Summary: Russian hacker group Sandworm targeted around 20 critical infrastructure facilities in Ukraine, aiming to disrupt operations and carrying out cyberespionage and destructive attacks.

Threat Actor: Sandworm | Sandworm Victim: Critical infrastructure facilities in Ukraine | Ukraine

Key Point :

Russian hacker group Sandworm, also known as BlackEnergy, Seashell Blizzard, Voodoo Bear, and APT44, targeted 20 critical infrastructure facilities in Ukraine to disrupt operations.…
Read More

Summary: Hackers are targeting messaging apps used by the Ukrainian armed forces in an attempt to plant data-stealing malware, according to a report from CERT-UA.

Threat Actor: UAC-0184 | UAC-0184 Victim: Ukrainian armed forces | Ukrainian armed forces

Key Point :

Hackers identified as UAC-0184 are targeting Ukrainian armed forces’ messaging apps with data-stealing malware.…
Read More

Threat Actor: Russian Cyber Army | Russian Cyber Army Victim: CONSOL Energy | CONSOL Energy Price: Not specified Exfiltrated Data Type: Not specified

Additional Information:

The Cyber Army of Russia allegedly executed a distributed denial-of-service (DDoS) attack against CONSOL Energy. CONSOL Energy is a major player in the coal and natural gas sectors, supplying coal and natural gas globally.…
Read More

Summary: The rise of Western affiliates of Russian ransomware groups is a growing concern for ransomware experts and law enforcement agencies. These Western teenagers, often with ties to the cybercrime community, are actively participating in ransomware attacks against major domestic corporations.

Threat Actor: Western teenagers with ties to the cybercrime community known as “The Community” or “The Com.”…

Read More

Curated bookmark list categorized by area and event monitoring, person of interest search, corporate profiling, mapping, AI, intelligence analysis, reporting tools, collective tools, cryptocurrency, country specific, verification and fact-checking.

They are broken down into appropriate categories such as:

area and event monitoringperson of interest searchcorporate profilingmappingartificial intelligenceintelligence analysisreporting toolscollective toolscryptocurrencycountry specificverification and fact-checking.…
Read More

In early 2024, Group-IB’s Threat Intelligence team observed a surge in phishing URLs targeting INTERAC, a Canadian payment service. Subsequently, a client operating in Canada reported an uptick in phishing attempts against their customers and shared a suspicious URL, lab-host[.]ru, prompting an investigation.

This inquiry unveiled a connection between the shared URL and INTERAC phishing pages, all originating from the LabHost Phishing-as-a-Service (PhaaS) platform.…

Read More

Threat Actor: USDoD | USDoD Victim: Various high-profile organizations and critical industries | various high-profile organizations and critical industries Price: Not specified Exfiltrated Data Type: Military data, law enforcement emails, sensitive data

Additional Information :

USDoD’s motivation for involvement in cybercrime activities is purely for fun, challenge, and exploiting the security systems of the USA and Europe.…
Read More
Executive SummaryOn March 29, 2024, a supply chain attack occurred targeting XZ Utils, an open source compression utility used in Unix-like and Windows operating systems . It was confirmed that version .1 contained a backdoor and was distributed.— XZ Utils repository: https[:]//github[.]com/tukaani-project/xz— Mirrored developer website: https[:]//git.tukaani[.]org/?p=xz.git—…
Read More

Threat Intelligence specialists from FACCT discovered on the VirusTotal platform a malicious file downloaded from Armenia (Gyumri) associated with the cyber spy group Core Werewolf . It is a self-extracting 7zSFX archive designed for hidden installation and launch of a legitimate remote access program – UltraVNC .

The intended target of the attack is the 102nd Russian military base.…

Read More

Summary: The Sandworm hacking group, associated with Russian military intelligence, has been hiding their attacks and operations behind multiple online personas posing as hacktivist groups. They have been active since at least 2009 and are known for their multi-faceted attacks on critical infrastructure in Ukraine.

Threat Actor: Sandworm | Sandworm Victim: Various entities, including water utilities in the U.S.…

Read More

On April 18, 2024, the UK’s Metropolitan Police Service and others conducted an operation that succeeded in taking down the Phishing-as-a-Service provider LabHost.

LabHost takedown

On Thursday, April 18, 2024, the UK’s Metropolitan Police Service, along with fellow UK and international law enforcement, as well as several trusted private industry partners, conducted an operation that succeeded in taking down the Phishing-as-a-Service (PhaaS) provider LabHost.…

Read More

Summary: The article discusses the cyber attacks conducted by Russia on European railways, with a focus on the Czech Republic and Poland.

Threat Actor: Russia | Russia Victim: Czech Republic, Poland | Czech Republic, Poland

Key Points:

Russia has conducted thousands of attempts to sabotage European railways, aiming to destabilize the EU and sabotage critical infrastructure.…
Read More
Summary

This report details the resurgence of the LightSpy mobile espionage campaign, which focuses on targets in Southern Asia and probably India, potentially indicating a renewed focus on political targets and tensions in the region.

Beyond our findings, the echoes of concern reach further. VirusTotal submissions from India suggest potential victims within its borders, aligning with recent warnings by Apple on detections within the same country.…

Read More