Summary: The QiAnXin Threat Intelligence Center has revealed details of “Operation DevilTiger,” a sophisticated cyber espionage campaign by the APT-Q-12 group, also known as “Pseudo Hunter,” targeting East Asian entities. This advanced persistent threat utilizes zero-day vulnerabilities and covert tactics to infiltrate high-value systems, with a focus on geopolitical intelligence related to semiconductor competition.…

Read More

Short Summary:

The WhoisXML API research team has identified thousands of election-related cybersquatting domains that could be exploited for profit or malicious purposes. Their study revealed over 3,300 domains linked to presidential candidates, with many being unattributable and potentially harmful. The investigation highlights the need for vigilance in the face of election-related cyber threats.…

Read More

Victim: huntongroup.com Country : CN Actor: lockbit3 Source: http://lbb6ud2vyf23z4hw6fzskr5gru7eftbjfbd6yzra3hzuqqvjy63blqqd.onion//post/gpcQsRx2ftSVONKh66d09970c1079 Discovered: 2024-08-30 07:52:15.912679 Published: 2024-08-29 15:53:00.000000 Description : Hunton Group is a synergistic group of Companies focused on innovative systems, comprehensive solutions, and Trane’s high-quality products.

Ransomware Victims – ALL Other Victims by lockbit3

Victim: Huntongroup.com, part of a synergistic group of companies, specializes in innovative systems and comprehensive solutions, particularly in HVAC and energy management.…
Read More

Short Summary:

The Securonix Threat Research team has identified a covert campaign named SLOW#TEMPEST, targeting Chinese-speaking users with Cobalt Strike payloads delivered via phishing emails. The attackers successfully moved laterally, established persistence, and remained undetected for over two weeks, leveraging sophisticated techniques such as DLL hijacking and credential harvesting.…

Read More

Short Summary:

ESET researchers identified a code execution vulnerability (CVE-2024-7262) in WPS Office for Windows, exploited by the APT-C-60 group to target East Asian countries. A subsequent analysis revealed another vulnerability (CVE-2024-7263). Both vulnerabilities have been patched, and this blog post discusses the technical details of the findings.…

Read More

Summary: The Volt Typhoon group from China has been exploiting a zero-day vulnerability in Versa Networks’ Director Servers to harvest credentials for future attacks, affecting all versions prior to 22.1.4. The vulnerability, tracked as CVE-2024-39717, allows attackers to gain privileged access through exposed management ports.

Threat Actor: Volt Typhoon | Volt Typhoon Victim: Various organizations | Versa Networks

Key Point :

The vulnerability allows attackers to escalate privileges and gain administrator credentials.…
Read More
Short Summary: In June 2024, a macOS variant of the HZ Rat backdoor was discovered, targeting DingTalk and WeChat users. This version closely mirrors its Windows counterpart, utilizing shell scripts for payload delivery and exhibiting behavior indicative of lateral movement within networks. The malware collects sensitive user data and communicates with command and control (C2) servers, primarily located in China.…
Read More

Summary: India’s critical infrastructure sectors are increasingly vulnerable to cyberattacks, with significant incidents reported across finance, government, and healthcare. The Reserve Bank of India has highlighted the risks associated with rapid digitization, indicating a dramatic rise in cyber incidents, particularly targeting financial institutions.

Threat Actor: Hackers | hackers Victim: Boat | Boat

Key Point :

Cyber incidents in India’s financial sector surged to 16 million in 2023, compared to 53,000 in 2017.…
Read More

Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added several vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, highlighting risks associated with Dahua cameras and Microsoft Exchange Server. These vulnerabilities could allow remote attackers to exploit systems if not addressed promptly.

Threat Actor: China-linked threat actors | China-linked threat actors Victim: Dahua camera users and Microsoft Exchange Server users | Dahua camera users, Microsoft Exchange Server users

Key Point :

Two authentication bypass vulnerabilities in Dahua cameras (CVE-2021-33044 and CVE-2021-33045) can be exploited by attackers to gain unauthorized access.…
Read More

Summary: Researchers at Sygnia have reported that the China-linked APT group Velvet Ant exploited the zero-day vulnerability CVE-2024-20399 in Cisco switches to deploy custom malware and gain control over the devices. This vulnerability allows attackers with administrative credentials to execute arbitrary commands on the underlying operating system, leading to significant security risks.…

Read More

Summary: The Log4j vulnerability, known as Log4Shell, continues to be exploited by various threat actors for malicious activities such as crypto-mining and system compromise, despite being discovered over two years ago. Recent campaigns utilize obfuscated LDAP requests to execute scripts that establish persistence, conduct reconnaissance, and exfiltrate data from compromised systems.…

Read More
Short Summary: The Monthly Intelligence Insights report from Securonix Threat Labs highlights significant cyber threats observed in June, including identity-based attacks on Snowflake customers, exploitation of a PHP vulnerability, cyber espionage efforts targeting the Indian government, and ongoing Chinese cyber espionage campaigns. The report emphasizes the importance of security measures and monitoring to mitigate these threats.…
Read More

Summary: OpenAI has banned ChatGPT accounts linked to an Iranian group, Storm-2035, that was suspected of spreading disinformation about the upcoming US presidential election. Despite their efforts to create fake news articles and social media comments, the operation failed to gain significant audience engagement.

Threat Actor: Storm-2035 | Storm-2035 Victim: US Presidential Election | US Presidential Election

Key Point :

OpenAI identified 12 accounts on X and one on Instagram involved in the influence operation.…
Read More

Summary: Two US House Representatives have urged the Department of Commerce to investigate Chinese-made TP-Link Wi-Fi routers due to concerns over hacking and espionage risks. They highlighted vulnerabilities linked to the routers and the potential for state-sponsored infiltration by Chinese intelligence.

Threat Actor: Camaro Dragon, Volt Typhoon | Camaro Dragon, Volt Typhoon Victim: United States | United States

Key Point :

Congress members express concerns over the security of TP-Link routers manufactured in China.…
Read More