Short Summary:

The ValleyRAT campaign targets Chinese-speaking Windows users, utilizing multi-stage malware to monitor and control victims. It employs various techniques, including shellcode execution and sandbox evasion, to maintain a low profile and evade detection. The malware is capable of delivering additional payloads and plugins, posing a significant threat to the targeted systems.…

Read More

Summary: The FBI is investigating a cyber breach involving former President Donald Trump’s campaign, which the campaign attributes to Iranian hackers. This incident has raised alarms about potential foreign interference in the upcoming election, with similar investigations also targeting the Biden-Harris campaign.

Threat Actor: Iranian hackers | Iranian hackers Victim: Trump Campaign | Trump Campaign

Key Point :

The FBI confirmed it is investigating the alleged hack of Trump’s campaign.…
Read More

Summary: The FBI has dismantled the Radar/Dispossessor ransomware operation, which targeted small to mid-sized businesses globally, and is believed to be linked to former LockBit affiliates. The operation resulted in the takedown of numerous servers and domains across the U.S., U.K., and Germany, with the group reportedly attacking 43 companies in various sectors.…

Read More
Short Summary

The UTG-Q-010 group, a financially motivated APT actor from East Asia, has been identified in a sophisticated campaign targeting cryptocurrency enthusiasts and HR departments. Utilizing spear phishing tactics with malicious LNK files, the group exploits vulnerabilities through social engineering and advanced malware delivery methods, including the use of the Pupy RAT.…

Read More
Short Summary

This report investigates the Doppelgänger information operations by Russian actors, particularly during the June 2024 snap election in France. It highlights their tactics of impersonating news websites to spread disinformation through social networks, primarily X/Twitter. The report outlines the operational infrastructure, the nature of the disinformation campaigns, and the political implications of these activities, emphasizing the ongoing threat to democratic processes in Europe and the United States.…

Read More

Summary: The rise of SaaS applications has transformed the cyber kill chain, allowing attackers to bypass several traditional steps in executing successful attacks. Organizations must adapt their security strategies to address the new vulnerabilities introduced by these applications, focusing on initial access and credential management.

Threat Actor: Unknown | unknown Victim: Organizations using SaaS applications | Organizations using SaaS applications

Key Point :

The SaaS-enabled kill chain allows attackers to bypass many traditional steps, focusing primarily on initial access and credential access.…
Read More

Victim: Ronglian Group [Source code of RONGLIAN GROUP company developments] Country : CN Actor: ransomhouse Source: http://zohlm7ahjwegcedoz7lrdrti7bvpofymcayotp744qhx6gjmxbuo2yid.onion/r/e86f5395fb94c30e26dad9f03c64f4ebd405fdc5 Discovered: 2024-08-12 09:02:17.049146 Published: 2024-06-29 00:00:00.000000 Description : One of the leaders of China digital revolution, helping customers for digital business transformation. Providing global and local expertise on technology and industry to the world wide nterprise customers.…

Read More

Summary: Researchers from the CISPA Helmholtz Center have discovered critical vulnerabilities in Alibaba’s T-Head Semiconductor RISC-V processors, particularly the C910 CPU cores, which could allow attackers to execute arbitrary code and take control of devices. The most severe vulnerability, dubbed GhostWrite, enables unprivileged users to bypass memory protection mechanisms, posing significant security risks.…

Read More

Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Microsoft COM for Windows, tracked as CVE-2018-0824, to its Known Exploited Vulnerabilities catalog. This vulnerability allows remote code execution through deserialization of untrusted data, posing significant risks to affected systems.

Threat Actor: APT41 | APT41 Victim: Taiwanese government-affiliated research institute | Taiwanese government-affiliated research institute

Key Point :

CVE-2018-0824 is a deserialization vulnerability in Microsoft COM for Windows with a CVSS score of 7.5.…
Read More

“`htmlShort Summary:

The article discusses the increasing trend of threat actors utilizing legitimate cloud services for their attacks, highlighting various espionage operations and malware tools that exploit these services. Notable tools mentioned include GoGra, Grager, and MoonTag, which leverage Microsoft Graph API for command-and-control operations. The article emphasizes the need for organizations to monitor and protect against these evolving threats.…

Read More

Summary: Evasive Panda, a cyber espionage group, compromised an Internet Service Provider (ISP) in mid-2023 to deliver malicious software updates, showcasing an escalation in their tactics. Known for using various backdoors and malware strains, the group has targeted sensitive entities, particularly in the context of supply chain attacks and DNS poisoning.…

Read More

Summary: The aviation industry faces increasing cybersecurity threats, particularly in its supply chain, necessitating enhanced risk measurement and mitigation strategies. Recent reports highlight significant vulnerabilities, especially among aviation-specific software vendors, and emphasize the urgent need for improved security practices as regulatory requirements tighten globally.

Threat Actor: Ransomware Operators | ransomware operators Victim: Aviation Industry | aviation industry

Key Point :

The aviation industry scores a “B” on cybersecurity, with significant disparities in risk exposure among organizations.…
Read More

Summary: German authorities have identified a Beijing-backed threat actor as responsible for a cyberattack on the country’s Federal Agency for Cartography and Geodesy in 2021, marking a significant diplomatic response from Germany. This incident highlights ongoing concerns regarding Chinese cyber espionage targeting critical infrastructure and government processes in Germany and Europe.…

Read More

Victim: Jangho Group Country : CN Actor: hunters Source: https://hunters55rdxciehoqzwv7vgyv6nt37tbwax2reroyzxhou7my5ejyid.onion/companies/2708805266 Discovered: 2024-08-02 20:40:28.873188 Published: 2024-08-02 20:07:37.000000 Description : Country : China – Exfiltraded data : yes – Encrypted data : yes

Ransomware Victims – ALL Other Victims by hunters…

Read More

Summary: The Senate Armed Services Committee has advanced Michael Sulmeyer’s nomination as the Pentagon’s first assistant secretary of defense for cyber policy, aiming to enhance the Defense Department’s focus on cybersecurity. Sulmeyer emphasized the importance of building combat power and retention within U.S. Cyber Command amid rising cyber threats from adversaries like China and Russia.…

Read More