Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Published On : 2024-01-05
EXECUTIVE SUMMARYAt Cyfirma, we are committed to providing up-to-date information on the most prevalent threats and tactics used by malicious actors to target both organizations and individuals. This comprehensive analysis delves into the dissemination of cryptocurrency miners through a YouTube channel.…
On December 19, 2023, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a join Cybersecurity Advisory (CSA) that disseminates Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) associated with the ALPHV BlackCat Ransomware-as-a-Service (RaaS) identified through FBI investigations as recently as December 6, 2023.…
Panasonic Avionics Corporation (PAC), revealed that they suffered a cyberattack at the end of 2022, which may have led to the leak of personal information related to employees.
According to Panasonic, the internal network systems of PAC were compromised in a cyberattack. The breach was discovered approximately a year ago, on December 30, 2022, and an investigation ensued with external assistance.…
A new plant has grown in the desert of cyber threats, wielding its thorns to pierce through organizations and individuals alike. The Cactus Ransomware Group, a name recently whispered with curiosity across the cybersecurity realm, has emerged from the shadows, sowing seeds of chaos and disruption in its wake.…
Known to be supported by North Korea, the Kimsuky threat group has been active since 2013. At first, they attacked North Korea-related research institutes in South Korea before attacking a South Korean energy corporation in 2014. Since 2017, attacks targeting countries other than South Korea have also been observed. [1]…
In the ever-changing cybersecurity landscape, Identity and Access Management (IAM) stands as the cornerstone of an organisation’s digital asset protection. IAM solutions play an essential role in managing user identities, controlling access to resources and ensuring compliance. As the digital threat landscape is constantly increasing in complexity, the need for visibility of IAM events has become paramount to detect attacks as early as possible before impact.…
Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.…
Estimated reading time: 13 minutes
SEQRITE Labs APT-Team has uncovered a phishing campaign targeting various Indian government personnel since October 2023. We have also identified targeting of both government and private entities in the defence sector over December. New Rust-based payloads and encrypted PowerShell commands have been utilized to exfiltrate confidential documents to a web-based service engine, instead of a dedicated command-and-control (C2) server.…
The Sophos MDR Threat Intelligence team previously published the blog Akira Ransomware is “bringin’ 1988 back” in May 2023, roughly two months after the group is reported to have begun operations. Since the ransomware group’s initial attacks in March, Akira has emerged as a formidable ransomware threat in the cybersecurity landscape for small to medium-sized businesses, posting hundreds of alleged victims on its data leak site.…
On December 19th, the Israel National Cyber Directorate released an urgent alert warning regarding a phishing campaign actively targeting Israeli customers using F5’s network devices. We’ve labeled this campaign Operation HamsaUpdate. It features the deployment of a newly developed wiper malware that targets both Windows and Linux servers.…
Earlier this year, Mandiant’s Managed Defense threat hunting team identified an UNC2975 malicious advertising (“malvertising”) campaign presented to users in sponsored search engine results and social media posts, consistent with activity reported in From DarkGate to DanaBot. This campaign dates back to at least June 19, 2023, and has abused search engine traffic and leveraged malicious advertisements to affect multiple organizations, which resulted in the delivery of the DANABOT and DARKGATE backdoors.…
ESET researchers analyzed a growing series of OilRig downloaders that the group has used in several campaigns throughout 2022, to maintain access to target organizations of special interest – all located in Israel. These lightweight downloaders, which we named SampleCheck5000 (SC5k v1-v3), OilCheck, ODAgent, and OilBooster, are notable for using one of several legitimate cloud service APIs for C&C communication and data exfiltration: the Microsoft Graph OneDrive or Outlook APIs, and the Microsoft Office Exchange Web Services (EWS) API.…
This report is a little different than our typical content. We were able to analyze data from a perspective we typically don’t get to see… a threat actor’s host! In early November, we came across an open directory that included more than a year of historical threat actor activity.…
Published On : 2023-12-15
EXECUTIVE SUMMARYAt CYFIRMA, our mission is to empower you with the latest insights into the dynamic landscape of cybersecurity threats, addressing risks that impact both organizations and individuals. This report details a sophisticated cyber threat involving a malicious Word file with an embedded macro that, upon opening, prompts victims to enable macros.…
The Black Lotus Labs team at Lumen Technologies is tracking a small office/home office (SOHO) router botnet that forms a covert data transfer network for advanced threat actors. We are calling this the KV-botnet, based upon artifacts in the malware left by the authors.…
Estimated reading time: 6 minutes
Cerber is a strain of ransomware that was first identified in early 2016. It is a type of malware that encrypts a victim’s files and demands a ransom for the decryption key needed to unlock the files. Cerber, like many other ransomware variants, typically targets individuals and organizations by encrypting their files and demanding a ransom payment (usually in cryptocurrencies like Bitcoin) for the decryption key.…