Summary: A notorious cybercriminal group known as FIN7 is selling a custom security evasion tool called AvNeutralizer on darknet forums, which is used by criminal hackers to bypass threat detection systems on victims’ devices.

Threat Actor: FIN7 | FIN7 Victim: Various victims targeted by FIN7

Key Point:

A cybercriminal group known as FIN7 is selling a security evasion tool called AvNeutralizer on darknet forums.…
Read More

Summary: This content discusses the increase in geopolitical DDoS attacks against Romania, involving multiple hacktivist groups, coinciding with Romania’s potential transfer of Patriot missiles to Ukraine.

Threat Actor: CyberDragon, Cyber Army of Russia, and other hacktivist groups.

Victim: Romanian websites and government entities.

Key Points:

Security researchers have observed an increase in geopolitical DDoS attacks against Romania.…
Read More

Summary: Kaspersky, a security vendor, has decided to wind down its business operations in the US due to the Commerce Department’s decision to prevent it from selling products and services in the country.

Threat Actor: Kaspersky | Kaspersky Victim: US | US

Key Point :

Kaspersky is winding down its US operations and eliminating US-based positions due to the Commerce Department’s decision.…
Read More

Date Reported: 2024-07-09 Country: USA Victim: Clay County | claycountyin.gov Additional Information:

The Clay County in Indiana fell victim to a ransomware attack on July 9, 2024. The attack resulted in the closure of the county courthouse, county offices, and the health department. The cybercriminals behind the attack are believed to be linked to Russia.…
Read More
Executive SummaryNew evidence shows FIN7 is using multiple pseudonyms to mask the group’s true identity and sustain its criminal operations in the underground market FIN7’s campaigns demonstrate the group’s adoption of automated SQL injection attacks for exploiting public-facing applications AvNeutralizer (aka AuKill), a highly specialized tool developed by FIN7 to tamper with security solutions, has been marketed in the criminal underground and used by multiple ransomware groups SentinelLabs has discovered a new version of AvNeutralizer that utilizes a technique previously unseen in the wild to tamper with security solutions, leveraging the Windows built-in driver ProcLaunchMon.sys…
Read More

Summary: NATO has announced plans to establish a new cyber-defense facility, the NATO Integrated Cyber Defence Centre (NICC), to enhance situational awareness and collective cyber-resilience among member states.

Threat Actor: N/A Victim: N/A

Key Point :

The NICC will be based at the Supreme Headquarters Allied Powers Europe (SHAPE) in Belgium and will consist of civilian and military experts from member states.…
Read More
Executive Summary

On June 23, 2024, Cyble Research & Intelligence Labs (CRIL) researchers noted that a Russian hacktivist group with a wide audience called “People​’s​ Cyber Army” (aka Народная Cyber Армия) and their allies HackNeT announced DDoS attacks on multiple French websites ahead of the Olympics.…

Read More

Summary: This content discusses the threat actor FIN7, a Russian-linked financial cybercrime group that targets US industries, and their use of various tactics such as spearphishing and ransomware.

Threat Actor: FIN7 | FIN7 Victim: US industries | US industries

Key Point :

Russian-linked FIN7 is a financial cybercrime group that has been active since 2013 and specifically targets US industries.…
Read More

Summary: This article discusses the resurgence of the Russia-based cybercrime group Fin7, which was previously declared dead by U.S. authorities, and their collaboration with Stark Industries Solutions in launching cyberattacks against various organizations.

Threat Actor: Fin7 | Fin7 Victim: Various media and technology companies

Key Point :

The Russia-based cybercrime group Fin7, known for phishing and malware attacks, has resurfaced and is setting up thousands of websites mimicking media and technology companies.…
Read More

Summary: The content discusses the identification of the developer behind a malicious remote access tool used to target Russian organizations.

Threat Actor: Mr. Burns | Mr. Burns Victim: Russian organizations | Russian organizations

Key Point :

The developer of a malicious remote access tool, known as BurnsRAT, used to target Russian organizations has been identified as a 38-year-old Ukrainian national named Andriy R.…
Read More

Summary: A large-scale fraud campaign with over 700 domain names is targeting Russian-speaking users looking to purchase tickets for the Summer Olympics in Paris, offering fake tickets to the Olympic Games and other major sports and music events.

Threat Actor: Ticket Heist | Ticket Heist Victim: Russian-speaking users | Russian-speaking users

Key Point :

A large-scale fraud campaign with over 700 domain names is targeting Russian-speaking users looking to purchase tickets for the Summer Olympics in Paris.…
Read More
1. Introduction

Attackers have increasingly started using Telegram as a control server (C2). One example is the Lazy Koala group, which we recently discovered and set out to study. While researching bots on Telegram, we found that many are from Indonesia. We were struck by the huge numbers of messages and victims, and how new bots and chats seem to appear on Telegram by the day, so we decided to get to the bottom of this “Indonesian tsunami.”…

Read More

Summary: This article discusses the use of artificial intelligence and machine learning in cyberwarfare and fraud management, specifically focusing on a software that generates social media bots.

Threat Actor: Meliorator Software | Meliorator Software Victim: Social media platforms and users

Key Point :

Meliorator Software is a tool that generates social media bots, which can be used for various purposes including spreading disinformation and manipulating public opinion.…
Read More

Written by: John Hultquist

 

As North Atlantic Treaty Organization (NATO) members and partners gather for a historic summit, it is important to take stock of one of its most pressing challenges—the cyber threat. The Alliance faces a barrage of malicious cyber activity from all over the globe, carried out by emboldened state-sponsored actors, hacktivists, and criminals who are willing to cross lines and carry out activity that was previously considered unlikely or inconceivable.…

Read More

Summary: France’s cybersecurity agency warns of hacking group linked to Russia’s Foreign Intelligence Service (SVR) targeting French diplomatic entities.

Threat Actor: Russia’s Foreign Intelligence Service (SVR) | Russia’s Foreign Intelligence Service (SVR) Victim: French diplomatic entities | French diplomatic entities

Key Point :

A hacking group linked to Russia’s SVR, known as Midnight Blizzard or APT29, has launched targeted cyber attacks against French diplomatic entities.…
Read More