Victim: IntelBroker | IntelBroker
Price: Not disclosed
Data: Email addresses, IP addresses, operational tactics
Keypoints :
Cybercriminal Profile: IntelBroker is a prominent figure in the cybercrime landscape, known for high-profile data breaches and ransomware attacks.
Notable Breaches: His portfolio includes breaches of major entities like AMD, Europol, and Cisco.…
Read More
Tag: CRYPTO
Recent reports indicate unauthorized access in Japan, primarily using LinkedIn as an infection vector. The Lazarus attack group has been identified as responsible for these attacks, which have targeted organizations since 2019. Recommendations include restricting the use of social networking services on work devices. Affected: LinkedIn, Bitcoin.DMM.com…
Read More
QBot, a modular information stealer, has resurfaced following law enforcement actions aimed at its operators. Recent research indicates the use of DNS tunneling in conjunction with Zloader, revealing connections to new backConnect malware that may be utilized in ransomware attacks. Affected: QBot operators, financial institutions, cybersecurity sector
Read More
Keypoints :
QBot, also known as Qakbot or Pinkslipbot, has been active since 2007.…
This weekly threat intelligence report from RST Cloud summarizes 49 threat intelligence reports, highlighting various cyber threats and tactics used by different threat actors. Notable campaigns include “Sneaky 2FA,” which targets Microsoft 365 accounts, and “Contagious Interview,” a social engineering tactic by the Lazarus APT group.…
Read More
Summary: The Digital Operational Resilience Act (DORA) has come into effect in the European Union, mandating financial entities and their third-party suppliers to report significant IT incidents to national regulators. This legislation aims to enhance cybersecurity practices and accountability within the financial sector, imposing strict penalties for noncompliance, including potential criminal liability for board members.…
Read More
Summary: The US Department of the Treasury’s OFAC has imposed sanctions on individuals and entities linked to a scheme that generates illicit funds for North Korea through fake IT workers. North Korean operatives have been using stolen identities and AI to secure jobs in Western countries, allowing the regime to circumvent sanctions and fund its weapons programs.…
Read More
eSentire’s Threat Response Unit (TRU) has identified a campaign involving MintsLoader malware, which delivers payloads like Stealc through spam emails. This campaign primarily affects organizations in the Electricity, Oil & Gas, and Legal Services sectors in the US and Europe. The malware employs various evasion techniques and utilizes a Domain Generation Algorithm (DGA) to communicate with its command and control servers.…
Read More
Summary: US authorities have charged three individuals for their involvement in operating cryptocurrency mixers Blender.io and Sinbad.io, which were used for laundering money from criminal activities. Both mixers facilitated anonymous transactions, attracting users seeking to hide their illicit gains. The operations were linked to North Korean hacking groups and resulted in sanctions from the US Department of the Treasury.…
Read More
Summary: A significant security breach in the software supply chain was discovered when an attacker replaced the legitimate Kong Ingress Controller v.3.4.0 image with a malicious version on DockerHub. This compromised image contained cryptojacking code that directed systems to mine cryptocurrency. The Kong team responded promptly by removing the affected version and releasing a patched version, 3.4.1, to mitigate the issue.…
Read More
Summary: SecurityWeek’s Cyber Insights 2025 explores expert predictions regarding the evolving landscape of cybersecurity, particularly focusing on Open Source Software (OSS) and the Software Supply Chain. The report highlights the increasing risks associated with OSS, including supply chain attacks and the challenges of governance and visibility.…
Read More
Summary: In 2024, North Korean hackers stole approximately $660 million in cryptocurrency, with the funds allegedly supporting Pyongyang’s weapons programs. The US, Japan, and South Korea issued a joint statement warning the blockchain industry about the persistent threat posed by these cybercriminals.
