Tag: RUSSIA

Summary: The content discusses the need for European research universities to collaborate with intelligence agencies to protect their research from being stolen by hostile states, particularly in sensitive technology areas.

Threat Actor: Chinese state | Chinese state Victim: European research universities | European research universities

Key Point:

EU member states recommend closer collaboration between research universities and intelligence agencies to safeguard research from theft by hostile states.…
Read More

In the ever-evolving landscape of cybersecurity threats, new groups like Hunt3r Kill3rs emerge with claims of disruptive capabilities. This analysis aims to provide an initial understanding of their activities, considering the limited timeframe and absence of concrete evidence substantiating their claims.

Hunt3r Kill3rs’ logo

Overview of Hunt3r Kill3rs:

Hunt3r Kill3rs, a recently surfaced threat group, assert their prowess in cyber operations, including Industrial Control Systems (ICS) breaches, communication network intrusions, and web application vulnerabilities exploitation.…

Read More

As organizations prepare for the challenges and opportunities of 2024, the critical importance of cybersecurity preparedness is increasingly apparent. In an era characterized by rapid digital transformation and continuous innovation, cyber threats are becoming more sophisticated and frequent, presenting substantial risks to businesses across all sectors.…

Read More
Introduction

In November 2023, the team at the Positive Technologies Expert Security Center (PT ESC) released their first research report on attacks by the hitherto-unknown group Hellhounds on Russian companies’ infrastructure: Operation Lahat. The report focused on the group’s attacks on Linux hosts that relied on a new backdoor known as Decoy Dog. Hellhounds carried on attacks on organizations located in Russia, scoring at least 48 confirmed victims by Q2 2024.…

Read More

Threat Actor: NoName057 Group | NoName057 Group Victim: German Federal Ministry of Justice, German Federal Ministry of Transport and Digital Infrastructure, Federal Office of Logistics and Mobility, German Customs Administration | German Federal Ministry of Justice, German Federal Ministry of Transport and Digital Infrastructure, Federal Office of Logistics and Mobility, German Customs Administration Price: Not specified Exfiltrated Data Type: Not specified

Additional Information:

NoName057 Group has claimed responsibility for a series of DDoS attacks on various German federal institutions.…
Read More

Summary: The Environmental Protection Agency (EPA) has reported that over 70% of water systems in the US fail to meet security standards, making them vulnerable to cyberattacks that can disrupt water sanitation and wastewater systems nationwide.

Threat Actor: Cybercriminals | Cybercriminals Victim: Water systems in the US | Water systems in the US

Key Point :

Over 70% of water systems in the US fail to meet security standards set by the EPA, exposing them to potential cyberattacks.…
Read More

This report was originally published for our customers on 14 May 2024.

Executive summaryThe DoppelGänger campaign is an ongoing influence campaign, starting from May 2022 and attributed to the Structura National Technologies (Structura) and the Social Design Agency (SDA), which are two Russian entities. The primary goal of DoppelGänger is to diminish support for Ukraine in the wake of Russian aggression and to foster divisions within nations backing Ukraine.…
Read More

Summary: The cryptojacking group known as Kinsing has been actively orchestrating illicit cryptocurrency mining campaigns since 2019, continuously evolving and adapting by integrating newly disclosed vulnerabilities to expand its botnet.

Threat Actor: Kinsing | Kinsing Victim: Various victims | Kinsing victim

Key Point :

Kinsing, also known as H2Miner, is a cryptojacking group that has consistently expanded its toolkit with new exploits to enroll infected systems in a crypto-mining botnet.…
Read More

Summary: Two previously unknown backdoors, LunarWeb and LunarMail, have been discovered compromising the foreign affairs ministry of a European country. The campaign is attributed to Turla, a hacking group believed to be connected to the Russian Federal Security Service (FSB).

