Summary: The Russian independent news website Meduza is facing repeated attempts to disrupt its digital infrastructure, including distributed denial-of-service (DDoS) attacks, which are believed to be orchestrated by the Russian authorities.

Threat Actor: Russian authorities | Russian authorities Victim: Meduza | Meduza

Key Point :

Meduza has been targeted by a series of DDoS attacks, which have intensified and continued even after the Russian presidential election in March.…
Read More

Threat Actor: Unknown | Unknown Victim: Lucky app users | Lucky app users Price: Not specified Exfiltrated Data Type: Database and source code of Lucky app

Additional Information:

The threat actor is allegedly offering for sale the database and source code of the Lucky app. The Lucky app is a prominent app for credit products and loyalty rewards in Egypt, developed by Dsquares.…
Read More

Summary: The Godfather mobile banking Trojan, which targets hundreds of banking apps, has become one of the most widespread malware-as-a-service offerings in cybercrime, with over 1,000 samples circulating worldwide.

Threat Actor: Godfather mobile banking Trojan | Godfather mobile banking Trojan Victim: Banking apps | banking apps

Key Point :

The Godfather mobile banking Trojan has quickly become one of the most widespread malware-as-a-service offerings in cybercrime, targeting hundreds of banking apps worldwide.…
Read More
Key TakeawaysIn September 2023, we successfully sinkholed a command and control server linked to the PlugX worms. For just $7, we acquired the unique IP address tied to a variant of this worm, which had been previously documented by Sophos. Almost four years after its initial launch, between ~90,000 to ~100,000 unique public IP addresses are still infected, sending distinctive PlugX requests daily to our sinkhole.…
Read More

Victim: atriline.by Country : Belarus Actor: darkvault Source: http://mdhby62yvvg6sd5jmx5gsyucs7ynb5j45lvvdh4dsymg43puitu7tfid.onion//post/MmQ1NWE5YThhZjU0ZWVjZjk0Y2NmMm Discovered: 2024-04-25 22:26:24.765375 Published: 2024-04-25 00:00:00.000000 Description :

Online ticket sales for the Bobruisk – Minsk – Bobruisk route Purchase takes 2 minutes Check the schedule and prices Free returns Convenient mobile application SMS notifications

online ticket sales, Bobruisk – Minsk – Bobruisk route, schedule and prices…

Read More

Key Takeaways

A new Android Banking Trojan, “Brokewell”, was identified as distributing via a fake Chrome Update phishing site. 

The malware’s development is attributed to the developer, “Baron Samedit,” who manages the “Brokewell Cyber Labs” project. 

Utilizing Gitea, the malware developer hosts the Brokewell Android Loader project repository and shares underground forum links related to their profile. …
Read More

Summary: The Department of Justice has announced the arrest of the founders of Samourai Wallet, a cryptocurrency mixing service that allegedly facilitated money laundering and sanctions evasion, obscuring the origins of at least $100 million in criminal proceeds.

Threat Actor: Samourai Wallet | Samourai Wallet Victim: N/A

Key Point :

The founders of Samourai Wallet, Keonne Rodriguez and William Lonergan Hill, created features explicitly designed to help criminals engage in large-scale money laundering and sanctions evasion.…
Read More

Summary: The Federal Trade Commission (FTC) is providing $5.6 million in refunds to Ring users whose private video feeds were accessed without consent by Amazon employees and contractors, or had their accounts and devices hacked due to insufficient security measures.

Threat Actor: Amazon employees and contractors

Victim: Ring users

Key Point :

The FTC is sending $5.6 million in refunds to Ring users who had their private video feeds accessed without consent or experienced security breaches.…
Read More

Victim: hominemclinic.com.br Country : Unknown Actor: qiulong Source: http://62brsjf2w77ihz5paods33cdgqnon54gjns5nmag3hmqv6fcwamtkmad.onion/?p=142 Discovered: 2024-04-25 00:17:01.138591 Published: 2024-04-24 19:44:01.000000 Description :

