Summary: This article discusses the resurgence of the Russia-based cybercrime group Fin7, which was previously declared dead by U.S. authorities, and their collaboration with Stark Industries Solutions in launching cyberattacks against various organizations.

Threat Actor: Fin7 | Fin7 Victim: Various media and technology companies

Key Point :

The Russia-based cybercrime group Fin7, known for phishing and malware attacks, has resurfaced and is setting up thousands of websites mimicking media and technology companies.…
Read More

Summary: The content discusses the identification of the developer behind a malicious remote access tool used to target Russian organizations.

Threat Actor: Mr. Burns | Mr. Burns Victim: Russian organizations | Russian organizations

Key Point :

The developer of a malicious remote access tool, known as BurnsRAT, used to target Russian organizations has been identified as a 38-year-old Ukrainian national named Andriy R.…
Read More

Summary: A large-scale fraud campaign with over 700 domain names is targeting Russian-speaking users looking to purchase tickets for the Summer Olympics in Paris, offering fake tickets to the Olympic Games and other major sports and music events.

Threat Actor: Ticket Heist | Ticket Heist Victim: Russian-speaking users | Russian-speaking users

Key Point :

A large-scale fraud campaign with over 700 domain names is targeting Russian-speaking users looking to purchase tickets for the Summer Olympics in Paris.…
Read More
1. Introduction

Attackers have increasingly started using Telegram as a control server (C2). One example is the Lazy Koala group, which we recently discovered and set out to study. While researching bots on Telegram, we found that many are from Indonesia. We were struck by the huge numbers of messages and victims, and how new bots and chats seem to appear on Telegram by the day, so we decided to get to the bottom of this “Indonesian tsunami.”…

Read More

Summary: This article discusses the use of artificial intelligence and machine learning in cyberwarfare and fraud management, specifically focusing on a software that generates social media bots.

Threat Actor: Meliorator Software | Meliorator Software Victim: Social media platforms and users

Key Point :

Meliorator Software is a tool that generates social media bots, which can be used for various purposes including spreading disinformation and manipulating public opinion.…
Read More

Written by: John Hultquist

 

As North Atlantic Treaty Organization (NATO) members and partners gather for a historic summit, it is important to take stock of one of its most pressing challenges—the cyber threat. The Alliance faces a barrage of malicious cyber activity from all over the globe, carried out by emboldened state-sponsored actors, hacktivists, and criminals who are willing to cross lines and carry out activity that was previously considered unlikely or inconceivable.…

Read More

Summary: France’s cybersecurity agency warns of hacking group linked to Russia’s Foreign Intelligence Service (SVR) targeting French diplomatic entities.

Threat Actor: Russia’s Foreign Intelligence Service (SVR) | Russia’s Foreign Intelligence Service (SVR) Victim: French diplomatic entities | French diplomatic entities

Key Point :

A hacking group linked to Russia’s SVR, known as Midnight Blizzard or APT29, has launched targeted cyber attacks against French diplomatic entities.…
Read More

Summary: Operation Morpheus is an international law enforcement operation aimed at combatting the criminal abuse of the Cobalt Strike red teaming tool.

Threat Actor: Various threat actors, including APT29, FIN7, RYUK, Trickbot, and Conti, have used the Cobalt Strike platform.

Victim: No specific victim mentioned.

Key Point :

Operation Morpheus is led by the UK National Crime Agency and includes law enforcement authorities from Australia, Canada, Germany, the Netherlands, Poland, and the United States.…
Read More

Sandworm is a highly sophisticated Russian adversary, active since at least 2009, that has been attributed to Russia’s Main Intelligence Directorate (GRU) for Special Technologies (GTsST) military Unit 74455.

Sandworm is characterized by the use of malware families specifically designed to compromise Industrial Control System (ICS) and Supervisory Control and Data Acquisition (SCADA) systems found in entities located in the Energy, Government, and Media sectors.…

Read More

Summary: TeamViewer, a software company, experienced a breach in its internal corporate IT environment, resulting in the theft of encrypted passwords. The attack has been attributed to a Kremlin-backed group known as APT29.

Threat Actor: APT29 | APT29 Victim: TeamViewer | TeamViewer

Key Point :

A compromised employee account enabled hackers from APT29 to breach TeamViewer’s internal corporate IT environment and steal encrypted passwords.…
Read More

Summary: Polish prosecutors are investigating a suspected Russian cyberattack on the country’s state news agency, with the likely goal being disinformation aimed at causing disturbances in Poland’s system or economy.

Threat Actor: Russian | Russian Victim: Polish Press Agency (PAP) | Polish Press Agency

Key Point :

Polish prosecutors are investigating a suspected Russian cyberattack on the Polish Press Agency (PAP), with the likely goal being disinformation aimed at causing disturbances in Poland’s system or economy.…
Read More

On May 20, 2024, while everyone was happily celebrating the holiday, the tireless XLab CTIA(Cyber Threat Insight Analysis) system captured a suspicious ELF file around 2 PM, located at /usr/bin/geomi. This file was packed with a modified UPX, had a magic number of 0x30219101, and was uploaded from Russia to VirusTotal, where it was not detected as malicious by any antivirus engine.…

Read More

On June 17, 2024, we discovered an ELF sample written in C language with a detection rate of 0 on VT. This sample was packed with a modified upx packer. After unpacking, another modified upx-packed elf file was obtained which was written in CGO mode. After analysis, it was found that this is a new tool from the “8220” mining gang, which is used to install other malware, mainly to install the Tsunami DDoS botnet and the PwnRig mining program.…

Read More