Tag: COLLECTION

Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine | Microsoft Security Blog
Microsoft Threat Intelligence has reported on the Russian nation-state actor Secret Blizzard, which has been using co-opted tools and infrastructure from other threat actors to conduct espionage activities against targets in Ukraine. The campaigns have involved the deployment of custom malware, including the Tavdig and KazuarV2 backdoors, often facilitated through cybercriminal tools like Amadey bot malware.…
Read More
Dark Web Profile: OilRig (APT34)
OilRig, also known as APT34, is a state-sponsored APT group linked to Iranian intelligence, primarily targeting sectors like government, energy, finance, and telecommunications. Their sophisticated cyber-espionage tactics include spear-phishing and custom malware, making them a persistent threat across the Middle East and beyond. Affected: government, energy, financial, telecommunications sectors

Keypoints :

OilRig is a state-sponsored APT group associated with Iranian intelligence.…
Read More
PlushDaemon compromises supply chain of Korean VPN service
ESET researchers have uncovered a previously undisclosed APT group, PlushDaemon, linked to China, which executed a supply-chain attack on a South Korean VPN developer in 2023. The attackers replaced the legitimate VPN installer with a malicious version that deployed a sophisticated backdoor known as SlowStepper. This backdoor features a comprehensive toolkit with over 30 components, allowing extensive cyber espionage capabilities.…
Read More

Victim: Omni Fiber LLC Country : US Actor: monti Source: http://mblogci3rudehaagbryjznltdp33ojwzkq6hn2pckvjq33rycmzczpid.onion/blog/8a0bdf901623710a4eef9699878ae33d2fc778edb5e3b5f6302f955744120676/ Discovered: 2025-01-22 22:39:07.438128 Published: 2025-01-22 22:37:55.379960 Description : Sure! Here’s a list of keypoints about a full database, formatted with HTML tags: Definition: A full database is a complete collection of related data that is stored in a structured format.…
Read More
Chinese Cyberspies Target South Korean VPN in Supply Chain Attack
Summary: A newly identified Chinese threat group, PlushDaemon, has executed a supply chain attack against South Korean VPN developer IPany, deploying a custom backdoor for cyber-espionage. This attack marks a shift in the group’s tactics, which typically involve hijacking legitimate updates of applications. The group has been active since at least 2019, targeting various regions including South Korea and the US.…
Read More
China-linked hacker group targets victims in East Asia with malicious VPN installers
Summary: A new Chinese state-sponsored hacker group, PlushDaemon, has been targeting users in East Asia through an espionage campaign involving a compromised VPN installer from South Korean firm IPany. The attackers deployed custom malware capable of extensive data collection and spying on victims. Although discovered recently, PlushDaemon has been active since at least 2019, focusing on espionage against various entities across multiple countries.…
Read More

Summary: The video discusses the increasing importance of Identity and Access Management (IAM) in preventing data breaches, particularly through compromised credentials. It highlights the necessity of integrating prevention, detection, and response strategies within IAM systems to enhance security. The speaker introduces the concept of an Identity Threat Detection and Response (ITDR) system, detailing its three core phases: collect, detect, and respond.…
Read More
PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack
Summary: A newly identified China-aligned advanced persistent threat (APT) group named PlushDaemon has been linked to a supply chain attack on a South Korean VPN provider, utilizing a sophisticated backdoor known as SlowStepper. This backdoor features a comprehensive toolkit designed for espionage and data collection, indicating the group’s significant operational capabilities since at least 2019.…
Read More
Supercharge Your CTI: AI-Powered IOC Collection with ChatGPT, Inoreader and Google Drive
This article outlines a proof-of-concept for automating the collection and processing of Indicators of Compromise (IOCs) using Inoreader, Google Drive, and OpenAI’s GPT-4. The workflow aims to enhance the efficiency of Cyber Threat Intelligence (CTI), Incident Response (IR), and Security Operations Center (SOC) teams by transforming raw data into actionable insights.…
Read More
TA505 is a financially motivated cybercriminal group known for large-scale malware distribution and sophisticated phishing campaigns. Active since 2015, they utilize advanced social engineering tactics and target various sectors, including finance and healthcare. The article discusses threat hunting techniques in Azure/XDR to detect TA505 activities. Affected: finance, retail, healthcare, critical infrastructure

Keypoints :

TA505 is also known as GOLD TAHOE or FIN11.…
Read More
DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection
Summary: The DoNot Team has developed a new Android malware named Tanzeem, designed for targeted cyber attacks against specific individuals or groups. The malware masquerades as a chat application but fails to function, instead facilitating intelligence gathering through various malicious activities. This development highlights the group’s evolving tactics, including the abuse of push notifications to deploy additional malware.…
Read More
Ransom! compass-underwriting-ltd

Victim: compass-underwriting-ltd Country : GB Actor: sarcoma Source: Discovered: 2025-01-20 13:59:55.549064 Published: 2025-01-20 13:59:55.549064 Description : Key Points about Compass Underwriting Ltd

History – Established in 1986 as a Lloyd’s syndicate. – Evolved into a leading Accident & Health underwriting agency in the UK. – Acquired by the Elseco Group in April 2022.…

Read More
Tracking Adversaries: Ghostwriter APT Infrastructure
Infrastructure pivoting is a crucial technique for cyber threat intelligence analysts, enabling them to uncover additional targets and tools used by adversaries. This skill enhances incident response efforts and can lead to the attribution of intrusions to known threat actors. The article discusses the Ghostwriter campaign targeting the Ukrainian military and highlights the importance of analyzing threat data from various cybersecurity organizations.…
Read More
A series of critical vulnerabilities have been reported across various platforms, including Aviatrix Controller and Microsoft 365 applications, leading to significant security risks such as unauthorized access and data breaches. Additionally, a new phishing tactic targeting Apple iMessage users and a malicious PyPi package aimed at Discord developers have emerged, highlighting the evolving threat landscape.…
Read More
FTC orders GM to stop collecting and selling driver’s data
Summary: The Federal Trade Commission (FTC) is taking action against General Motors (GM) and its subsidiary OnStar for unlawfully collecting and selling sensitive geolocation and driving behavior data from millions of vehicles. The proposed settlement includes a five-year ban on sharing such data and mandates improved transparency and consumer control over personal information.…
Read More