Tag: EXFILTRATION

Major Cyber Attacks Targeting Transportation & Logistics Industry
The transportation and logistics industry is increasingly targeted by cybercriminals as they exploit vulnerabilities to disrupt operations and steal sensitive data. Major incidents include ransomware attacks affecting ports and airports, along with data breaches that raise severe concerns about data security within the sector. Affected: transportation and logistics industry, public infrastructure, cybersecurity sector

Keypoints :

Transportation and logistics sector is a major target for cybercriminals due to valuable data.…
Read More
The Lotus Blossom, also known as Lotus Panda, is a sophisticated Chinese APT group involved in cyber espionage for over a decade. They have recently enhanced their tactics by deploying new Sagerunex backdoor variants that utilize third-party cloud services and social media for command-and-control activities. This article examines their tactics, techniques, and procedures, detailing their operational framework along with the challenges we face against such persistent threats.…
Read More
A Deep Dive into Water Gamayun’s Arsenal and Infrastructure
Trend Research reveals the exploits of Water Gamayun, a suspected Russian threat actor leveraging a zero-day vulnerability (CVE-2025-26633) in Microsoft Management Console to deploy malware. Their methods include custom payloads, data exfiltration techniques, and the use of backdoor malware. This campaign poses severe risks to organizations, including data theft and operational disruption.…
Read More
How an Exposed Jenkins Instance Led to a Full-Scale Infrastructure Compromise
This article discusses the risks associated with misconfigured Jenkins instances in CI/CD pipelines, highlighting a specific case where an exposed Jenkins service led to unauthorized access and severe security vulnerabilities. The findings from CloudSEK’s BeVigil underscore the potential consequences of such misconfigurations, including remote code execution, credential theft, and regulatory risks.…
Read More
PJobRAT Malware Campaign Targeted Taiwanese Users via Fake Chat Apps
Summary: A new campaign utilizing the PJobRAT Android malware has been detected, targeting users in Taiwan under the guise of chat applications. This malware, previously aimed at Indian military personnel, has evolved to harvest sensitive information while masquerading as messaging apps. Security researchers indicate its operation spanned nearly two years before pausing in October 2024.…
Read More
I Am Not A Robot
Recent social engineering tactics have evolved to include a variant of the SectopRAT malware, which is disguised as a Cloudflare verification challenge. This Remote Access Trojan employs extensive techniques for data exfiltration and uses various evasion methods to avoid detection. Affected: Users, Browsers, Cryptocurrency Holders

Keypoints :

ClickFix-style social engineering techniques are becoming more prevalent among threat groups.…
Read More
How SVigil Prevented a Massive Supply Chain Breach in Banking Infrastructure?
This article highlights the cybersecurity vulnerabilities that arise when financial institutions rely on third-party vendors. It details how CloudSEK’s SVigil platform discovered exposed credentials of a key communication service provider, which led to a significant data breach affecting a major banking entity. The timely detection helped prevent potential misuse of sensitive data and loss of customer trust.…
Read More
Shifting the sands of RansomHub’s EDRKillShifter
ESET researchers examine the ransomware landscape in 2024, highlighting the emergence of RansomHub, a prominent ransomware-as-a-service (RaaS) group linked to established gangs like Play, Medusa, and BianLian. The article discusses the rise of EDR killers, particularly EDRKillShifter, developed by RansomHub, and reflects on the shifting dynamics of ransomware payments and victim statistics.…
Read More
Defense contractor to pay .6 million over third-party provider’s security weakness
Summary: MORSE Corp, a defense contractor based in Cambridge, Massachusetts, has settled with the U.S. government for .6 million due to violations of federal cybersecurity requirements. The settlement stems from allegations that the company misrepresented its cybersecurity posture and failed to comply with standards set by the National Institute of Standards and Technology.…
Read More
Consequences of INPS-themed Smishing: Stolen Documents for Sale Online
The article discusses the ongoing smishing campaigns targeting the Italian public, particularly focusing on scams related to the INPS (National Social Security Institute). The scams involve the theft of identity documents, mostly selfies where the document is displayed next to the victim’s face. Despite continuous monitoring and takedown efforts by CERT-AGID, these fraudulent activities continue to proliferate, leading to an increase in victims and the illegal sale of personal documents on the dark web.…
Read More
RedCurl cyberspies create ransomware to encrypt Hyper-V servers
Summary: The threat actor group RedCurl has evolved from corporate espionage to deploying a ransomware encryptor, QWCrypt, targeting Hyper-V virtual machines. Their tactics now include sophisticated phishing schemes and stealthy methods for lateral movement within networks. This strategic shift raises questions about their motives and operational goals, as they blend espionage with ransomware attacks.…
Read More
SnakeKeylogger: A Multistage Info Stealer Malware Campaign
The SnakeKeylogger campaign illustrates a sophisticated credential-stealing threat targeting both individuals and businesses. Utilizing multi-stage infection techniques, it cleverly evades detection while harvesting sensitive data from various platforms. Attackers employ malicious spam emails containing disguised executable files to initiate the infection. Affected: Individuals, Businesses, Email Clients, Web Browsers, FTP Clients.…
Read More