Threat Actor: Turla | Turla Victim: Foreign affairs ministry of a European country | Foreign affairs ministry of a European country

Key Point :

A Russian state hacking group, Turla, has been identified as the threat actor behind the compromise of the foreign affairs ministry of a European country.…
Read More

Threat Actor: NoName057(16) | NoName057(16) Victim: VÚB banka, National Council of Slovakia | VÚB banka, National Council of Slovakia Price: Not specified Exfiltrated Data Type: Not specified

Additional Information:

NoName057(16) targeted VÚB banka, the second largest bank in Slovakia, and the National Council of Slovakia, the country’s legislative body.…
Read More

Summary: The U.S. is offering a reward for information on a network of individuals who scammed companies on behalf of North Korea, resulting in nearly $7 million in losses.

Threat Actor: North Korea | North Korea Victim: Companies | companies

Key Point :

The U.S. is offering a reward of up to $5 million for information on individuals involved in a scheme where companies were scammed of nearly $7 million on behalf of North Korea.…
Read More

Since March 2024, IBM X-Force has been tracking several large-scale phishing campaigns distributing the Grandoreiro banking trojan, which is likely operated as a Malware-as-a-Service (MaaS). Analysis of the malware revealed major updates within the string decryption and domain generating algorithm (DGA), as well as the ability to use Microsoft Outlook clients on infected hosts to spread further phishing emails.…

Read More

While responding to an incident, the Incident Response team of Positive Technologies Expert Security Center (PT ESC) discovered an unknown keylogger embedded in the main Microsoft Exchange Server page of one of our customers. This keylogger was collecting account credentials into a file accessible via a special path from the internet. The team identified over 30 victims, most of whom were linked to government agencies across various countries.…

Read More

Threat Actor: Rape Ransomware Team | Rape Ransomware Team Victim: Enterprise Windows networks | Enterprise Windows networks Price: 80% profit share Exfiltrated Data Type: Not specified

Additional Information:

The Rape Ransomware team is seeking partners experienced in accessing enterprise Windows networks. Partners will receive 80% of the ransom profits for each system they facilitate access to.…
Read More

Summary: This report examines the threat posed by Russia-linked advanced persistent threat (APT) groups on operational technology (OT) by analyzing key cyber attacks from the past 12 months, providing detection rules and recommendations for network defenders.

Threat Actor: Russia-linked APT groups | Russia-linked APT groups Victim: Various industries and specifically a manufacturing industry customer | manufacturing industry

Key Points:

This report analyzes cyber attacks conducted by Russia-linked APT groups on operational technology (OT) in the past year, providing useful detection rules and recommendations for network defenders.…
Read More

ESET researchers discovered two previously unknown backdoors – which we named LunarWeb and LunarMail – compromising a European ministry of foreign affairs (MFA) and its diplomatic missions abroad. We believe that the Lunar toolset has been used since at least 2020 and, given the similarities between the tools’ tactics, techniques, and procedures (TTPs) and past activities, we attribute these compromises to the infamous Russia-aligned cyberespionage group Turla, with medium confidence.…

Read More

Summary: The US Cybersecurity and Infrastructure Security Agency (CISA) has released a guide to help civil society organizations mitigate cyber threats, particularly those posed by state-sponsored actors from nations like Russia, China, Iran, and North Korea.

Threat Actor: State-sponsored actors | state-sponsored actors Victim: Civil society organizations | civil society organizations

Key Point :

The guide, titled “Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society,” provides actionable steps for civil society organizations to enhance their cybersecurity defenses.…
Read More

Summary: This post examines the activities of Dmitry Yuryevich Khoroshev, the alleged leader of the LockBit ransomware group, who has been charged by the United States, United Kingdom, and Australia for his involvement in cybercrimes.

Threat Actor: Dmitry Yuryevich Khoroshev | Dmitry Yuryevich Khoroshev Victim: Various organizations | LockBit ransomware victims

Key Point :

Dmitry Yuryevich Khoroshev has been indicted on 26 criminal counts, including extortion, wire fraud, and conspiracy, for allegedly creating, selling, and using the LockBit ransomware to extort over $100 million from victim organizations.…
Read More