“`html

Short Summary

This article discusses the rise of ransomware groups that utilize leaked ransomware variants to conduct attacks. It highlights three groups: SEXi, Key Group, and Mallox, detailing their methods, operational characteristics, and the implications of their activities in the ransomware landscape.

Key PointsRansomware Acquisition: Cybercriminals often acquire ransomware samples through the dark web, affiliations, or leaked variants.…
Read More

Summary: The Senate Armed Services Committee has advanced Michael Sulmeyer’s nomination as the Pentagon’s first assistant secretary of defense for cyber policy, aiming to enhance the Defense Department’s focus on cybersecurity. Sulmeyer emphasized the importance of building combat power and retention within U.S. Cyber Command amid rising cyber threats from adversaries like China and Russia.…

Read More

Summary: This blog post details a sophisticated Android-targeted SMS stealer campaign that has been active since February 2022, highlighting the tactics used by attackers to steal one-time passwords (OTPs) and sensitive information from victims. Researchers from zLabs have identified over 107,000 malware samples associated with this campaign, showcasing its scale and evolution over time.…

Read More

Summary: Microsoft experienced an eight-hour outage due to a DDoS attack affecting its Azure portal and Microsoft 365 services, compounded by a security response error. The company is conducting a review to analyze the incident and improve future responses.

Threat Actor: Pro-Russia hacktivists | Anonymous Sudan Victim: Microsoft | Microsoft

Key Point :

A DDoS attack led to significant service disruptions for Microsoft, affecting Azure and Microsoft 365.…
Read More

“`html Short Summary:

APT40, a Chinese cyber-espionage group linked to the Ministry of State Security, has been active since 2009, targeting various sectors such as maritime, defense, and technology. The group employs a range of tactics, techniques, and procedures (TTPs) to infiltrate networks, maintain persistence, and exfiltrate sensitive data, aligning its activities with China’s strategic objectives.…

Read More

Summary: The European Central Bank (ECB) conducted its first cyber stress test for the banking sector, revealing that while banks are generally well-prepared for cyberattacks, there are significant gaps in their recovery capabilities. The test highlighted the need for improvements to ensure customer data protection and maintain confidence in the banking system.…

Read More

Summary: Russian-speaking threat actors dominate the cryptocurrency-related cybercrime landscape, accounting for over 69% of ransomware proceeds, with significant involvement in illicit activities such as money laundering and darknet market operations. North Korea leads in cryptocurrency theft, but Russian actors are prevalent in various forms of crypto-enabled crime, particularly ransomware.…

Read More

The Eldorado ransomware group, which reportedly emerged in March, operates a new Ransomware-as-a-Service (RaaS) platform featuring locker variants specifically designed for VMware ESXi and Windows systems. However, this group, which is thought to be of Russian origin, might have older ties.

This post delves into the origins, tactics, and impact of Eldorado, providing a comprehensive overview of this notorious cybercriminal organization.…

Read More

Summary: A Belarusian state-sponsored hacker group, GhostWriter, has targeted Ukrainian organizations and government agencies using PicassoLoader malware, with a focus on local governance reform projects. The group is known for its cyber espionage activities and has previously attacked various Ukrainian entities and their allies.

Threat Actor: GhostWriter | GhostWriter Victim: Ukrainian organizations | Ukrainian organizations

Key Point :

GhostWriter used PicassoLoader and Cobalt Strike Beacon to infect Ukrainian victims.…
Read More

Summary: Spanish authorities have arrested three individuals linked to cyber-attacks by the pro-Russian hacktivist group NoName057(16), which targeted government institutions and strategic sectors in Spain and NATO countries. These attacks were part of a broader campaign against nations supporting Ukraine amid ongoing Russian aggression.

Threat Actor: NoName057(16) | NoName057(16)

Key Point :

Three suspects were arrested for cybercrimes with terrorist intentions, following a series of DDoS attacks.…
Read More

Published On : 2024-07-26

EXECUTIVE SUMMARY

A recent update from CrowdStrike caused the Blue Screen of Death (BSOD) on many Windows computers globally, leading to widespread disruption. Cybercriminals quickly exploited the chaos, using phishing campaigns and malicious domains to deceive users.

The CYFIRMA Research team is continuously monitoring the ongoing situation and has carried out an analysis of the tactics, techniques & procedures (TTPs) on deployed malware and malicious campaigns of the threat actors.…

Read More

Summary: Several major Russian banks experienced distributed denial-of-service (DDoS) attacks that disrupted their online services, with Ukraine’s military intelligence claiming responsibility for the campaign. The attacks affected multiple banks and telecom operators, although the extent of the disruption varied among the victims.

Threat Actor: Ukraine’s military intelligence (HUR) | HUR Victim: Russian banks | Russian banks

Key Point :

Several large Russian banks, including VTB and Gazprombank, reported DDoS attacks that affected their mobile apps and websites.…
Read More

Summary: A record-breaking DDoS attack targeting a financial institution in the UAE lasted over six days, attributed to the pro-Palestinian hacktivist group BlackMeta. The attack averaged 4.5 million requests per second, showcasing a significant escalation in the tactics used by hacktivist groups.

Threat Actor: BlackMeta | BlackMeta Victim: Financial Institution in UAE | financial institution in UAE

Key Point :

The attack lasted over 100 hours, with multiple waves of requests targeting the financial institution’s website.…
Read More

Summary: The European Union is facing a significant increase in brute-force cyberattacks on corporate and institutional networks, primarily attributed to Russian threat actors exploiting Microsoft infrastructure to evade detection. This ongoing campaign, which has been active since at least May 2024, targets high-value assets across major cities in Europe, underscoring the urgent need for enhanced cybersecurity measures.…

Read More

Summary: A report by the Royal United Services Institute (RUSI) reveals that Russia’s cyber operations in Ukraine have shifted focus from civilian infrastructure to tactical military objectives, targeting frontline military communications and devices. This change reflects an adaptation of Russia’s cybersecurity strategy to the prolonged nature of the conflict, emphasizing the importance of signals intelligence for battlefield advantages.…

Read More

In the past few months, the Telegram clicker game Hamster Kombat has taken the world of cryptocurrency game enthusiasts by storm. Even though the gameplay, which mostly entails repeatedly tapping the screen of one’s mobile device, might be rather simple, players are after something more: the possibility of earning big once Hamster Kombat’s creators unveil the promised new cryptocoin tied to the game.…

Read More