Tag: DISCOVERY

Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine | Microsoft Security Blog
Microsoft Threat Intelligence has reported on the Russian nation-state actor Secret Blizzard, which has been using co-opted tools and infrastructure from other threat actors to conduct espionage activities against targets in Ukraine. The campaigns have involved the deployment of custom malware, including the Tavdig and KazuarV2 backdoors, often facilitated through cybercriminal tools like Amadey bot malware.…
Read More
CYFIRMA Secures Strategic Investment From MDI Ventures to Bolster Cybersecurity in Southeast Asia
Summary: CYFIRMA, a cybersecurity firm based in Singapore, has secured a strategic investment from MDI Ventures to expand its operations in Southeast Asia, particularly in Indonesia. This funding will enhance CYFIRMA’s research and development efforts to create advanced cybersecurity solutions amid rising cyber threats. The investment aims to broaden CYFIRMA’s offerings and improve its service capabilities for clients globally.…
Read More
North Korean Lazarus Group Exposed for Using Fake Philippine Identities on LinkedIn
Summary: Cybersecurity researcher Dominic Alvieri has identified and reported the removal of fake LinkedIn profiles linked to the North Korean Lazarus Group, which were posing as recruiters. These fraudulent accounts, claiming affiliations with various companies and universities, aimed to deceive professionals into revealing sensitive information. The situation raises concerns for job seekers in the Philippines, emphasizing the need for vigilance against such scams.…
Read More
Malicious driver from Equation APT
This article analyzes a malicious driver associated with the APT group Equation, detailing its functionality and methods of operation, including string decryption, API resolving, and registry manipulation. The write-up includes links to download the sample and access a decryption script. Affected: APT Equation, Microsoft Windows

Keypoints :

The malicious driver is linked to the APT group Equation.…
Read More
Pivoting for Nosviak
Censys discovered a network of botnet management systems utilizing a modified version of the Nosviak command-and-control service. This network connects over 150 hosts across multiple countries and operates under various aliases, primarily offering DDoS and proxy services marketed as “stress testing.” Evidence suggests a significant infrastructure that leverages shared resources for malicious activities.…
Read More
Beyond Flesh and Code: Building an LLM-Based Attack Lifecycle With a Self-Guided Malware Agent
This article discusses the integration of older automation tools with large language models (LLMs) to enhance malware development and delivery methods, including the use of tools like Mantis and Stopwatch.ai for reconnaissance and obfuscation. It highlights the potential of LLMs in creating convincing phishing attacks and guiding malware operations, ultimately leading to a more sophisticated attack lifecycle.…
Read More
Dark Web Profile: OilRig (APT34)
OilRig, also known as APT34, is a state-sponsored APT group linked to Iranian intelligence, primarily targeting sectors like government, energy, finance, and telecommunications. Their sophisticated cyber-espionage tactics include spear-phishing and custom malware, making them a persistent threat across the Middle East and beyond. Affected: government, energy, financial, telecommunications sectors

Keypoints :

OilRig is a state-sponsored APT group associated with Iranian intelligence.…
Read More
PlushDaemon compromises supply chain of Korean VPN service
ESET researchers have uncovered a previously undisclosed APT group, PlushDaemon, linked to China, which executed a supply-chain attack on a South Korean VPN developer in 2023. The attackers replaced the legitimate VPN installer with a malicious version that deployed a sophisticated backdoor known as SlowStepper. This backdoor features a comprehensive toolkit with over 30 components, allowing extensive cyber espionage capabilities.…
Read More
Cyber Insights 2025: APIs – The Threat Continues
Summary: SecurityWeek’s Cyber Insights 2025 highlights expert predictions regarding the increasing vulnerabilities associated with APIs as their usage expands. As organizations adopt more SaaS applications and AI-driven tools, APIs are becoming prime targets for cybercriminals, leading to a significant rise in API-related breaches. Experts emphasize the urgent need for improved API security measures to combat these evolving threats.…
Read More
PoC Exploit released for TP-Link Code Execution Vulnerability(CVE-2024-54887)
Summary: A security researcher has discovered a critical vulnerability (CVE-2024-54887) in the TP-Link TL-WR940N router, affecting hardware versions 3 and 4. This vulnerability allows for arbitrary remote code execution through stack buffer overflow exploitation, posing significant risks to users. The research involved advanced techniques such as static and dynamic analysis, leading to the development of a viable exploit.…
Read More
Supercharge Your CTI: AI-Powered IOC Collection with ChatGPT, Inoreader and Google Drive
This article outlines a proof-of-concept for automating the collection and processing of Indicators of Compromise (IOCs) using Inoreader, Google Drive, and OpenAI’s GPT-4. The workflow aims to enhance the efficiency of Cyber Threat Intelligence (CTI), Incident Response (IR), and Security Operations Center (SOC) teams by transforming raw data into actionable insights.…
Read More
Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing”
Sophos X-Ops’ Managed Detection and Response (MDR) has reported on two active threat clusters, STAC5143 and STAC5777, utilizing Microsoft Office 365 to infiltrate organizations for data theft and ransomware deployment. The tactics include email-bombing, fake tech support, and exploiting remote control tools. Both clusters exhibit overlapping techniques with known threat groups like FIN7 and Storm-1811.…
Read More
Ex-CIA Analyst Pleads Guilty to Sharing Top-Secret Data with Unauthorized Parties
Summary: A former CIA analyst, Asif William Rahman, pleaded guilty to transmitting top secret National Defense Information to unauthorized individuals and attempted to conceal his actions. Meanwhile, the Philippines arrested a Chinese national and two Filipinos for conducting espionage activities related to critical infrastructure. Both incidents highlight ongoing security threats and breaches involving sensitive information and national defense.…
Read More
InvisibleFerret Malware: Technical Analysis
The article discusses the emergence of InvisibleFerret malware, which is being spread through fake job interviews targeting developers in the tech and cryptocurrency sectors. This malware is part of a broader campaign that includes other malware like BeaverTail. InvisibleFerret is designed to steal sensitive information and operates silently, making it difficult to detect.…
Read More