Summary: The European Central Bank (ECB) conducted its first cyber stress test for the banking sector, revealing that while banks are generally well-prepared for cyberattacks, there are significant gaps in their recovery capabilities. The test highlighted the need for improvements to ensure customer data protection and maintain confidence in the banking system.…

Read More

Summary: Russian-speaking threat actors dominate the cryptocurrency-related cybercrime landscape, accounting for over 69% of ransomware proceeds, with significant involvement in illicit activities such as money laundering and darknet market operations. North Korea leads in cryptocurrency theft, but Russian actors are prevalent in various forms of crypto-enabled crime, particularly ransomware.…

Read More

The Eldorado ransomware group, which reportedly emerged in March, operates a new Ransomware-as-a-Service (RaaS) platform featuring locker variants specifically designed for VMware ESXi and Windows systems. However, this group, which is thought to be of Russian origin, might have older ties.

This post delves into the origins, tactics, and impact of Eldorado, providing a comprehensive overview of this notorious cybercriminal organization.…

Read More

Summary: A Belarusian state-sponsored hacker group, GhostWriter, has targeted Ukrainian organizations and government agencies using PicassoLoader malware, with a focus on local governance reform projects. The group is known for its cyber espionage activities and has previously attacked various Ukrainian entities and their allies.

Threat Actor: GhostWriter | GhostWriter Victim: Ukrainian organizations | Ukrainian organizations

Key Point :

GhostWriter used PicassoLoader and Cobalt Strike Beacon to infect Ukrainian victims.…
Read More

Summary: Spanish authorities have arrested three individuals linked to cyber-attacks by the pro-Russian hacktivist group NoName057(16), which targeted government institutions and strategic sectors in Spain and NATO countries. These attacks were part of a broader campaign against nations supporting Ukraine amid ongoing Russian aggression.

Threat Actor: NoName057(16) | NoName057(16)

Key Point :

Three suspects were arrested for cybercrimes with terrorist intentions, following a series of DDoS attacks.…
Read More

Published On : 2024-07-26

EXECUTIVE SUMMARY

A recent update from CrowdStrike caused the Blue Screen of Death (BSOD) on many Windows computers globally, leading to widespread disruption. Cybercriminals quickly exploited the chaos, using phishing campaigns and malicious domains to deceive users.

The CYFIRMA Research team is continuously monitoring the ongoing situation and has carried out an analysis of the tactics, techniques & procedures (TTPs) on deployed malware and malicious campaigns of the threat actors.…

Read More

Summary: Several major Russian banks experienced distributed denial-of-service (DDoS) attacks that disrupted their online services, with Ukraine’s military intelligence claiming responsibility for the campaign. The attacks affected multiple banks and telecom operators, although the extent of the disruption varied among the victims.

Threat Actor: Ukraine’s military intelligence (HUR) | HUR Victim: Russian banks | Russian banks

Key Point :

Several large Russian banks, including VTB and Gazprombank, reported DDoS attacks that affected their mobile apps and websites.…
Read More

Summary: A record-breaking DDoS attack targeting a financial institution in the UAE lasted over six days, attributed to the pro-Palestinian hacktivist group BlackMeta. The attack averaged 4.5 million requests per second, showcasing a significant escalation in the tactics used by hacktivist groups.

Threat Actor: BlackMeta | BlackMeta Victim: Financial Institution in UAE | financial institution in UAE

Key Point :

The attack lasted over 100 hours, with multiple waves of requests targeting the financial institution’s website.…
Read More

Summary: The European Union is facing a significant increase in brute-force cyberattacks on corporate and institutional networks, primarily attributed to Russian threat actors exploiting Microsoft infrastructure to evade detection. This ongoing campaign, which has been active since at least May 2024, targets high-value assets across major cities in Europe, underscoring the urgent need for enhanced cybersecurity measures.…

Read More

Summary: A report by the Royal United Services Institute (RUSI) reveals that Russia’s cyber operations in Ukraine have shifted focus from civilian infrastructure to tactical military objectives, targeting frontline military communications and devices. This change reflects an adaptation of Russia’s cybersecurity strategy to the prolonged nature of the conflict, emphasizing the importance of signals intelligence for battlefield advantages.…

Read More

In the past few months, the Telegram clicker game Hamster Kombat has taken the world of cryptocurrency game enthusiasts by storm. Even though the gameplay, which mostly entails repeatedly tapping the screen of one’s mobile device, might be rather simple, players are after something more: the possibility of earning big once Hamster Kombat’s creators unveil the promised new cryptocoin tied to the game.…

Read More

Summary: Two foreign nationals, Ruslan Magomedovich Astamirov and Mikhail Vasiliev, pleaded guilty for their involvement in the LockBit ransomware operation, which has targeted over 2,500 victims globally since 2020. The operation has caused significant financial damage, extracting approximately $500 million in ransom payments and leading to billions in broader losses.…

Read More

Published On : 2024-07-19

EXECUTIVE SUMMARY

In the second quarter of 2024, Advanced Persistent Threat (APT) groups from China, North Korea, Iran, and Russia demonstrated a surge in dynamic and innovative cyber activities, significantly challenging the global cybersecurity landscape.

Starting with Iran, state-sponsored threat actors exhibited advanced capabilities across various regions and sectors.…

Read More