Tag: LATERAL MOVEMENT

Elysium Ransomware: A New Variant of the Ghost Family Targeting Critical Infrastructure
Summary: A new ransomware variant called Elysium, linked to the Ghost ransomware family, targets critical sectors like healthcare and government. The attackers exploit outdated applications to gain access and deploy various tools to execute a multi-stage attack. Elysium disrupts recovery efforts by targeting backups and encrypting files with a specific extension while demanding a ransom in Monero for decryption.…
Read More
This advisory details the tactics, techniques, and procedures (TTPs) associated with the Medusa ransomware variant. Medusa, operating as a ransomware-as-a-service (RaaS), has affected over 300 victims across various critical infrastructure sectors since its inception in June 2021. The advisory provides insights into initial access methods, lateral movement tactics, and a double extortion model employed by Medusa actors.…
Read More
AI Safety: Key Threats and Solutions 
This article addresses critical dangers posed by advancing AI technology, including AI-driven phishing, malware generation, opinion manipulation, and the risk of unintended AI failures. Each threat highlights the necessity for robust defense strategies and ethical oversight to safeguard users and society. Affected: Cybersecurity, AI industry, Public perception

Keypoints :

AI technology’s integration into daily life brings both advancements and new security threats.…
Read More
Volt Typhoon hackers were in Massachusetts utility’s systems for 10 months
Summary: Chinese hackers associated with the Volt Typhoon campaign infiltrated the systems of Littleton Electric Light and Water Department in Massachusetts for nearly a year, aiming for data theft and potential sabotage. The breach, discovered in November 2023, revealed that while customer-sensitive data was not compromised, the hackers sought critical operational information on energy grid operations.…
Read More
Your Risk Scores Are Lying: Adversarial Exposure Validation Exposes Real Threats
Summary: The article emphasizes the critical need for Adversarial Exposure Validation (AEV) in cybersecurity, highlighting the dangers of complacency stemming from false confidence in traditional security practices. Organizations often mistake compliance and vulnerability metrics for genuine security, but AEV provides a reality check by continuously testing defenses against real threats.…
Read More
Multiple vulnerabilities found in ICONICS industrial SCADA software
Summary: ICONICS SCADA software, used globally in critical infrastructure, has been found to contain at least five vulnerabilities allowing for privilege escalation, DLL hijacking, and modification of critical files. Despite patches being released, numerous servers remain exposed on the public internet. The vulnerabilities primarily affect versions 10.97.2 and 10.97.3, posing serious risks to key sectors including government and manufacturing.…
Read More
Blind Eagle: …And Justice for All
Check Point Research has uncovered a series of cyber campaigns led by the group Blind Eagle (APT-C-36) targeting Colombian government and private sector institutions. The attacks, which began in late 2024, exploit a vulnerability (CVE-2024-43451) linked to NTLMv2 hash exposure but utilize a .url file that triggers a WebDAV request to notify attackers when the file is downloaded.…
Read More
Dark Web Profile: APT35
APT35, also known as Charming Kitten, is an Iranian state-sponsored cyber-espionage group targeting various sectors through sophisticated cyber campaigns. Since its emergence in 2014, APT35 has been involved in high-profile incidents such as the HBO data breach and attempted compromises of U.S. governmental and campaign-related accounts.…
Read More
Analysis of Lazarus Group’s Attack on Windows Web Servers
The AhnLab Security Intelligence Center has reported ongoing attacks by the Lazarus group, which breaching South Korean web servers to install web shells and control scripts, notably LazarLoader malware for privilege escalation. The attackers utilize structured methodologies for command execution through newly defined C2 scripts. Affected: South Korean web servers, IT infrastructure

Keypoints :

The Lazarus group continues to exploit South Korean web servers to establish command and control (C2) infrastructure.…
Read More
RST TI Report Digest: 10 Mar 2025
This week’s threat intelligence report reveals a range of sophisticated cyber threats, including targeted multistage malware attacks, ransomware groups adopting new backconnect malware, and social engineering tactics employed in recruitment scams. Notable threats included a campaign targeting aviation and transport in the UAE, while other malware leveraged social media for distribution.…
Read More
⚡ THN Weekly Recap: New Attacks, Old Tricks, Bigger Impact
Summary: The evolving landscape of cyber threats raises critical concerns around cybersecurity resilience, particularly as state-sponsored groups and new ransomware tactics emerge. Notable events this week include charges against Chinese nationals for hacking and the dismantling of Garantex, a cryptocurrency exchange linked to money laundering. This edition explores the complexities of modern cyber threats and ongoing countermeasures by global law enforcement.…
Read More
Stealthy Attacks Exploiting PHP-CGI Vulnerability Target Japanese Organizations
Summary: Cisco Talos has uncovered a sophisticated cyberattack campaign targeting various Japanese industries, actively exploiting a vulnerability in PHP-CGI for remote code execution. The attacks include credential theft, privilege escalation, and deployment of persistent backdoors facilitated by the Cobalt Strike toolkit. Despite similarities to previous hacker group tactics, the attackers’ identities remain unconfirmed.…
Read More
🚨Cyber Attack Chronicles🚨
The SolarWinds hack, a significant supply chain attack discovered in December 2020, compromised numerous Fortune 500 companies and government agencies, resulting in extensive cybersecurity repercussions. Attackers embedded malicious code into SolarWinds’ Orion software updates, infiltrating thousands of networks and highlighting the vulnerabilities in vendor trust. Affected: Fortune 500 companies, US Government agencies, SolarWinds

Keypoints :

The hack was discovered in December 2020, but the infiltration began as early as March 2020.…
Read More
Chemistry Walkthrough – HackTheBox
In this article, the author details an easy Linux machine exploitation process that begins with gaining foothold through a CVE vulnerability and escalates to root access via another exploit. The author notes the machine’s slow performance and encourages patience during the tests. The walkthrough includes reconnaissance, exploitation of vulnerabilities in the Pymatgen library and Python aiohttp framework, and obtaining root access.…
Read More
From Foothold to Takeover: Mastering Pivoting Moves
This article provides an overview of pivoting and lateral movement techniques in cybersecurity, focusing particularly on the tool Ligolo-ng. Ligolo-ng is highlighted for its efficiency, user-friendliness, security features, and cross-platform compatibility, making it a valuable asset for penetration testers. The article explains how to set up Ligolo-ng and its advantages compared to other tunneling tools.…
Read More
The Ultimate Guide to VulnHub Machines for Beginners: Master Network & Web Pentesting
VulnHub is a platform that offers a safe environment for beginners to practice Vulnerability Assessment and Penetration Testing (VAPT). This guide recommends a variety of machines to enhance skills in network security, web security, and CMS exploitation, moving from beginner to advanced levels. Following this structured approach helps build practical skills and prepares learners for future certifications and career opportunities in cybersecurity.…
Read More
Stuxnet – An Overview
Stuxnet, introduced in 2010, is recognized as the first digital weapon designed to disrupt Iran’s nuclear enrichment program. Developed through a collaboration between the United States and Israel, it utilized sophisticated malware to compromise industrial control systems, causing physical damage without detection. This cyber weapon dramatically illustrated the potential for malware to affect real-world systems, heralding a new era of cyber warfare.…
Read More
Cybersecurity News Review, — Week 10 (2025)
The latest cybersecurity newsletter highlights vulnerabilities and attacks involving multiple platforms including VMware, Microsoft, Google, and more. Key updates include the patching of critical zero-day vulnerabilities, ransomware attacks, and the rise of sophisticated malware targeting various industries. The report emphasizes the importance of cybersecurity measures to protect sensitive data and infrastructure.…
Read More