Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Summary: Vishing and deepfake phishing attacks are increasing as threat actors use GenAI to enhance social engineering tactics, making phishing more difficult to detect and deceive even the most aware users.
Threat Actor: Cybercriminals | Cybercriminals Victim: Individuals and organizations | Individuals and organizations
Key Point :
Vishing and deepfake phishing attacks are on the rise as attackers leverage GenAI to amplify social engineering tactics.…Summary: A member of the REvil ransomware-as-a-service (RaaS) group, Yaroslav Vasinskyi, has been sentenced to over 13 years in prison and ordered to pay restitution for conducting numerous ransomware attacks and demanding millions in ransom payments.
Threat Actor: REvil ransomware-as-a-service (RaaS) group | REvil ransomware-as-a-service Victim: Multiple victims | REvil ransomware attacks
Key Point :
Affiliate of the REvil ransomware group, Yaroslav Vasinskyi, has been sentenced to 13 years and seven months in prison for conducting over 2500 ransomware attacks.…On April 24, 2024, we found a previously undetected malicious Mach-O binary programmed to behave like a cross between spyware and an infostealer. We have named the malware Cuckoo, after the bird that lays its eggs in the nests of other birds and steals the host’s resources for the gain of its young. …
Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability in GitLab Community and Enterprise Editions to its Known Exploited Vulnerabilities catalog, which allows for account takeover via Password Reset.
Threat Actor: N/A Victim: GitLab Community and Enterprise Editions | GitLab
Key Point :
A vulnerability in GitLab Community and Enterprise Editions, tracked as CVE-2023-7028, allows for account takeover via Password Reset without any interaction.…Threat Actor: Matryoshka 424 | Matryoshka 424 Victim: N/A Price: N/A Exfiltrated Data Type: N/A
Additional Information:
Matryoshka 424 is a new pro-Russian cyber organization. The group aims to recruit members from various fields. They seek to unite forces and individuals to safeguard the interests of Russia and its allies.…Summary: U.S. agencies are warning water treatment systems operators in North America and Europe about the threat of Russia-linked hackers targeting their operational technology, posing physical threats to safety.
Threat Actor: Russia-linked hackers | Russia-linked hackers Victim: Water treatment systems operators | Water treatment systems operators
Key Point :
Russia-linked hackers are targeting and compromising operational technology platforms that support wastewater and water treatment systems.…The BI.ZONE Threat Intelligence team has uncovered a fresh campaign by the group targeting Russian and Belarusian organizations
Key findingsThe cluster’s methods evolve continuously with new tools added to its arsenal. The use of password-protected archives enables the criminals to bypass defenses and deliver malware successfully.…Summary: This article discusses the release of a new open-source security tool by Microsoft that aims to improve threat analysis for industrial control systems and enhance security measures.
Threat Actor: N/A
Victim: N/A
Key Point:
Microsoft has developed an open-source security tool called ICSpector, which scans programmable logic controllers (PLCs) used in industrial control systems, extracts information, and detects malicious code.…Threat Actor: UserSec, NoName057(16), and Cyber Army of Russia | UserSec, NoName057(16), and Cyber Army of Russia Victim: UK’s Economy | UK’s Economy Price: Not specified Exfiltrated Data Type: Not specified
Additional Information:
UserSec, in collaboration with NoName057(16) and the Cyber Army of Russia, has targeted the UK’s economic sector through cyber attacks.…Threat Actor: SpaceBears | SpaceBears Victim: Thinkadam, Fliesenstudio am Rhein, Fifisystems, Surewerx USA, SM EMBALLAGE, Mr Bean, CORTEX Chiropractic | Thinkadam, Fliesenstudio am Rhein, Fifisystems, Surewerx USA, SM EMBALLAGE, Mr Bean, CORTEX Chiropractic Price: Unknown Exfiltrated Data Type: Unknown
Additional Information:
SpaceBears is a new ransomware group that has targeted multiple prominent victims.…Summary: Foreign states are targeting Britain’s leading research universities, posing a threat to national security.
