Summary: KnowBe4 revealed it was deceived into hiring a fake IT worker from North Korea, leading to attempted insider threat activities that were ultimately thwarted. The incident underscores the sophistication of North Korean cybercriminals and the need for improved vetting and security measures in hiring processes.…
Tag: CHINA
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
Published On : 2024-07-26
EXECUTIVE SUMMARYA recent update from CrowdStrike caused the Blue Screen of Death (BSOD) on many Windows computers globally, leading to widespread disruption. Cybercriminals quickly exploited the chaos, using phishing campaigns and malicious domains to deceive users.
The CYFIRMA Research team is continuously monitoring the ongoing situation and has carried out an analysis of the tactics, techniques & procedures (TTPs) on deployed malware and malicious campaigns of the threat actors.…
Impacted Users: iPhone users in IndiaImpact: Possible financial loss; stolen information can be used for future attacksSeverity Level: Medium
The FortiGuard Labs Threat Research team recently observed a number of social media posts commenting on a fraud campaign targeting India Post users. India Post is India’s government-operated postal system.…
Summary: The European Union is facing a significant increase in brute-force cyberattacks on corporate and institutional networks, primarily attributed to Russian threat actors exploiting Microsoft infrastructure to evade detection. This ongoing campaign, which has been active since at least May 2024, targets high-value assets across major cities in Europe, underscoring the urgent need for enhanced cybersecurity measures.…
Summary: The Philippines is set to dismantle its Philippine Offshore Gaming Operators (POGOs) due to their involvement in illegal activities, including scams and human trafficking. President Ferdinand Marcos Jr. has instructed the gaming agency to cease operations by the end of the year, amidst growing political pressure and concerns from China.…
Summary: The Chinese espionage group Daggerfly has significantly enhanced its malware toolkit, allowing it to target major operating systems including Windows, Linux, macOS, and Android. Recent attacks have been noted against organizations in Taiwan and a US NGO based in China, showcasing the group’s adaptability and ongoing threat.…
[Cyware] Chinese ‘cybercrime syndicate’ behind gambling sites advertised at European sporting events
Summary: A report by Infoblox reveals a Chinese cybercrime syndicate named Vigorish Viper that supports an illegal global gambling economy worth approximately $1.7 trillion, linking it to human trafficking and cyber fraud. The syndicate, which provides technology for mobile betting applications, has connections to major European football clubs through sponsorship deals.…
Summary: China has dismissed allegations of the Volt Typhoon gang being a Beijing-backed threat actor, claiming instead that these accusations are part of a US disinformation campaign orchestrated by various intelligence agencies. A report from Chinese cybersecurity entities argues that the narrative surrounding Volt Typhoon is designed to justify the continuation of warrantless surveillance under Section 702, portraying the American public as the true victims of this alleged misinformation.…
Published On : 2024-07-21
EXECUTIVE SUMMARYA recent update from cybersecurity firm CrowdStrike caused the Blue Screen of Death (BSOD) on many Windows computers due to a faulty update to the Falcon Sensor agent. Millions of Windows-based systems across the globe experienced the dreaded Blue Screen of Death (BSOD), causing total system crashes.…
The blog post “Linux Defense Evasion Techniques Detected by AhnLab EDR (1)” [1] covered methods where the threat actors and malware strains attacked Linux servers before incapacitating security services such as firewalls and security modules and then concealing the installed malware.
This post will cover additional defense evasion techniques against Linux systems not covered in the past post.…
Summary:
Insikt Group's recent analysis reveals that North Koreans continue to use foreign technology to access the internet despite heavy sanctions. This includes Apple, Samsung, and Huawei devices, as well as various social media platforms. A notable finding is the increased use of obfuscation services like VPNs and proxies to circumvent censorship and surveillance.…
Published On : 2024-07-19
EXECUTIVE SUMMARYIn the second quarter of 2024, Advanced Persistent Threat (APT) groups from China, North Korea, Iran, and Russia demonstrated a surge in dynamic and innovative cyber activities, significantly challenging the global cybersecurity landscape.
Starting with Iran, state-sponsored threat actors exhibited advanced capabilities across various regions and sectors.…
Executive SummaryIn late 2023, Sygnia’s Incident Response team was engaged by a client whose network was compromised and was leveraged to penetrate one of its business partner’s network.
During the investigation, several servers, workstations, and users were found to be compromised by a threat actor who deployed various tools to communicate with a set of C2 servers.…
Read More
Introduction
Read More This is Part 1 of our two-part technical deep dive into APT41’s new tooling, which includes DodgeBox and MoonWalk. For details about MoonWalk, go to Part 2.
In April 2024, Zscaler ThreatLabz uncovered a previously unknown loader called DodgeBox. Upon further analysis, striking similarities were found between DodgeBox and variants of StealthVector, a tool associated with the China-based advanced persistent threat (APT) actor APT41 / Earth Baku.…
The Sysdig Threat Research Team (TRT) continued observation of the SSH-Snake threat actor we first identified in February 2024. New discoveries showed that the threat actor behind the initial attack expanded its operations greatly, justifying an identifier to further track and report on the actor and campaigns: CRYSTALRAY.…
Introduction
Read More This is Part 2 of our two-part technical deep dive into APT41’s new tooling, DodgeBox and MoonWalk. For details of DodgeBox, go to Part 1.
In Part 2 of this blog series, we examine the MoonWalk backdoor, a new addition to APT41’s toolkit. Continuing from our previous analysis of the DodgeBox loader in Part 1, we have discovered that MoonWalk shares several evasion techniques.…
Summary: NATO has announced plans to establish a new cyber-defense facility, the NATO Integrated Cyber Defence Centre (NICC), to enhance situational awareness and collective cyber-resilience among member states.
Threat Actor: N/A Victim: N/A
Key Point :
The NICC will be based at the Supreme Headquarters Allied Powers Europe (SHAPE) in Belgium and will consist of civilian and military experts from member states.…Summary: The White House is implementing increased cybersecurity protocols for research and development (R&D) institutions, including those in higher education.
Threat Actor: N/A Victim: R&D institutions, including those in higher education
Key Point :
The Office of Science and Technology Policy has mandated that federal research agencies certify proper security requirements for covered institutions, including those in higher education.…This advisory, authored by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the United States Cybersecurity and Infrastructure Security Agency (CISA), the United States National Security Agency (NSA), the United States Federal Bureau of Investigation (FBI), the United Kingdom National Cyber Security Centre (NCSC-UK), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ), the German Federal Intelligence Service (BND) and Federal Office for the Protection of the Constitution (BfV), the Republic of Korea’s National Intelligence Service (NIS) and NIS’ National Cyber Security Center, and Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) and National Police Agency (NPA)—hereafter referred to as the “authoring agencies”—outlines a People’s Republic of China (PRC) state-sponsored cyber group and their current threat to Australian networks.…