Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is considering an overhaul of its Joint Cyber Defense Collaborative (JCDC) due to criticism and challenges in its current form.

Threat Actor: N/A Victim: N/A

Key Point :

The JCDC, established in 2021, aims to develop best practices in cybersecurity across industries and improve collaboration between the public and private sectors.…
Read More
In October 2023, we observed an intrusion that began with a spam campaign, distributing a forked IcedID loader. The threat actor used Impacket’s wmiexec and RDP to install ScreenConnect on multiple systems, enabling them to execute various commands and deploy Cobalt Strike beacons. Their toolkit also included CSharp Streamer, a RAT written in CSharp with numerous functionalities, as documented here.…
Read More

Summary: The content discusses a new hacking campaign called “SickSync” launched by the UAC-0020 (Vermin) hacking group, targeting the Ukrainian defense forces and using the legitimate file-syncing software SyncThing in combination with malware called SPECTR.

Threat Actor: UAC-0020 (Vermin) hacking group | UAC-0020 (Vermin) Victim: Ukrainian defense forces | Ukrainian defense forces

Key Point :

The UAC-0020 (Vermin) hacking group, linked to the Luhansk People’s Republic (LPR) region occupied by Russia, has launched a new hacking campaign called “SickSync” targeting the Ukrainian defense forces.…
Read More

Cybercriminals can launch distributed denial-of-service (DDoS) attacks with relative ease these days by using DDoS booter services, online services that automate the DDoS attack process.

WhoisXML API threat researcher Dancho Danchev recently uncovered a list of the user information for a popular DDoS booter service, which our research team used to create a profile and expand to identify related artifacts.…

Read More

Threat Actor: HackNeT | HackNeT Victim: Ireland | Ireland Price: Not specified Exfiltrated Data Type: Not specified

Additional Information :

Russian hacker group NoName057 announced their plans to attack Europe during the European Parliament elections. HackNeT allegedly targeted Ireland during the elections. The threat actor attacked the websites of Ireland’s election portal and National Transport Authority.…
Read More

Threat Actor: GlorySec | GlorySec Victim: Companies in Guyana City, Venezuela | Companies in Guyana City Price: Not mentioned Exfiltrated Data Type: Not mentioned

Additional Information:

GlorySec has launched a malware attack targeting companies in Guyana City, Venezuela. The group claims to have deployed worm-type malware via USB sticks, infiltrating over 100 companies’ systems.…
Read More
Spain’s most wanted cybercriminal arrested in Romania

A mastermind behind the organized crime group responsible for various online fraud schemes has been detained in Bucharest, Romania. The individual, who had been on the run for several years, is linked to over 300 reported fraud cases across Spain, with illicit financial transactions totaling 10 million euros.…

Read More

Threat Actor: NoName057(16) | NoName057 Victim: European internet infrastructure | European internet infrastructure Price: Not specified Exfiltrated Data Type: Not specified

Additional Information:

NoName057(16) is a Russian hacker group planning a cyberattack on European internet infrastructure. The group criticizes the European Parliament and accuses it of being Russophobic.…
Read More

Written by: Michelle Cantos, Jamie Collier

 

Executive Summary Mandiant assesses with high confidence that the Paris Olympics faces an elevated risk of cyber threat activity, including cyber espionage, disruptive and destructive operations, financially-motivated activity, hacktivism, and information operations.  Olympics-related cyber threats could realistically impact various targets including event organizers and sponsors, ticketing systems, Paris infrastructure, and athletes and spectators traveling to the event. …
Read More

Published On : 2024-06-06

Mustang Panda, also known as Bronze President, is a Chinese cyber threat actor, active since 2012. This group has launched cyberattacks against organizations worldwide, targeting foreign governments, NGOs, and other entities deemed adversaries of the Chinese Communist Party. Mustang Panda is notorious for its sophisticated spear-phishing campaigns, which utilize the target’s native language and often impersonate government services.…

Read More

Summary: Two Russian state-aligned threat actors are conducting online influence operations to undermine the upcoming Olympic Games in Paris, spreading fake news and doctored images on social media.

Threat Actor: Storm-1679 and Storm-1099 (aka “Doppelganger”) | Storm-1679, Storm-1099

Victim: International Olympic Committee (IOC) | International Olympic Committee

Key Point :

Storm-1679 and Storm-1099 have been spreading fake news, doctored images, and AI-aided videos about the Olympics on social media.…
Read More

Threat Actor: GlorySec | GlorySec Victim: City of Saint Petersburg | City of Saint Petersburg Price: Not specified Exfiltrated Data Type: Small databases

Additional Information:

GlorySec has announced a strategic shift in their operations, focusing primarily on Russia. The group has successfully breached and posted several small databases from the city of Saint Petersburg.…
Read More

Summary: NATO allies are being urged to allow their militaries to be proactive in cyberspace to prevent cyberattacks that could disrupt the deployment of forces during a conflict, according to Christian-Marc Lifländer, the head of NATO’s cyber and hybrid policy section.

Threat Actor: Russia | Russia Victim: NATO | NATO

Key Point:

NATO allies need to adopt a proactive approach in cyberspace to prevent cyberattacks that could disrupt military operations during conflicts.…
Read More

Between 27 and 29 May 2024, international law enforcement agencies and partners conducted the Operation Endgame to disrupt criminal services, notably through taking down key botnet infrastructures, including those of IcedID, SystemBC, PikaBot, SmokeLoader and BumbleBee.

The Sekoia TDR team supported the French law enforcement agencies by providing valuable cyber threat intelligence, in particular on PikaBot.…

Read More

Summary: Independent journalists and opposition activists in Europe, who have faced threats from Russia or Belarus, have been targeted or infected with the Pegasus spyware.

Threat Actor: NSO Group | NSO Group Victim: Independent journalists and opposition activists in Europe | Independent journalists and opposition activists in Europe

Key Point :

At least seven Russian and Belarusian-speaking independent journalists and opposition activists in Europe have been targeted or infected with the Pegasus spyware.…
Read More