Threat Actor: Foreign states | foreign states Victim: Britain’s leading research universities | Britain’s leading research universities
Key Point :
The head of Britain’s domestic intelligence agency warned that hostile actors are actively targeting the country’s research universities, particularly in sensitive sectors.…Summary: The Russian independent news website Meduza is facing repeated attempts to disrupt its digital infrastructure, including distributed denial-of-service (DDoS) attacks, which are believed to be orchestrated by the Russian authorities.
Threat Actor: Russian authorities | Russian authorities Victim: Meduza | Meduza
Key Point :
Meduza has been targeted by a series of DDoS attacks, which have intensified and continued even after the Russian presidential election in March.…Summary: The content discusses a controversial executive order proposed by the White House that aims to require U.S. cloud companies to closely monitor the identities of their customers, in response to the cybersecurity threat posed by Chinese and Russian hackers using U.S. cloud infrastructure.
Threat Actor: Chinese and Russian hackers | Chinese and Russian hackers Victim: U.S.…
Written by: Kelli Vanderlee, Jamie Collier
Executive Summary
The election cybersecurity landscape globally is characterized by a diversity of targets, tactics, and threats. Elections attract threat activity from a variety of threat actors including: state-sponsored actors, cyber criminals, hacktivists, insiders, and information operations as-a-service entities. Mandiant assesses with high confidence that state-sponsored actors pose the most serious cybersecurity risk to elections.…
Published On : 2024-04-26
EXECUTIVE SUMMARYAt CYFIRMA, we provide timely insights into prevalent threats and malicious tactics affecting organizations and individuals. Our research team have identified an open directory listing URLs containing highly obfuscated malicious Windows batch scripts in the wild, which executes a stealthy Monero (XMR) crypto miner as the final payload.…
Summary: Chinese and Russian hackers are increasingly targeting edge devices such as VPN appliances, firewalls, routers, and IoT tools in espionage attacks, according to a report by Google security firm Mandiant.
Threat Actor: Chinese and Russian hackers | Chinese and Russian hackers Victim: Various organizations | various organizations
Key Points:
Chinese and Russian hackers have shifted their tactics from targeting employees with phishing emails to finding zero-day vulnerabilities in commonly used devices.…Summary: An unidentified attacker hacked a Czech news service’s website and published a fake story claiming an assassination attempt on the newly elected Slovak president Petr Pellegrini.
Threat Actor: Unidentified | Unidentified Victim: Czech News Agency (CTK) | Czech News Agency
Key Point :
An unidentified attacker hacked the website of Czech news service, CTK, and posted a fake story about an assassination attempt on Slovak president Petr Pellegrini.…Summary: Mandiant’s “M-Trends 2024 Special Report” reveals that attacker dwell time has decreased, indicating improvements in defensive capabilities, while ransomware attacks and zero-day vulnerabilities continue to pose threats to organizations.
Threat Actor: Various threat actors involved in ransomware attacks and exploitation of zero-day vulnerabilities.
Victim: Organizations targeted by ransomware attacks and zero-day exploits.…
Summary: Siemens is urging organizations using its Ruggedcom APE1808 devices configured with Palo Alto Networks (PAN) Virtual NGFW to implement workarounds for a maximum severity zero-day bug that PAN recently disclosed in its next-gen firewall product.
Threat Actor: N/A Victim: Organizations using Siemens Ruggedcom APE1808 devices configured with PAN Virtual NGFW.…
Summary: Attackers are increasingly exploiting vulnerabilities in computer systems to gain initial network access, with a 6% increase in intrusions through vulnerability exploitation in 2023, according to Mandiant’s M-Trends 2024 Report. Additionally, researchers observed a rise in the exploitation of zero-day vulnerabilities, with Chinese cyber espionage groups being the most prolific attackers in this regard.…