Summary: The European Central Bank (ECB) conducted its first cyber stress test for the banking sector, revealing that while banks are generally well-prepared for cyberattacks, there are significant gaps in their recovery capabilities. The test highlighted the need for improvements to ensure customer data protection and maintain confidence in the banking system.…
Tag: RUSSIA
Introduction
Read More In May 2020, Bitdefender released a white paper containing a detailed analysis of Mandrake, a sophisticated Android cyber-espionage platform, which had been active in the wild for at least four years.
In April 2024, we discovered a suspicious sample that appeared to be a new version of Mandrake.…
Summary: Russian-speaking threat actors dominate the cryptocurrency-related cybercrime landscape, accounting for over 69% of ransomware proceeds, with significant involvement in illicit activities such as money laundering and darknet market operations. North Korea leads in cryptocurrency theft, but Russian actors are prevalent in various forms of crypto-enabled crime, particularly ransomware.…
The Eldorado ransomware group, which reportedly emerged in March, operates a new Ransomware-as-a-Service (RaaS) platform featuring locker variants specifically designed for VMware ESXi and Windows systems. However, this group, which is thought to be of Russian origin, might have older ties.
This post delves into the origins, tactics, and impact of Eldorado, providing a comprehensive overview of this notorious cybercriminal organization.…
Summary: A Belarusian state-sponsored hacker group, GhostWriter, has targeted Ukrainian organizations and government agencies using PicassoLoader malware, with a focus on local governance reform projects. The group is known for its cyber espionage activities and has previously attacked various Ukrainian entities and their allies.
Threat Actor: GhostWriter | GhostWriter Victim: Ukrainian organizations | Ukrainian organizations
Key Point :
GhostWriter used PicassoLoader and Cobalt Strike Beacon to infect Ukrainian victims.…Summary: Spanish authorities have arrested three individuals linked to cyber-attacks by the pro-Russian hacktivist group NoName057(16), which targeted government institutions and strategic sectors in Spain and NATO countries. These attacks were part of a broader campaign against nations supporting Ukraine amid ongoing Russian aggression.
Threat Actor: NoName057(16) | NoName057(16)
Key Point :
Three suspects were arrested for cybercrimes with terrorist intentions, following a series of DDoS attacks.…Published On : 2024-07-26
EXECUTIVE SUMMARYA recent update from CrowdStrike caused the Blue Screen of Death (BSOD) on many Windows computers globally, leading to widespread disruption. Cybercriminals quickly exploited the chaos, using phishing campaigns and malicious domains to deceive users.
The CYFIRMA Research team is continuously monitoring the ongoing situation and has carried out an analysis of the tactics, techniques & procedures (TTPs) on deployed malware and malicious campaigns of the threat actors.…
Summary: Several major Russian banks experienced distributed denial-of-service (DDoS) attacks that disrupted their online services, with Ukraine’s military intelligence claiming responsibility for the campaign. The attacks affected multiple banks and telecom operators, although the extent of the disruption varied among the victims.
Threat Actor: Ukraine’s military intelligence (HUR) | HUR Victim: Russian banks | Russian banks
Key Point :
Several large Russian banks, including VTB and Gazprombank, reported DDoS attacks that affected their mobile apps and websites.…Summary: A record-breaking DDoS attack targeting a financial institution in the UAE lasted over six days, attributed to the pro-Palestinian hacktivist group BlackMeta. The attack averaged 4.5 million requests per second, showcasing a significant escalation in the tactics used by hacktivist groups.
Threat Actor: BlackMeta | BlackMeta Victim: Financial Institution in UAE | financial institution in UAE
Key Point :
The attack lasted over 100 hours, with multiple waves of requests targeting the financial institution’s website.…Summary: The European Union is facing a significant increase in brute-force cyberattacks on corporate and institutional networks, primarily attributed to Russian threat actors exploiting Microsoft infrastructure to evade detection. This ongoing campaign, which has been active since at least May 2024, targets high-value assets across major cities in Europe, underscoring the urgent need for enhanced cybersecurity measures.…
Key Takeaways Cyble Research and Intelligence Labs (CRIL) came across an intriguing shortcut (.LNK) file masquerading as a legitimate Office document.
When the user executes the LNK file, it triggers the infection process, which runs a PowerShell command to drop and execute a .NET loader, ultimately delivering the final payload to the victim’s machine. …
Read More Summary: A report by the Royal United Services Institute (RUSI) reveals that Russia’s cyber operations in Ukraine have shifted focus from civilian infrastructure to tactical military objectives, targeting frontline military communications and devices. This change reflects an adaptation of Russia’s cybersecurity strategy to the prolonged nature of the conflict, emphasizing the importance of signals intelligence for battlefield advantages.…
Summary: Spanish police have arrested three suspected members of the pro-Russian hacker group NoName057(16), known for executing DDoS attacks against Ukraine’s allies. The arrests are part of an ongoing investigation into the group’s activities, which have targeted public institutions and strategic sectors in Spain and other NATO countries.…
In the past few months, the Telegram clicker game Hamster Kombat has taken the world of cryptocurrency game enthusiasts by storm. Even though the gameplay, which mostly entails repeatedly tapping the screen of one’s mobile device, might be rather simple, players are after something more: the possibility of earning big once Hamster Kombat’s creators unveil the promised new cryptocoin tied to the game.…
Table of contentsKey TakeawaysSekoia.io investigated the mysterious 7777 botnet (aka. Quad7 botnet), published by the independent researcher Gi7w0rm inside the “The curious case of the 7777 botnet” blogpost.
Read More This investigation allowed us to intercept network communications and malware deployed on a TP-Link router compromised by the Quad7 botnet in France.…
Summary: Two foreign nationals, Ruslan Magomedovich Astamirov and Mikhail Vasiliev, pleaded guilty for their involvement in the LockBit ransomware operation, which has targeted over 2,500 victims globally since 2020. The operation has caused significant financial damage, extracting approximately $500 million in ransom payments and leading to billions in broader losses.…
Summary: The U.S. has sanctioned two members of the Russian hacktivist group Cyber Army of Russia Reborn (CARR) for their involvement in cyber operations targeting U.S. critical infrastructure. The group’s leader and primary hacker are linked to various attacks, including the manipulation of industrial control systems.…
Published On : 2024-07-21
EXECUTIVE SUMMARYA recent update from cybersecurity firm CrowdStrike caused the Blue Screen of Death (BSOD) on many Windows computers due to a faulty update to the Falcon Sensor agent. Millions of Windows-based systems across the globe experienced the dreaded Blue Screen of Death (BSOD), causing total system crashes.…
Summary:
Insikt Group's recent analysis reveals that North Koreans continue to use foreign technology to access the internet despite heavy sanctions. This includes Apple, Samsung, and Huawei devices, as well as various social media platforms. A notable finding is the increased use of obfuscation services like VPNs and proxies to circumvent censorship and surveillance.…
Published On : 2024-07-19
EXECUTIVE SUMMARYIn the second quarter of 2024, Advanced Persistent Threat (APT) groups from China, North Korea, Iran, and Russia demonstrated a surge in dynamic and innovative cyber activities, significantly challenging the global cybersecurity landscape.
Starting with Iran, state-sponsored threat actors exhibited advanced capabilities across various regions and sectors.…