Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
This blog is part of my Tracking Adversaries blog series, whereby I perform a summary analysis of a particular adversary that has caught my attention and made me feel like they deserve special attention and investigation.
Qilin has been covered already by experts from Trend Micro, Secureworks, Group-IB, SentinelOne, SOCRadar, BleepingComputer, and MalwareHunterTeam.…
Written by: Kristen Dennesen, Luke McNamara, Dmitrij Lenz, Adam Weidemann, Aline Bueno
Individuals and organizations in Brazil face a unique cyber threat landscape because it is a complex interplay of global and local threats, posing significant risks to individuals, organizations, and critical sectors of Brazilian society.…
Summary: A Chinese espionage campaign targeting Fortinet edge devices has resulted in the compromise of at least 20,000 systems worldwide, including governments, international organizations, and defense industry companies.
Threat Actor: Chinese spies | Chinese spies Victim: Dutch defense networks, Western governments, international organizations, defense industry companies | Dutch defense networks
Key Point :
A Chinese espionage campaign targeted Fortinet edge devices and exploited a zero-day vulnerability to deploy the Coathanger remote access Trojan (RAT) on Dutch defense networks.…Summary: Hacktivists are conducting DDoS attacks on European political parties that oppose their interests during the European Parliament elections.
Threat Actor: Hacktivists | Hacktivists Victim: European political parties | European political parties
Key Point :
Hacktivists are targeting European political parties that represent and promote strategies opposing their interests.…Summary: The content discusses the seizure of 70 domains connected to a pig butchering scam that targeted members of the Russian diaspora through fraudulent cryptocurrency investments.
Threat Actor: Unknown | Unknown Victim: Members of the Russian diaspora | Members of the Russian diaspora
Key Point :
The Brooklyn District Attorney’s office seized 70 domains involved in a cryptocurrency scam that targeted the Russian-speaking community.…Summary: A Russian hacktivist crew threatens to attack European internet infrastructure in retaliation for European Parliament-issued sanctions and opposition to the invasion of Ukraine.
Threat Actor: NoName57(16) | NoName57(16) Victim: European Union (EU) | European Union
Key Point :
A Russian hacktivist crew, NoName57(16), along with seven other groups, threatens to launch cyber attacks on European internet infrastructure.…Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is considering an overhaul of its Joint Cyber Defense Collaborative (JCDC) due to criticism and challenges in its current form.
Threat Actor: N/A Victim: N/A
Key Point :
The JCDC, established in 2021, aims to develop best practices in cybersecurity across industries and improve collaboration between the public and private sectors.…Summary: The content discusses a new hacking campaign called “SickSync” launched by the UAC-0020 (Vermin) hacking group, targeting the Ukrainian defense forces and using the legitimate file-syncing software SyncThing in combination with malware called SPECTR.
Threat Actor: UAC-0020 (Vermin) hacking group | UAC-0020 (Vermin) Victim: Ukrainian defense forces | Ukrainian defense forces
Key Point :
The UAC-0020 (Vermin) hacking group, linked to the Luhansk People’s Republic (LPR) region occupied by Russia, has launched a new hacking campaign called “SickSync” targeting the Ukrainian defense forces.…Cybercriminals can launch distributed denial-of-service (DDoS) attacks with relative ease these days by using DDoS booter services, online services that automate the DDoS attack process.
WhoisXML API threat researcher Dancho Danchev recently uncovered a list of the user information for a popular DDoS booter service, which our research team used to create a profile and expand to identify related artifacts.…
Threat Actor: HackNeT | HackNeT Victim: Ireland | Ireland Price: Not specified Exfiltrated Data Type: Not specified
Additional Information :
Russian hacker group NoName057 announced their plans to attack Europe during the European Parliament elections. HackNeT allegedly targeted Ireland during the elections. The threat actor attacked the websites of Ireland’s election portal and National Transport Authority.…Threat Actor: GlorySec | GlorySec Victim: Companies in Guyana City, Venezuela | Companies in Guyana City Price: Not mentioned Exfiltrated Data Type: Not mentioned
Additional Information:
GlorySec has launched a malware attack targeting companies in Guyana City, Venezuela. The group claims to have deployed worm-type malware via USB sticks, infiltrating over 100 companies’ systems.…A mastermind behind the organized crime group responsible for various online fraud schemes has been detained in Bucharest, Romania. The individual, who had been on the run for several years, is linked to over 300 reported fraud cases across Spain, with illicit financial transactions totaling 10 million euros.…
Morphisec Labs has been monitoring increased activity associated with Sticky Werewolf, a group suspected to have geopolitical and/or hacktivist ties. While the group’s geographical origin and home base remain unclear, recent attack techniques suggest espionage and data exfiltration intent. …
Threat Actor: NoName057(16) | NoName057 Victim: European internet infrastructure | European internet infrastructure Price: Not specified Exfiltrated Data Type: Not specified
Additional Information:
NoName057(16) is a Russian hacker group planning a cyberattack on European internet infrastructure. The group criticizes the European Parliament and accuses it of being Russophobic.…Written by: Michelle Cantos, Jamie Collier
Executive Summary Mandiant assesses with high confidence that the Paris Olympics faces an elevated risk of cyber threat activity, including cyber espionage, disruptive and destructive operations, financially-motivated activity, hacktivism, and information operations. Olympics-related cyber threats could realistically impact various targets including event organizers and sponsors, ticketing systems, Paris infrastructure, and athletes and spectators traveling to the event. …
A major multinational operation, conducted by Interpol and the US Federal Bureau of Investigation (FBI) with the cooperation of French and British authorities, has resulted in the arrest of four people in Moldova involved in a sophisticated scheme aimed at circumventing the Interpol-run Red Notice system.…
Published On : 2024-06-06
Mustang Panda, also known as Bronze President, is a Chinese cyber threat actor, active since 2012. This group has launched cyberattacks against organizations worldwide, targeting foreign governments, NGOs, and other entities deemed adversaries of the Chinese Communist Party. Mustang Panda is notorious for its sophisticated spear-phishing campaigns, which utilize the target’s native language and often impersonate government services.…
Summary: Researchers warn about the wider risk of malicious activity due to internet-exposed devices at industrial sites across the U.S., following months of attacks against water and wastewater treatment systems.
Threat Actor: State-linked and politically motivated threat groups have escalated attacks against drinking water and wastewater treatment sites in the U.S.…
Summary: Two Russian state-aligned threat actors are conducting online influence operations to undermine the upcoming Olympic Games in Paris, spreading fake news and doctored images on social media.
Threat Actor: Storm-1679 and Storm-1099 (aka “Doppelganger”) | Storm-1679, Storm-1099
Victim: International Olympic Committee (IOC) | International Olympic Committee
Key Point :
Storm-1679 and Storm-1099 have been spreading fake news, doctored images, and AI-aided videos about the Olympics on social media.…