using leaked ransomware builders to target critical infrastructure in the Philippines, as part of a growing trend among politically motivated groups aiming to disrupt the country’s operations.

Threat Actor: Ikaruz Red Team | Ikaruz Red Team Victim: Philippines government targets | Philippines government

Key Point :

Hacktivist group Ikaruz Red Team is using leaked ransomware builders, such as LockBit, Vice Society, Clop, and AlphV, to conduct “small-scale” attacks on critical infrastructure in the Philippines.…
Read More

As organizations prepare for the challenges and opportunities of 2024, the critical importance of cybersecurity preparedness is increasingly apparent. In an era characterized by rapid digital transformation and continuous innovation, cyber threats are becoming more sophisticated and frequent, presenting substantial risks to businesses across all sectors.…

Read More

Summary

As part of our continuous hunting efforts across the Asia-Pacific region, BlackBerry discovered Pakistani-based advanced persistent threat group Transparent Tribe (APT36) targeting the government, defense and aerospace sectors of India. This cluster of activity spanned from late 2023 to April 2024 and is anticipated to persist.…

Read More