Tag: RECONNAISSANCE

Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole .5 Billion in Bybit Heist
Summary: Safe{Wallet} disclosed details about a sophisticated cyberattack on Bybit, attributed to state-sponsored North Korean hackers. The attackers employed advanced social engineering techniques to compromise a developer’s machine and hijack AWS session tokens, enabling them to conduct covert operations. The incident highlights serious security vulnerabilities in the cryptocurrency industry, which faces record losses from hacks in 2025.…
Read More
Summary: Microsoft Threat Intelligence reports that the Chinese state-backed cyber-espionage group, Silk Typhoon, has shifted tactics to exploit IT supply chains by targeting remote management tools and cloud applications. Their focus on infiltrating IT service providers and infrastructure companies allows them to indirectly access downstream networks, posing significant risks to various sectors.…
Read More
Emulating the Relentless RansomHub Ransomware
RansomHub is a newly emerged Ransomware-as-a-Service (RaaS) operation targeting organizations globally, implementing a double-extortion model that encrypts and steals sensitive data. The encryptor, encoded in C++ or Go, presents challenges for security analysis due to its password requirement for execution. Potential links to previous ransomware groups like Knight and BlackCat/ALPHV are noted.…
Read More
Unmasking the new persistent attacks on Japan
Cisco Talos discovered a malicious campaign attributed to an unknown attacker targeting organizations in Japan since January 2025, primarily exploiting the CVE-2024-4577 vulnerability to gain initial access and deploy advanced adversarial tools via Cobalt Strike. The attacker’s activities entail credential theft, system compromise, and potential lateral movement which could impact various industries.…
Read More
Sendai Vulnlab – ESC4 & ReadGMSAPassword for AD Domination
In the latest round of Active Directory exploitation, Maverick dives into the Sendai machine, showcasing vulnerabilities in Active Directory Certificate Services, password management, and SMB enumeration. Through strategic techniques such as password spraying and privilege escalation, an impressive path to Domain Admin is laid out, emphasizing the importance of enumeration and awareness of misconfigurations in AD environments.…
Read More
Silk Typhoon Shifts Tactics to Exploit Common IT Solutions
A new tactic shift by the Chinese espionage group Silk Typhoon has been identified, showcasing their increasing exploitation of common IT solutions to gain access. Their operations have affected numerous sectors including IT services, healthcare, government, and education, primarily in the US. Their methods include credential abuse, exploiting zero-day vulnerabilities, and lateral movement.…
Read More
US Charges Chinese Hackers Linked to Critical Infrastructure Breaches – PRSOL:CC
Summary: The US Justice Department has charged Chinese state security officers, along with hackers from APT27 and i-Soon, for conducting extensive cyberattacks and network breaches affecting various global victims since 2011. The charges include allegations of hacking US federal agencies, foreign ministries, and private entities, with substantial monetary rewards offered for information leading to the arrest of the accused.…
Read More
China Hackers Behind US Treasury Breach Caught Targeting IT Supply Chain
Summary: Microsoft has revealed a concerning shift in tactics by the Chinese espionage group Silk Typhoon, which is now focusing on the global IT supply chain instead of high-profile cloud services. The group is employing stolen API keys and compromised credentials to infiltrate IT services and managed service providers, allowing them to conduct reconnaissance and data exfiltration.…
Read More
Dark Caracal Uses Poco RAT to Target Spanish-Speaking Enterprises in Latin America
Summary: Dark Caracal has been linked to a campaign deploying Poco RAT, a remote access trojan targeting Spanish-speaking sectors in Latin America, particularly in 2024. The malware possesses advanced espionage capabilities, facilitating extensive data collection and intrusion efforts across various industries. This campaign marks a continuation of Dark Caracal’s focus on cyber espionage in the region, utilizing sophisticated phishing techniques to deliver the trojan.…
Read More
Defending against USB drive attacks with Wazuh
Summary: USB drive attacks represent a critical cybersecurity threat, utilizing everyday USB devices to spread malware and compromise network defenses, shown by incidents like the Stuxnet worm. These threats can lead to data breaches, financial losses, and damaged reputations for organizations. Solutions like Wazuh provide essential monitoring capabilities to detect and respond to such attacks across various operating systems.…
Read More
China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access
Summary: The Silk Typhoon hacking group has adapted its tactics to exploit the IT supply chain, targeting remote management tools and cloud applications to gain access to corporate networks. Microsoft Threat Intelligence highlighted their method of using stolen API keys for reconnaissance and data collection, indicating a shift toward more sophisticated exploitation techniques.…
Read More
SLOW#TEMPEST: Explaining the TTPs of the Cyber Espionage Campaign
SLOW#TEMPEST is a covert cyber espionage group that emerged in 2024, renowned for its stealthy infiltration tactics using sophisticated phishing and malware techniques. Their operations primarily target organizations in Chinese-speaking regions, employing methods like DLL hijacking and credential harvesting. This article analyzes their tactics, providing insights into their operational methods and defense strategies.…
Read More
Getting the Most Value Out of the OSCP: The PEN-200 Course
This article highlights essential strategies for maximizing the experience of the PEN-200 course, focusing on the importance of building proficiency with tools, understanding the real-world implications of techniques, and leveraging industry connections. By diversifying skills in note-taking and tool usage, aspiring ethical hackers can enhance their career prospects and avoid common pitfalls in penetration testing.…
Read More
One in Four Cyberattacks in 2024 Traced to Infostealers, Huntress Reports
The “2025 Cyber Threat Report” by Huntress confirms that infostealers like Vidar and Raccoon are responsible for 24% of all cyber incidents in 2024, emphasizing their critical role in modern cyber threats. This epidemic affects various sectors including healthcare, education, government, technology, and military, where they’ve caused significant breaches.…
Read More
New Multi-Vector Squidoor Malware Exploits Outlook API, DNS, and ICMP Tunneling for C2 Communication
Summary: A newly identified malware known as “Squidoor” poses a significant threat to various sectors in Southeast Asia and South America, attributed to a suspected Chinese threat actor. This malware utilizes advanced techniques to infiltrate networks, maintain persistence, and exfiltrate sensitive data, making it a sophisticated tool for cyber espionage.…
Read More
RST TI Report Digest: 03 Mar 2025
This week’s threat intelligence report from RST Cloud analyzes various cybersecurity threats targeting different sectors and establishments. Noteworthy attacks include FatalRAT impacting industrial organizations in the Asia-Pacific region, with an advanced delivery mechanism utilizing DLL sideloading. The Silent Killers report discusses a large-scale exploitation of legacy drivers, while other reports cover threats like Koi Stealer, AMOS Stealer, and attackers affiliated with the Hellcat and Silver Fox groups targeting governmental and healthcare sectors, respectively.…
Read More
Summary: A newly identified stealthy backdoor called Squidoor targets high-profile organizations in Southeast Asia and South America, linked to a suspected Chinese threat actor. The malware is highly modular, designed for both Windows and Linux, and uses advanced methods, including Outlook API tunneling, to maintain persistent access and exfiltrate sensitive information.…
Read More