Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Summary: Russian hacker group Sandworm targeted around 20 critical infrastructure facilities in Ukraine, aiming to disrupt operations and carrying out cyberespionage and destructive attacks.
Threat Actor: Sandworm | Sandworm Victim: Critical infrastructure facilities in Ukraine | Ukraine
Key Point :
Russian hacker group Sandworm, also known as BlackEnergy, Seashell Blizzard, Voodoo Bear, and APT44, targeted 20 critical infrastructure facilities in Ukraine to disrupt operations.…Summary: Hackers are targeting messaging apps used by the Ukrainian armed forces in an attempt to plant data-stealing malware, according to a report from CERT-UA.
Threat Actor: UAC-0184 | UAC-0184 Victim: Ukrainian armed forces | Ukrainian armed forces
Key Point :
Hackers identified as UAC-0184 are targeting Ukrainian armed forces’ messaging apps with data-stealing malware.…Threat Actor: Russian Cyber Army | Russian Cyber Army Victim: CONSOL Energy | CONSOL Energy Price: Not specified Exfiltrated Data Type: Not specified
Additional Information:
The Cyber Army of Russia allegedly executed a distributed denial-of-service (DDoS) attack against CONSOL Energy. CONSOL Energy is a major player in the coal and natural gas sectors, supplying coal and natural gas globally.…Summary: The rise of Western affiliates of Russian ransomware groups is a growing concern for ransomware experts and law enforcement agencies. These Western teenagers, often with ties to the cybercrime community, are actively participating in ransomware attacks against major domestic corporations.
Threat Actor: Western teenagers with ties to the cybercrime community known as “The Community” or “The Com.”…
Curated bookmark list categorized by area and event monitoring, person of interest search, corporate profiling, mapping, AI, intelligence analysis, reporting tools, collective tools, cryptocurrency, country specific, verification and fact-checking.
They are broken down into appropriate categories such as:
area and event monitoringperson of interest searchcorporate profilingmappingartificial intelligenceintelligence analysisreporting toolscollective toolscryptocurrencycountry specificverification and fact-checking.…Research by: Raman Ladutska
We chose a fantasy decoration style at certain points of the article to attract attention to the described problem. We hope that visualizing a fantasy adventure as a fight against the source of evil will transform the real world and make it a safer and better place.…
In early 2024, Group-IB’s Threat Intelligence team observed a surge in phishing URLs targeting INTERAC, a Canadian payment service. Subsequently, a client operating in Canada reported an uptick in phishing attempts against their customers and shared a suspicious URL, lab-host[.]ru, prompting an investigation.
This inquiry unveiled a connection between the shared URL and INTERAC phishing pages, all originating from the LabHost Phishing-as-a-Service (PhaaS) platform.…
Threat Actor: USDoD | USDoD Victim: Various high-profile organizations and critical industries | various high-profile organizations and critical industries Price: Not specified Exfiltrated Data Type: Military data, law enforcement emails, sensitive data
Additional Information :
USDoD’s motivation for involvement in cybercrime activities is purely for fun, challenge, and exploiting the security systems of the USA and Europe.…Many people make banking transactions online now. And since mobile devices are one of the most popular and convenient ways to shop and make payments, criminals are naturally drawn to this. A current example of a malware that specifically targets online banking shows how easy it is to fall for malware.…
Threat Intelligence specialists from FACCT discovered on the VirusTotal platform a malicious file downloaded from Armenia (Gyumri) associated with the cyber spy group Core Werewolf . It is a self-extracting 7zSFX archive designed for hidden installation and launch of a legitimate remote access program – UltraVNC .
The intended target of the attack is the 102nd Russian military base.…
Welcome to Picus Security‘s weekly cyber threat intelligence roundup! …
Pupy is a RAT malware strain that offers cross-platform support. Because it is an open-source program published on GitHub, it is continuously being used by various threat actors including APT groups. For example, it is known to have been used by APT35 (said to have ties to Iran) [1] and was also used in Operation Earth Berberoka [2] which targeted online gambling websites.…
Summary: This article discusses the surge in cyberattacks using the leaked LockBit code, targeting various victims globally. It also explores the rise of new ransomware groups that are using modified versions of the leaked LockBit code.
Threat Actor: LockBit and various ransomware groups using the leaked LockBit code.…
Summary: The Sandworm hacking group, associated with Russian military intelligence, has been hiding their attacks and operations behind multiple online personas posing as hacktivist groups. They have been active since at least 2009 and are known for their multi-faceted attacks on critical infrastructure in Ukraine.
Threat Actor: Sandworm | Sandworm Victim: Various entities, including water utilities in the U.S.…
On April 18, 2024, the UK’s Metropolitan Police Service and others conducted an operation that succeeded in taking down the Phishing-as-a-Service provider LabHost.
LabHost takedownOn Thursday, April 18, 2024, the UK’s Metropolitan Police Service, along with fellow UK and international law enforcement, as well as several trusted private industry partners, conducted an operation that succeeded in taking down the Phishing-as-a-Service (PhaaS) provider LabHost.…
Summary: Russian nation-state group Sandworm is using a novel backdoor called Kapeka to target organizations in Ukraine and other Eastern and Central European countries. Kapeka is a sophisticated tool that provides long-term access to victim estates and is believed to be part of wider espionage campaigns by Sandworm.…
Summary: The article discusses the cyber attacks conducted by Russia on European railways, with a focus on the Czech Republic and Poland.
Threat Actor: Russia | Russia Victim: Czech Republic, Poland | Czech Republic, Poland
Key Points:
Russia has conducted thousands of attempts to sabotage European railways, aiming to destabilize the EU and sabotage critical infrastructure.…Summary: House Republicans have introduced the Water Risk and Resilience Organization Establishment Act, which would allow the Environmental Protection Agency (EPA) to certify a governing body to develop and recommend cybersecurity requirements for water treatment and wastewater systems, following recent cyber incidents in the water sector.…
This report details the resurgence of the LightSpy mobile espionage campaign, which focuses on targets in Southern Asia and probably India, potentially indicating a renewed focus on political targets and tensions in the region.
Beyond our findings, the echoes of concern reach further. VirusTotal submissions from India suggest potential victims within its borders, aligning with recent warnings by Apple on detections within the same country.…