Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine | Microsoft Security Blog
Microsoft Threat Intelligence has reported on the Russian nation-state actor Secret Blizzard, which has been using co-opted tools and infrastructure from other threat actors to conduct espionage activities against targets in Ukraine. The campaigns have involved the deployment of custom malware, including the Tavdig and KazuarV2 backdoors, often facilitated through cybercriminal tools like Amadey bot malware.…
Read More

Victim: www.missionbank.bank Country : US Actor: ransomhub Source: http://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion/26affe5c-e0ad-4098-a0d4-67a62bf4edd4/ Discovered: 2025-01-23 09:38:15.724710 Published: 2025-01-23 09:37:06.316442 Description : Full-service, community-based bank Located in California Offers personal banking, commercial banking, and wealth management Provides online banking services Aims to foster community growth Delivers personalized financial solutions Caters to local businesses and individuals

About Country: US

– Cybersecurity Landscape: The US is a global leader in cybersecurity, hosting numerous cybersecurity firms, research institutions, and government agencies focused on securing digital infrastructure.…

Read More
Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)
Summary: Cisco has issued critical software updates to address a privilege escalation vulnerability (CVE-2025-20156) in its Meeting Management system, allowing remote attackers to gain administrator access. Additionally, patches were released for a denial-of-service (DoS) flaw in BroadWorks and an integer underflow bug in ClamAV. The vulnerabilities highlight ongoing security challenges faced by organizations using Cisco products.…
Read More
Summary: A recent report from Knownsec 404 highlights the emergence of GamaCopy, a cyber espionage group imitating Gamaredon APT, targeting Russian defense and critical infrastructure. GamaCopy uses military-themed documents as bait, employing obfuscated scripts and open-source tools like UltraVNC to minimize detection. The group’s tactics reveal a sophisticated approach to cyber espionage, complicating attribution and showcasing a false flag operation.…
Read More

Victim: BBBIND.COM Country : US Actor: safepay Source: http://nz4z6ruzcekriti5cjjiiylzvrmysyqwibxztk6voem4trtx7gstpjid.onion#BBBIND Discovered: 2025-01-23 07:29:27.354250 Published: 2025-01-23 07:29:27.354250 Description : BBBIND.COM is a leading American company in the automotive aftermarket parts sector. The company specializes in premium parts with a focus on high-quality rotating electrical products. Product portfolio includes alternators, starters, brake calipers, and power steering products.…
Read More

Victim: Black Hills Regional Eye Institute Country : US Actor: qilin Source: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=0e6b763b-6054-3417-97b2-af6bcf631c44 Discovered: 2025-01-23 08:01:51.445160 Published: 2025-01-23 08:00:31.931307 Description : Black Hills Regional Eye Institute is a medical group practice located in Rapid City, SD. Specializes in Ophthalmology and Optometry. Website: https://www.blackhillseyes.com/. The network of the medical group had experienced a data breach.…
Read More

Victim: PINELAND BHDD COMMUNITY SERVICES Country : MY Actor: spacebears Source: http://5butbkrljkaorg5maepuca25oma7eiwo6a2rlhvkblb4v6mf3ki2ovid.onion/companies/54/pineland-bhdd-community-services Discovered: 2025-01-23 08:09:04.086208 Published: 2025-01-23 08:07:52.001997 Description : Pineland BHDD aims to develop and provide essential services. The focus is on minimizing the impact of mental illness, developmental disabilities, and addictive diseases. The organization serves both individuals and their families.…
Read More
North Korean Lazarus Group Exposed for Using Fake Philippine Identities on LinkedIn
Summary: Cybersecurity researcher Dominic Alvieri has identified and reported the removal of fake LinkedIn profiles linked to the North Korean Lazarus Group, which were posing as recruiters. These fraudulent accounts, claiming affiliations with various companies and universities, aimed to deceive professionals into revealing sensitive information. The situation raises concerns for job seekers in the Philippines, emphasizing the need for vigilance against such scams.…
Read More
Dark Web Profile: OilRig (APT34)
OilRig, also known as APT34, is a state-sponsored APT group linked to Iranian intelligence, primarily targeting sectors like government, energy, finance, and telecommunications. Their sophisticated cyber-espionage tactics include spear-phishing and custom malware, making them a persistent threat across the Middle East and beyond. Affected: government, energy, financial, telecommunications sectors

Keypoints :

OilRig is a state-sponsored APT group associated with Iranian intelligence.…
Read More

Victim: Sawley Lock O’Callaghan Country : AU Actor: dragonforce Source: http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog/?post_uuid=53e32b13-5df3-4e6b-a23a-fdf8cca0719b Discovered: 2025-01-23 04:17:01.342371 Published: 2025-01-23 04:15:56.701072 Description : Experienced South Australian company Dedicated to high calibre service Expertise in land surveying and spatial information Combination of high-quality customer service and modern technology Wide range of applications

About Country: Australia (AU)

– Cybersecurity Framework: Australia has a robust cybersecurity framework guided by the Australian Cyber Security Strategy 2020, aimed at protecting critical infrastructure and enhancing national security.…

