____________________ Summary: Google’s latest research shows a significant increase in zero-day vulnerabilities exploited by attackers in enterprise-specific software and appliances compared to previous years.
Key Point 🛡️: – The number of found and exploited enterprise-specific technology zero-day vulnerabilities increased by 64% in 2023. – End-user platforms like Windows, Safari, iOS, and Android were also targeted, with notable investments from vendors like Apple, Google, and Microsoft.…
JPCERT/CC held JSAC2024 on January 25 and 26, 2024. The purpose of this conference is to raise the knowledge and technical level of security analysts, and we aimed to bring them together in one place where they can share technical knowledge related to incident analysis and response.…
DinodasRAT, also known as XDealer, is a multi-platform backdoor written in C++ that offers a range of capabilities. This RAT allows the malicious actor to surveil and harvest sensitive data from a target’s computer. A Windows version of this RAT was used in attacks against government entities in Guyana, and documented by ESET researchers as Operation Jacana.…
Summary : The article discusses how hackers are targeting high-risk individuals’ personal accounts as corporate accounts become more secure. It provides recommendations from cybersecurity experts to counter such attacks.
Key Point : 🔒 Activate two-step verification: Use multifactor authentication to enhance security for email, social media, and financial accounts.…
____________________ Summary: The Finnish police have linked APT31 to the 2021 parliament attack, confirming their suspicions and identifying a suspect.
Key Point 🕵️♂️: – The attack on the parliament was attributed to the China-linked group APT31. – The investigation revealed a complex criminal infrastructure used by nation-state actors.…
Summary: Leaked documents reveal Australia was targeted by Chinese hackers, indicating a sophisticated international hacking operation with ties to the Chinese government.
Key Point: 🔒 Australia was on the targeted list, but specific targets were not mentioned. 🔒 i-Soon often pitched to Chinese government agencies and compromised data was offered for sale.…
Summary : The leaked data trove belonging to the Chinese hacking contractor iSoon reveals its links to Chinese APT groups, showcasing its involvement in cyberespionage operations on behalf of Beijing.
Key Point : 🔍 The leaked data trove belonging to iSoon reveals its links to Chinese state hacking groups RedHotel, RedAlpha, and Poison Carp.…
This post is also available in:日本語 (Japanese)
Executive SummaryOver the past 90 days, Unit 42 researchers have identified two Chinese advanced persistent threat (APT) groups conducting cyberespionage activities against entities and member countries affiliated with the Association of Southeast Asian Nations (ASEAN):
The first APT group, Stately Taurus, created two malware packages we believe targeted entities in Myanmar, the Philippines, Japan and Singapore.…Article Summary: 🔒 New Zealand government reveals it has been attacked by China. 🔍 Government agencies were compromised by a PRC state-sponsored group known as APT40. 🔐 Networks containing important government information were breached. 🛡️ National Cyber Security Center worked to contain the activity and improve defenses.…
Article Summary:
🔹 U.S. federal prosecutors indicted seven Chinese nationals for hacking activities linked to Beijing economic and intelligence espionage group. 🔹 The indicted suspects were contractors for a front company set up by a provincial government arm of China’s Ministry of State Security. 🔹 The United States has been indicting Chinese hackers since 2014, despite little impact on China’s cyber activities.…
Article Summary:
🔹 The U.S. military needs a cyber branch to address growing threats in cyberspace. 🔹 A report by the Foundation for Defense of Democracies calls for the establishment of a Cyber Force branch with 10,000 personnel and a $16.5 billion budget. 🔹 The report highlights inefficiencies in the current division of labor between the Army, Navy, Air Force, and Marine Corps in cyber operations.…
AhnLab SEcurity intelligence Center (ASEC) recently discovered the Kimsuky group distributing malware disguised as an installer from a Korean public institution. The malware in question is a dropper that creates the Endoor backdoor, which was also used in the attack covered in the previous post, “TrollAgent That Infects Systems Upon Security Program Installation Process (Kimsuky Group)”.…
In this blog, we present a proof of value study demonstrating the value of detecting attempted DNS exfiltration and Command and Control (C2) communications. Our focus is on two anonymized customers: a large e-commerce/retail company (Customer #1) and an educational institution (Customer #2).…
The South China Athletic Association (SCAA) was rocked by a cyberattack as unauthorized third parties breached the organization’s computer servers, sparking concerns over the security of member data. In response to the SCAA cyberattack, the Association swiftly implemented measures to address the breach and protect its members.…
A hacker allegedly connected to the People’s Republic of China has been exploiting two popular vulnerabilities to attack U.S. defense contractors, U.K. government entities and institutions in Asia.
A new report from Google-owned security firm Mandiant spotlighted the work of a threat actor they call UNC5174.…
New Insikt research examines 2023, a year of unexpected outcomes and escalating cybersecurity threats. Throughout the year, cyber threat actors exploited the prevailing chaos to steal data, conduct espionage, and disrupt geopolitics, an example being nation-states like China targeting Taiwanese semiconductor firms. Additionally, the text highlights the rise in exploitation of "as-a-service" enterprise software and shared cloud infrastructure, which led to an increase in weaponized vulnerabilities and high-profile cyberattacks, such as the MOVEit exploit by the ransomware gang CL0P.…
Key Points
This report examines the threat posed by Chinese advanced persistent threat (APT) groups on operational technology (OT) by analyzing four key cyber attacks from the past 12 months conducted by threat actors with a China nexus (“APT27,” “APT31,” “BlackTech,” and “Volt Typhoon”). Network defenders may find the detection rules and key recommendations detailed throughout this report useful.…Malware for mobile devices is something we come across very often. In 2023, our technologies blocked 33.8 million malware, adware, and riskware attacks on mobile devices. One of 2023’s most resonant attacks was Operation Triangulation, targeting iOS, but that was rather a unique case. Among the mobile platforms, Android remains the most popular target operating system for cybercriminals.…
Whether you want to call them “catfishing,” “pig butchering” or just good ‘old-fashioned “social engineering,” romance scams have been around forever.
I was first introduced to them through the MTV show “Catfish,” but recently they seem to be making headlines as the term “pig butchering” enters the public lexicon.…
[Update] April 8, 2024: “From ALPHV to RansomHub: Change Healthcare”
A new threat actor has emerged in the ransomware landscape, distinguishing themselves by making claims and backing them up with data leaks. In February 2024, RansomHub posted its first victim, the Brazilian company YKP. Since then, they have made 17 additional claims, although their leak site currently lists only 14 victims.…