Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
NJRAT – Active IOCsJune 24, 2024CVE-2024-38319 – IBM Security SOAR VulnerabilityJune 24, 2024
Analysis SummaryThe French information security agency ANSSI reported that Russia-linked APT group APT29, also known as Nobelium, Cozy Bear, and other aliases, has been targeting French diplomatic entities. Despite grouping these attacks under Nobelium, ANSSI differentiates between threat clusters, including one named Dark Halo responsible for the 2020 SolarWinds attack.…
Summary: The U.S. Department of Commerce has issued a ban on Kaspersky Lab’s security software in the country, citing national security risks due to the company’s ties to the Russian government and its offensive cyber capabilities.
Threat Actor: Kaspersky Lab | Kaspersky Lab Victim: United States | United States
Key Point :
The U.S.…Summary: Russian-aligned threat actor Nobelium has been continuously targeting French diplomatic entities and public organizations since 2021, according to the French cybersecurity agency ANSSI.
Threat Actor: Nobelium | Nobelium Victim: French diplomatic entities and public organizations | French diplomatic entities and public organizations
Key Point :
Russian-aligned threat actor Nobelium has been targeting French diplomatic entities and public organizations since 2021.…Summary: Russian hackers are suspected to be behind the disruption of an online broadcast of the Euro 2024 soccer tournament in Poland.
Threat Actor: Russian hackers | Russian hackers Victim: TVP (Polish public television network) | TVP
Key Point:
Russian hackers attacked the website of TVP, which was broadcasting the Polish national team’s opening match against the Netherlands in the Euro 2024 soccer tournament.…Recent history could be termed the Age of Ransomware in the realm of cybercrime. However, threat actors have discovered a way to profit without the need for malware development or sophisticated methods. SpaceBears is a new participant in the Data Broker trend, which has gained momentum particularly due to major crackdowns on ransomware groups by security forces.…
Summary: Ukraine has signed a security agreement with the U.S. to enhance its defense against Russian invaders, including in cyberspace.
Threat Actor: Russian invaders | Russian invaders Victim: Ukraine | Ukraine
Key Point :
Ukraine has signed a long-anticipated security agreement with the U.S. to strengthen its defenses against Russian invaders, including in cyberspace.…Summary: This content discusses the increase in cyber threat activities driven by major regional and global events, such as elections and military exercises.
Threat Actor: China-linked threat groups | China-linked threat groups Victim: Global government sector | global government sector
Key Point :
China-linked threat groups, like Volt Typhoon, are responsible for 68.3% of all advanced persistent threat (APT) activities, with 23% of their activity targeting the global government sector.…Summary: The Security Service of Ukraine (SSU) has dismantled the infrastructure used by pro-Russia Ukraine residents to break into soldiers’ devices and deploy spyware. The infrastructure included bot farms and thousands of mobile numbers and Telegram accounts.
Threat Actor: Russian intelligence services | Russian intelligence services Victim: Ukrainian armed forces | Ukrainian armed forces
Key Point :
The Security Service of Ukraine (SSU) dismantled the infrastructure used by pro-Russia Ukraine residents to target Ukrainian soldiers.…Summary: This article discusses the increasing cyber threats faced by Brazil due to its growing profile on the world stage.
Threat Actor: Cyber Spies, Extortionists, Domestic Crooks | Cyber Spies, Extortionists, Domestic Crooks Victim: Brazil | Brazil
Key Point :
Brazil’s growing profile on the world stage makes it an attractive target for cyber threats.…FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants.…
This blog is part of my Tracking Adversaries blog series, whereby I perform a summary analysis of a particular adversary that has caught my attention and made me feel like they deserve special attention and investigation.
Qilin has been covered already by experts from Trend Micro, Secureworks, Group-IB, SentinelOne, SOCRadar, BleepingComputer, and MalwareHunterTeam.…
Written by: Kristen Dennesen, Luke McNamara, Dmitrij Lenz, Adam Weidemann, Aline Bueno
Individuals and organizations in Brazil face a unique cyber threat landscape because it is a complex interplay of global and local threats, posing significant risks to individuals, organizations, and critical sectors of Brazilian society.…
Summary: A Chinese espionage campaign targeting Fortinet edge devices has resulted in the compromise of at least 20,000 systems worldwide, including governments, international organizations, and defense industry companies.
Threat Actor: Chinese spies | Chinese spies Victim: Dutch defense networks, Western governments, international organizations, defense industry companies | Dutch defense networks
Key Point :
A Chinese espionage campaign targeted Fortinet edge devices and exploited a zero-day vulnerability to deploy the Coathanger remote access Trojan (RAT) on Dutch defense networks.…Summary: Hacktivists are conducting DDoS attacks on European political parties that oppose their interests during the European Parliament elections.
Threat Actor: Hacktivists | Hacktivists Victim: European political parties | European political parties
Key Point :
Hacktivists are targeting European political parties that represent and promote strategies opposing their interests.…Summary: The content discusses the seizure of 70 domains connected to a pig butchering scam that targeted members of the Russian diaspora through fraudulent cryptocurrency investments.
Threat Actor: Unknown | Unknown Victim: Members of the Russian diaspora | Members of the Russian diaspora
Key Point :
The Brooklyn District Attorney’s office seized 70 domains involved in a cryptocurrency scam that targeted the Russian-speaking community.…Summary: A Russian hacktivist crew threatens to attack European internet infrastructure in retaliation for European Parliament-issued sanctions and opposition to the invasion of Ukraine.
Threat Actor: NoName57(16) | NoName57(16) Victim: European Union (EU) | European Union
Key Point :
A Russian hacktivist crew, NoName57(16), along with seven other groups, threatens to launch cyber attacks on European internet infrastructure.…Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is considering an overhaul of its Joint Cyber Defense Collaborative (JCDC) due to criticism and challenges in its current form.
Threat Actor: N/A Victim: N/A
Key Point :
The JCDC, established in 2021, aims to develop best practices in cybersecurity across industries and improve collaboration between the public and private sectors.…Summary: The content discusses a new hacking campaign called “SickSync” launched by the UAC-0020 (Vermin) hacking group, targeting the Ukrainian defense forces and using the legitimate file-syncing software SyncThing in combination with malware called SPECTR.
Threat Actor: UAC-0020 (Vermin) hacking group | UAC-0020 (Vermin) Victim: Ukrainian defense forces | Ukrainian defense forces
Key Point :
The UAC-0020 (Vermin) hacking group, linked to the Luhansk People’s Republic (LPR) region occupied by Russia, has launched a new hacking campaign called “SickSync” targeting the Ukrainian defense forces.…Cybercriminals can launch distributed denial-of-service (DDoS) attacks with relative ease these days by using DDoS booter services, online services that automate the DDoS attack process.
WhoisXML API threat researcher Dancho Danchev recently uncovered a list of the user information for a popular DDoS booter service, which our research team used to create a profile and expand to identify related artifacts.…