Summary: Vishing and deepfake phishing attacks are increasing as threat actors use GenAI to enhance social engineering tactics, making phishing more difficult to detect and deceive even the most aware users.

Threat Actor: Cybercriminals | Cybercriminals Victim: Individuals and organizations | Individuals and organizations

Key Point :

Vishing and deepfake phishing attacks are on the rise as attackers leverage GenAI to amplify social engineering tactics.…
Read More

Summary: A member of the REvil ransomware-as-a-service (RaaS) group, Yaroslav Vasinskyi, has been sentenced to over 13 years in prison and ordered to pay restitution for conducting numerous ransomware attacks and demanding millions in ransom payments.

Threat Actor: REvil ransomware-as-a-service (RaaS) group | REvil ransomware-as-a-service Victim: Multiple victims | REvil ransomware attacks

Key Point :

Affiliate of the REvil ransomware group, Yaroslav Vasinskyi, has been sentenced to 13 years and seven months in prison for conducting over 2500 ransomware attacks.…
Read More

Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability in GitLab Community and Enterprise Editions to its Known Exploited Vulnerabilities catalog, which allows for account takeover via Password Reset.

Threat Actor: N/A Victim: GitLab Community and Enterprise Editions | GitLab

Key Point :

A vulnerability in GitLab Community and Enterprise Editions, tracked as CVE-2023-7028, allows for account takeover via Password Reset without any interaction.…
Read More

Summary: U.S. agencies are warning water treatment systems operators in North America and Europe about the threat of Russia-linked hackers targeting their operational technology, posing physical threats to safety.

Threat Actor: Russia-linked hackers | Russia-linked hackers Victim: Water treatment systems operators | Water treatment systems operators

Key Point :

Russia-linked hackers are targeting and compromising operational technology platforms that support wastewater and water treatment systems.…
Read More

Summary: This article discusses the release of a new open-source security tool by Microsoft that aims to improve threat analysis for industrial control systems and enhance security measures.

Threat Actor: N/A

Victim: N/A

Key Point:

Microsoft has developed an open-source security tool called ICSpector, which scans programmable logic controllers (PLCs) used in industrial control systems, extracts information, and detects malicious code.…
Read More

Threat Actor: UserSec, NoName057(16), and Cyber Army of Russia | UserSec, NoName057(16), and Cyber Army of Russia Victim: UK’s Economy | UK’s Economy Price: Not specified Exfiltrated Data Type: Not specified

Additional Information:

UserSec, in collaboration with NoName057(16) and the Cyber Army of Russia, has targeted the UK’s economic sector through cyber attacks.…
Read More

Threat Actor: SpaceBears | SpaceBears Victim: Thinkadam, Fliesenstudio am Rhein, Fifisystems, Surewerx USA, SM EMBALLAGE, Mr Bean, CORTEX Chiropractic | Thinkadam, Fliesenstudio am Rhein, Fifisystems, Surewerx USA, SM EMBALLAGE, Mr Bean, CORTEX Chiropractic Price: Unknown Exfiltrated Data Type: Unknown

Additional Information:

SpaceBears is a new ransomware group that has targeted multiple prominent victims.…
Read More

Summary: Foreign states are targeting Britain’s leading research universities, posing a threat to national security.

Threat Actor: Foreign states | foreign states Victim: Britain’s leading research universities | Britain’s leading research universities

Key Point :

The head of Britain’s domestic intelligence agency warned that hostile actors are actively targeting the country’s research universities, particularly in sensitive sectors.…
Read More

Summary: The Russian independent news website Meduza is facing repeated attempts to disrupt its digital infrastructure, including distributed denial-of-service (DDoS) attacks, which are believed to be orchestrated by the Russian authorities.

Threat Actor: Russian authorities | Russian authorities Victim: Meduza | Meduza

Key Point :

Meduza has been targeted by a series of DDoS attacks, which have intensified and continued even after the Russian presidential election in March.…
Read More

Summary: The content discusses a controversial executive order proposed by the White House that aims to require U.S. cloud companies to closely monitor the identities of their customers, in response to the cybersecurity threat posed by Chinese and Russian hackers using U.S. cloud infrastructure.

Threat Actor: Chinese and Russian hackers | Chinese and Russian hackers Victim: U.S.…

Read More

Written by: Kelli Vanderlee, Jamie Collier

 

Executive Summary

The election cybersecurity landscape globally is characterized by a diversity of targets, tactics, and threats. Elections attract threat activity from a variety of threat actors including: state-sponsored actors, cyber criminals, hacktivists, insiders, and information operations as-a-service entities. Mandiant assesses with high confidence that state-sponsored actors pose the most serious cybersecurity risk to elections.…

Read More

Published On : 2024-04-26

EXECUTIVE SUMMARY

At CYFIRMA, we provide timely insights into prevalent threats and malicious tactics affecting organizations and individuals. Our research team have identified an open directory listing URLs containing highly obfuscated malicious Windows batch scripts in the wild, which executes a stealthy Monero (XMR) crypto miner as the final payload.…

Read More

Summary: Chinese and Russian hackers are increasingly targeting edge devices such as VPN appliances, firewalls, routers, and IoT tools in espionage attacks, according to a report by Google security firm Mandiant.

Threat Actor: Chinese and Russian hackers | Chinese and Russian hackers Victim: Various organizations | various organizations

Key Points:

Chinese and Russian hackers have shifted their tactics from targeting employees with phishing emails to finding zero-day vulnerabilities in commonly used devices.…
Read More

Summary: An unidentified attacker hacked a Czech news service’s website and published a fake story claiming an assassination attempt on the newly elected Slovak president Petr Pellegrini.

Threat Actor: Unidentified | Unidentified Victim: Czech News Agency (CTK) | Czech News Agency

Key Point :

An unidentified attacker hacked the website of Czech news service, CTK, and posted a fake story about an assassination attempt on Slovak president Petr Pellegrini.…
Read More

Summary: Mandiant’s “M-Trends 2024 Special Report” reveals that attacker dwell time has decreased, indicating improvements in defensive capabilities, while ransomware attacks and zero-day vulnerabilities continue to pose threats to organizations.

Threat Actor: Various threat actors involved in ransomware attacks and exploitation of zero-day vulnerabilities.

Victim: Organizations targeted by ransomware attacks and zero-day exploits.…

Read More

Summary: Siemens is urging organizations using its Ruggedcom APE1808 devices configured with Palo Alto Networks (PAN) Virtual NGFW to implement workarounds for a maximum severity zero-day bug that PAN recently disclosed in its next-gen firewall product.

Threat Actor: N/A Victim: Organizations using Siemens Ruggedcom APE1808 devices configured with PAN Virtual NGFW.…

Read More

Summary: Attackers are increasingly exploiting vulnerabilities in computer systems to gain initial network access, with a 6% increase in intrusions through vulnerability exploitation in 2023, according to Mandiant’s M-Trends 2024 Report. Additionally, researchers observed a rise in the exploitation of zero-day vulnerabilities, with Chinese cyber espionage groups being the most prolific attackers in this regard.…

Read More