Read More
FBI/CISA Share Details on Ivanti Exploits Chains: What Network Defenders Need to Know
Summary: The US government has disclosed details of two exploit chains used by Chinese hackers to infiltrate Ivanti Cloud Service Appliances (CSA), highlighting significant vulnerabilities. Four critical security flaws have been identified, which are actively exploited by these threat actors. The advisory emphasizes the importance of monitoring and securing affected systems to prevent further intrusions.…
Read More

Attacker: SABUNMANDI CYBER TEAMTarget: https://embmr.foreign.gov.ly/hack.txtSource: http://www.zone-h.org/mirror/id/41316023

Attacker: ynR !Target: https://xproy.zihuatanejodeazueta.gob.mx/ynr.htmlSource: http://www.zone-h.org/mirror/id/41316019

Attacker: ynR !Target: https://sapaam.zihuatanejodeazueta.gob.mx/ynr.htmlSource: http://www.zone-h.org/mirror/id/41316018

Attacker: ynR !Target: https://files.zihuatanejodeazueta.gob.mx/ynr.htmlSource: http://www.zone-h.org/mirror/id/41316017

Attacker: ynR !Target: https://consultaci.zihuatanejodeazueta.gob.mx/ynr.htmlSource: http://www.zone-h.org/mirror/id/41316016

Attacker: ynR !Target: https://consulta2024.zihuatanejodeazueta.gob.mx/ynr.htmlSource: http://www.zone-h.org/mirror/id/41316015

Attacker: ynR !Target: https://bibliotecas.zihuatanejodeazueta.gob.mx/ynr.htmlSource: http://www.zone-h.org/mirror/id/41316014

Attacker: ynR !Target: https://pmd.zihuatanejodeazueta.gob.mx/ynr.htmlSource: http://www.zone-h.org/mirror/id/41316012

Attacker: ynR !Target: https://sapam.zihuatanejodeazueta.gob.mx/ynr.htmlSource: http://www.zone-h.org/mirror/id/41316010…

Read More

Victim: Omni Fiber LLC Country : US Actor: monti Source: http://mblogci3rudehaagbryjznltdp33ojwzkq6hn2pckvjq33rycmzczpid.onion/blog/8a0bdf901623710a4eef9699878ae33d2fc778edb5e3b5f6302f955744120676/ Discovered: 2025-01-22 22:39:07.438128 Published: 2025-01-22 22:37:55.379960 Description : Sure! Here’s a list of keypoints about a full database, formatted with HTML tags: Definition: A full database is a complete collection of related data that is stored in a structured format.…
Read More

Victim: Rees NDT Inspection Services Country : CA Actor: ElDorado Source: Discovered: 2025-01-22 22:48:37.149402 Published: 2025-01-22 22:48:37.149402 Description : Industry: Energy, Utilities & Waste Location: Canada Employee Count: < 25 Employees Service Area: Northwestern Canada (Grande Prairie, Bonnyville, Vegreville, and mobile units) Specialization: Inspection and engineering certification of overhead lifting devices Equipment Covered: Cranes, pickers, sideboom pipelayers, and oilfield-related lifting equipment Revenue: < Million

About Country CA (Canada)

– Cybersecurity Framework: Canada has established a comprehensive cybersecurity framework, including the National Cyber Security Strategy aimed at safeguarding the nation’s digital infrastructure.…

Read More

Victim: gaylord.org Country : Actor: safepay Source: http://nz4z6ruzcekriti5cjjiiylzvrmysyqwibxztk6voem4trtx7gstpjid.onion#gaylord Discovered: 2025-01-22 21:09:39.140759 Published: 2025-01-22 21:09:39.140759 Description : There is no available or valid information about “gaylord.org”. The search did not yield any relevant details about this entity. It’s possible that the name or spelling may be inaccurate.…
Read More
BreachForums admin to be resentenced after appeals court slams supervised release
Summary: Conor Fitzpatrick, the founder of the cybercrime platform BreachForums, is set to be resentenced after a three-judge panel vacated a previous lenient sentence that allowed him to serve only 17 days in prison. The appellate court criticized the district court’s decision, which was influenced by Fitzpatrick’s age and autism diagnosis, for being “substantively unreasonable” given his extensive criminal activities.…
Read More

Victim: sdkgroup.com Country : HK Actor: ransomhub Source: http://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion/035b01ba-eeed-4514-8e06-9e9b4f865797/ Discovered: 2025-01-22 20:24:11.626081 Published: 2025-01-22 20:23:01.411307 Description : Global business consulting firm Specializes in information technology and business process services Helps clients implement and optimize corporate IT strategies Offers IT consulting, cloud services, data analytics, and software development Serves diverse industries: logistics, healthcare, banking, energy Provides support in multiple languages Operates in several countries

About Country: Hong Kong (HK)

– Cybersecurity Framework: Hong Kong has a structured approach to cybersecurity, governed by the Hong Kong Cybersecurity Strategy initiated by the government to enhance resilience against cyber threats.…

Read More