We are a medical clinic specialized in male sexual health care, focusing on the treatment of erectile dysfunction, premature ejaculation, and andropause. Message to all men with sexual problems who are Hominem patients: THIS CLINIC DOES NOT PROTECT YOUR DATA AND YOUR PRIVACY, AND SOON EVERYONE WILL KNOW ABOUT YOUR PROBLEMS.…
Read More

Threat Actor: APT73 (Eraleign) | APT73 Victim: Trifecta Technologies, Inc. | Trifecta Technologies Price: Not specified Exfiltrated Data Type: Private and personal confidential data, confluence dump, clients documents, budget, payroll, IDs, taxes, finance information, personal details of employees

Additional Information :

APT73 is a new ransomware group known as Eraleign.…
Read More

Summary: Security vulnerabilities in cloud-based pinyin keyboard apps have been discovered, which could allow threat actors to access users’ keystrokes.

Threat Actor: Various threat actors targeting users of cloud-based pinyin keyboard apps. Victim: Users of cloud-based pinyin keyboard apps from vendors like Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi.…

Read More

Summary: The US State Department is imposing visa restrictions on individuals involved in the development and sale of commercial spyware, targeting those who have targeted journalists, academics, human rights defenders, dissidents, and US government personnel.

Threat Actor: Commercial spyware developers and sellers.

Victim: Journalists, academics, human rights defenders, dissidents, and US government personnel.…

Read More

Key Takeaways

Cyble Research & Intelligence Labs (CRIL) identified a DragonForce ransomware binary based on LOCKBIT Black ransomware, suggesting the threat actors behind DragonForce used a leaked builder of LOCKBIT Black ransomware to generate their binary. 

In September 2022, an X (Twitter) user shared the download link for the LockBit ransomware builder, which allows threat actors to customize ransomware payloads according to their preferences. …
Read More

Victim: www.drwilliansegalin.com.br Country : Brazil Actor: qiulong Source: http://62brsjf2w77ihz5paods33cdgqnon54gjns5nmag3hmqv6fcwamtkmad.onion/?p=128 Discovered: 2024-04-24 00:10:12.685358 Published: 2024-04-23 19:56:05.000000 Description :

Another outlaw plastic surgeon who does not protect his patients’ privacy safely. Dr. Willian, if you care about your patients’ data and privacy, stop driving your Mustang around like a negligent doctor and avoid remaining silent.…
Read More

Threat Actor: Unknown | Unknown Victim: Chinese iPhone and Huawei Users | Chinese iPhone and Huawei Users Price: $6200 for iPhone dataset, $1300 for Huawei dataset Exfiltrated Data Type: Personal information of iPhone iOS and Huawei mobile phone users in China

Additional Information :

The database contains the personal information of iPhone iOS and Huawei mobile phone users across China.…
Read More
Key PointsAvast discovered and analyzed a malware campaign hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers Avast disclosed the vulnerability to both eScan antivirus and India CERT. On 2023-07-31, eScan confirmed that the issue was fixed and successfully resolved The campaign was orchestrated by a threat actor with possible ties to Kimsuky Two different types of backdoors have been discovered, targeting large corporate networks The final payload distributed by GuptiMiner was also XMRigIntroduction

We’ve been tracking a curious one here.…

Read More

Victim: draandrearechia.com.br Country : Unknown Actor: qiulong Source: http://62brsjf2w77ihz5paods33cdgqnon54gjns5nmag3hmqv6fcwamtkmad.onion/?p=75 Discovered: 2024-04-23 02:00:47.923489 Description :

Dr. Andrea Rechia is another Brazilian plastic surgeon who doesn’t care about the data and privacy of her patients. Numerous attempts were made to contact her; however, she chose to remain silent instead of protecting her patients’ privacy.…
Read More

Summary: Hackers are targeting messaging apps used by the Ukrainian armed forces in an attempt to plant data-stealing malware, according to a report from CERT-UA.

Threat Actor: UAC-0184 | UAC-0184 Victim: Ukrainian armed forces | Ukrainian armed forces

Key Point :

Hackers identified as UAC-0184 are targeting Ukrainian armed forces’ messaging apps with data-stealing malware.…
Read More