Summary: A report by the Royal United Services Institute (RUSI) reveals that Russia’s cyber operations in Ukraine have shifted focus from civilian infrastructure to tactical military objectives, targeting frontline military communications and devices. This change reflects an adaptation of Russia’s cybersecurity strategy to the prolonged nature of the conflict, emphasizing the importance of signals intelligence for battlefield advantages.…
Tag: RUSSIA
Summary: Spanish police have arrested three suspected members of the pro-Russian hacker group NoName057(16), known for executing DDoS attacks against Ukraine’s allies. The arrests are part of an ongoing investigation into the group’s activities, which have targeted public institutions and strategic sectors in Spain and other NATO countries.…
In the past few months, the Telegram clicker game Hamster Kombat has taken the world of cryptocurrency game enthusiasts by storm. Even though the gameplay, which mostly entails repeatedly tapping the screen of one’s mobile device, might be rather simple, players are after something more: the possibility of earning big once Hamster Kombat’s creators unveil the promised new cryptocoin tied to the game.…
Table of contentsKey TakeawaysSekoia.io investigated the mysterious 7777 botnet (aka. Quad7 botnet), published by the independent researcher Gi7w0rm inside the “The curious case of the 7777 botnet” blogpost.
Read More This investigation allowed us to intercept network communications and malware deployed on a TP-Link router compromised by the Quad7 botnet in France.…
Summary: Two foreign nationals, Ruslan Magomedovich Astamirov and Mikhail Vasiliev, pleaded guilty for their involvement in the LockBit ransomware operation, which has targeted over 2,500 victims globally since 2020. The operation has caused significant financial damage, extracting approximately $500 million in ransom payments and leading to billions in broader losses.…
Summary: The U.S. has sanctioned two members of the Russian hacktivist group Cyber Army of Russia Reborn (CARR) for their involvement in cyber operations targeting U.S. critical infrastructure. The group’s leader and primary hacker are linked to various attacks, including the manipulation of industrial control systems.…
Published On : 2024-07-21
EXECUTIVE SUMMARYA recent update from cybersecurity firm CrowdStrike caused the Blue Screen of Death (BSOD) on many Windows computers due to a faulty update to the Falcon Sensor agent. Millions of Windows-based systems across the globe experienced the dreaded Blue Screen of Death (BSOD), causing total system crashes.…
Summary:
Insikt Group's recent analysis reveals that North Koreans continue to use foreign technology to access the internet despite heavy sanctions. This includes Apple, Samsung, and Huawei devices, as well as various social media platforms. A notable finding is the increased use of obfuscation services like VPNs and proxies to circumvent censorship and surveillance.…
Published On : 2024-07-19
EXECUTIVE SUMMARYIn the second quarter of 2024, Advanced Persistent Threat (APT) groups from China, North Korea, Iran, and Russia demonstrated a surge in dynamic and innovative cyber activities, significantly challenging the global cybersecurity landscape.
Starting with Iran, state-sponsored threat actors exhibited advanced capabilities across various regions and sectors.…
Summary: A notorious cybercriminal group known as FIN7 is selling a custom security evasion tool called AvNeutralizer on darknet forums, which is used by criminal hackers to bypass threat detection systems on victims’ devices.
Threat Actor: FIN7 | FIN7 Victim: Various victims targeted by FIN7
Key Point:
A cybercriminal group known as FIN7 is selling a security evasion tool called AvNeutralizer on darknet forums.…Summary: This content discusses the increase in geopolitical DDoS attacks against Romania, involving multiple hacktivist groups, coinciding with Romania’s potential transfer of Patriot missiles to Ukraine.
Threat Actor: CyberDragon, Cyber Army of Russia, and other hacktivist groups.
Victim: Romanian websites and government entities.
Key Points:
Security researchers have observed an increase in geopolitical DDoS attacks against Romania.…Summary: Kaspersky, a security vendor, has decided to wind down its business operations in the US due to the Commerce Department’s decision to prevent it from selling products and services in the country.
Threat Actor: Kaspersky | Kaspersky Victim: US | US
Key Point :
Kaspersky is winding down its US operations and eliminating US-based positions due to the Commerce Department’s decision.…Date Reported: 2024-07-09 Country: USA Victim: Clay County | claycountyin.gov Additional Information:
The Clay County in Indiana fell victim to a ransomware attack on July 9, 2024. The attack resulted in the closure of the county courthouse, county offices, and the health department. The cybercriminals behind the attack are believed to be linked to Russia.…
Executive SummaryNew evidence shows FIN7 is using multiple pseudonyms to mask the group’s true identity and sustain its criminal operations in the underground market
FIN7’s campaigns demonstrate the group’s adoption of automated SQL injection attacks for exploiting public-facing applications
AvNeutralizer (aka AuKill), a highly specialized tool developed by FIN7 to tamper with security solutions, has been marketed in the criminal underground and used by multiple ransomware groups
SentinelLabs has discovered a new version of AvNeutralizer that utilizes a technique previously unseen in the wild to tamper with security solutions, leveraging the Windows built-in driver ProcLaunchMon.sys…
Read More Summary: NATO has announced plans to establish a new cyber-defense facility, the NATO Integrated Cyber Defence Centre (NICC), to enhance situational awareness and collective cyber-resilience among member states.
Threat Actor: N/A Victim: N/A
Key Point :
The NICC will be based at the Supreme Headquarters Allied Powers Europe (SHAPE) in Belgium and will consist of civilian and military experts from member states.…
Executive Summary
Read More On June 23, 2024, Cyble Research & Intelligence Labs (CRIL) researchers noted that a Russian hacktivist group with a wide audience called “People’s Cyber Army” (aka Народная Cyber Армия) and their allies HackNeT announced DDoS attacks on multiple French websites ahead of the Olympics.…
Summary: This content discusses the threat actor FIN7, a Russian-linked financial cybercrime group that targets US industries, and their use of various tactics such as spearphishing and ransomware.
Threat Actor: FIN7 | FIN7 Victim: US industries | US industries
Key Point :
Russian-linked FIN7 is a financial cybercrime group that has been active since 2013 and specifically targets US industries.…Summary: This article discusses the Ukrainian hacker Vyacheslav Penchukov, who was on the FBI’s ‘Most Wanted’ list for a decade.
Threat Actor: Ukrainian Hacker Vyacheslav Penchukov | Vyacheslav Penchukov Victim: N/A
Key Point :
Vyacheslav Penchukov was a Ukrainian hacker who was on the FBI’s ‘Most Wanted’ list for ten years.…
Securonix Threat Research Knowledge Sharing Series
By Securonix Threat Research: Den Iuzvyk, Tim Peck
Read More July 10, 2024
tldr: Threat actors today are evolving new tactics in order to evade traditional AV detections. Let’s dive into a technique growing in popularity: fileless code execution through the Windows registry.…
Summary: This article discusses the resurgence of the Russia-based cybercrime group Fin7, which was previously declared dead by U.S. authorities, and their collaboration with Stark Industries Solutions in launching cyberattacks against various organizations.
Threat Actor: Fin7 | Fin7 Victim: Various media and technology companies
Key Point :
The Russia-based cybercrime group Fin7, known for phishing and malware attacks, has resurfaced and is setting up thousands of websites mimicking media and technology companies.…