Read More
Threat Actor: North Korean hackers | North Korean hackers Victim: Cryptocurrency exchanges and users | cryptocurrency exchanges
Key Point :
North Korean hackers conducted at least five major cryptocurrency heists in 2024.…
Summary: The United States, Japan, and the Republic of Korea have issued a warning regarding North Korea’s cyber actors targeting the global blockchain technology industry, emphasizing the threat of cryptocurrency theft. This joint statement highlights the sophisticated tactics employed by these actors and the need for enhanced collaboration to mitigate the risks.…
Read More
Summary: North Korean state-sponsored hacking groups have stolen over $659 million in cryptocurrency through various cyberattacks, with a significant increase in activity noted in 2024. The U.S., South Korea, and Japan have issued warnings about ongoing threats to the blockchain industry and the tactics employed by these groups.…
Read More
Summary: HuiOne Guarantee has emerged as the largest online illicit marketplace, surpassing Hydra with over $24 billion in cryptocurrency transactions. The platform is linked to various criminal activities, including money laundering and human trafficking, and has connections to organized crime groups globally.
Read More
Threat Actor: HuiOne Guarantee | HuiOne Guarantee Victim: Global online users | online users
Key Point :
HuiOne Guarantee has received at least $24 billion in cryptocurrency, significantly more than the defunct Hydra marketplace.…
In the latest cybersecurity incidents, various platforms faced significant breaches and hacks, including Litecoin and Foresight Ventures on Twitter, a vulnerability in Ivanti’s products, and a cyberattack on Russia’s oil sector by Ukraine. Additionally, Japan Airlines experienced flight disruptions due to a cyberattack, while the International Civil Aviation Organization revealed a massive data breach.…
Read More
Summary: Threat actors are exploiting a critical remote command execution vulnerability (CVE-2024-50603) in Aviatrix Controller instances to install backdoors and crypto miners. This vulnerability allows attackers to execute commands without authentication, posing significant risks to cloud environments.
Read More
Threat Actor: Unknown | unknown Victim: Aviatrix Controller users | Aviatrix Controller
Key Point :
The vulnerability is caused by inadequate input sanitization in API actions, allowing remote command execution.…
Summary: A newly disclosed vulnerability in IBM Robotic Process Automation (RPA), tracked as CVE-2024-51456, poses a risk of data breaches due to cryptographic weaknesses. IBM has released a security bulletin with remediation measures to mitigate the threat.
Read More
Threat Actor: Unknown | unknown Victim: IBM | IBM
Key Point :
The vulnerability allows remote attackers to exploit cryptographic weaknesses in the RSA algorithm.…
Summary: A critical security flaw in the Aviatrix Controller cloud networking platform, identified as CVE-2024-50603, is being actively exploited to deploy backdoors and cryptocurrency miners. The vulnerability allows for unauthenticated remote code execution, posing significant risks to cloud environments.
Read More
Threat Actor: Unknown | unknown Victim: Cloud enterprises | cloud enterprises
Key Point :
The vulnerability has a CVSS score of 10.0, indicating maximum severity.…
Summary: The HexaLocker ransomware group has released a new variant, HexaLocker V2, which incorporates advanced encryption and data theft capabilities. This resurgence marks a significant evolution in their attack strategy, combining ransomware with a data-stealing component known as Skuld.
Read More
Threat Actor: HexaLocker | HexaLocker Victim: Various targets | various targets
Key Point :
HexaLocker V2 utilizes a self-copy mechanism and establishes persistence through the Windows registry.…
This article provides a comprehensive overview of significant cybersecurity incidents and vulnerabilities reported recently, including outages, data breaches, and exploits targeting various platforms. Affected: Proton Mail, Ivanti VPN, Banshee, BayMark Health Services, Medusind, MirrorFace, STIIIZY, Samsung, GFI KerioControl, Mitel MiCollab, CrowdStrike, Akamai, Casio.
Read More
Keypoints :
Proton Mail experienced a worldwide outage due to a surge in database connections during infrastructure migration.…