This blog is part of my Tracking Adversaries blog series, whereby I perform a summary analysis of a particular adversary that has caught my attention and made me feel like they deserve special attention and investigation.

Qilin has been covered already by experts from Trend Micro, Secureworks, Group-IB, SentinelOne, SOCRadar, BleepingComputer, and MalwareHunterTeam.…

Read More

Summary: A Chinese espionage campaign targeting Fortinet edge devices has resulted in the compromise of at least 20,000 systems worldwide, including governments, international organizations, and defense industry companies.

Threat Actor: Chinese spies | Chinese spies Victim: Dutch defense networks, Western governments, international organizations, defense industry companies | Dutch defense networks

Key Point :

A Chinese espionage campaign targeted Fortinet edge devices and exploited a zero-day vulnerability to deploy the Coathanger remote access Trojan (RAT) on Dutch defense networks.…
Read More

Summary: Hacktivists are conducting DDoS attacks on European political parties that oppose their interests during the European Parliament elections.

Threat Actor: Hacktivists | Hacktivists Victim: European political parties | European political parties

Key Point :

Hacktivists are targeting European political parties that represent and promote strategies opposing their interests.…
Read More

Summary: The content discusses the seizure of 70 domains connected to a pig butchering scam that targeted members of the Russian diaspora through fraudulent cryptocurrency investments.

Threat Actor: Unknown | Unknown Victim: Members of the Russian diaspora | Members of the Russian diaspora

Key Point :

The Brooklyn District Attorney’s office seized 70 domains involved in a cryptocurrency scam that targeted the Russian-speaking community.…
Read More

Summary: A Russian hacktivist crew threatens to attack European internet infrastructure in retaliation for European Parliament-issued sanctions and opposition to the invasion of Ukraine.

Threat Actor: NoName57(16) | NoName57(16) Victim: European Union (EU) | European Union

Key Point :

A Russian hacktivist crew, NoName57(16), along with seven other groups, threatens to launch cyber attacks on European internet infrastructure.…
Read More

Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is considering an overhaul of its Joint Cyber Defense Collaborative (JCDC) due to criticism and challenges in its current form.

Threat Actor: N/A Victim: N/A

Key Point :

The JCDC, established in 2021, aims to develop best practices in cybersecurity across industries and improve collaboration between the public and private sectors.…
Read More
In October 2023, we observed an intrusion that began with a spam campaign, distributing a forked IcedID loader. The threat actor used Impacket’s wmiexec and RDP to install ScreenConnect on multiple systems, enabling them to execute various commands and deploy Cobalt Strike beacons. Their toolkit also included CSharp Streamer, a RAT written in CSharp with numerous functionalities, as documented here.…
Read More

Summary: The content discusses a new hacking campaign called “SickSync” launched by the UAC-0020 (Vermin) hacking group, targeting the Ukrainian defense forces and using the legitimate file-syncing software SyncThing in combination with malware called SPECTR.

Threat Actor: UAC-0020 (Vermin) hacking group | UAC-0020 (Vermin) Victim: Ukrainian defense forces | Ukrainian defense forces

Key Point :

The UAC-0020 (Vermin) hacking group, linked to the Luhansk People’s Republic (LPR) region occupied by Russia, has launched a new hacking campaign called “SickSync” targeting the Ukrainian defense forces.…
Read More

Cybercriminals can launch distributed denial-of-service (DDoS) attacks with relative ease these days by using DDoS booter services, online services that automate the DDoS attack process.

WhoisXML API threat researcher Dancho Danchev recently uncovered a list of the user information for a popular DDoS booter service, which our research team used to create a profile and expand to identify related artifacts.…

Read More

Threat Actor: HackNeT | HackNeT Victim: Ireland | Ireland Price: Not specified Exfiltrated Data Type: Not specified

Additional Information :

Russian hacker group NoName057 announced their plans to attack Europe during the European Parliament elections. HackNeT allegedly targeted Ireland during the elections. The threat actor attacked the websites of Ireland’s election portal and National Transport Authority.…
Read More

Threat Actor: GlorySec | GlorySec Victim: Companies in Guyana City, Venezuela | Companies in Guyana City Price: Not mentioned Exfiltrated Data Type: Not mentioned

Additional Information:

GlorySec has launched a malware attack targeting companies in Guyana City, Venezuela. The group claims to have deployed worm-type malware via USB sticks, infiltrating over 100 companies’ systems.…
Read More
Spain’s most wanted cybercriminal arrested in Romania

A mastermind behind the organized crime group responsible for various online fraud schemes has been detained in Bucharest, Romania. The individual, who had been on the run for several years, is linked to over 300 reported fraud cases across Spain, with illicit financial transactions totaling 10 million euros.…

Read More

Threat Actor: NoName057(16) | NoName057 Victim: European internet infrastructure | European internet infrastructure Price: Not specified Exfiltrated Data Type: Not specified

Additional Information:

NoName057(16) is a Russian hacker group planning a cyberattack on European internet infrastructure. The group criticizes the European Parliament and accuses it of being Russophobic.…
Read More

Written by: Michelle Cantos, Jamie Collier

 

Executive Summary Mandiant assesses with high confidence that the Paris Olympics faces an elevated risk of cyber threat activity, including cyber espionage, disruptive and destructive operations, financially-motivated activity, hacktivism, and information operations.  Olympics-related cyber threats could realistically impact various targets including event organizers and sponsors, ticketing systems, Paris infrastructure, and athletes and spectators traveling to the event. …
Read More

Published On : 2024-06-06

Mustang Panda, also known as Bronze President, is a Chinese cyber threat actor, active since 2012. This group has launched cyberattacks against organizations worldwide, targeting foreign governments, NGOs, and other entities deemed adversaries of the Chinese Communist Party. Mustang Panda is notorious for its sophisticated spear-phishing campaigns, which utilize the target’s native language and often impersonate government services.…

Read More

Summary: Two Russian state-aligned threat actors are conducting online influence operations to undermine the upcoming Olympic Games in Paris, spreading fake news and doctored images on social media.

Threat Actor: Storm-1679 and Storm-1099 (aka “Doppelganger”) | Storm-1679, Storm-1099

Victim: International Olympic Committee (IOC) | International Olympic Committee

Key Point :

Storm-1679 and Storm-1099 have been spreading fake news, doctored images, and AI-aided videos about the Olympics on social media.…
Read More