Summary: The World Cybercrime Index reveals that Russia is the top hub for digital threat actors and the most significant source of global cybercrime, followed by Ukraine, China, the United States, Nigeria, and Romania.
Threat Actor: Russia, Ukraine, China, United States, Nigeria, Romania
Victim: N/A
Key Point:
Russia is the most significant source of global cybercrime and serves as the top hub for digital threat actors worldwide.…Krebs on Security is a popular blog focused on in-depth security news and investigations. It’s authored by Brian Krebs, a well-known journalist in the field of cybersecurity. The site provides detailed coverage of security threats, breaches, cybercrime, and other related topics aimed at educating readers on protecting their personal and organizational data.…
Summary: This article discusses a recent attack campaign where cybercriminals manipulated GitHub’s search functionality to distribute malware through meticulously crafted repositories.
Threat Actor: Cybercriminals
Victim: GitHub users
Key Points: – Attackers create malicious repositories with popular names and topics, using techniques like automated updates and fake stars to boost search rankings and deceive users.…
Summary: A previously unknown ransomware gang called Muliaka (or Muddy Water) has been targeting Russian businesses with malware based on the leaked source code from the Conti hacking group.
Threat Actor: Muliaka | Muliaka Victim: Unnamed Russian business | Unnamed Russian business
Key Point :
The Muliaka ransomware gang has been active since at least December 2023 and has been using malware based on the leaked source code from the Conti hacking group.…Threat actors have been abusing App Installer, a Windows 10 feature that makes installing applications more convenient. The abuse could lead to ransomware distribution and was likely carried out by financially motivated actors Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674. These malicious actors imitated the landing pages of popular software, such as Zoom, Microsoft OneDrive, Microsoft SharePoint, and Microsoft Teams, to lure target victims into downloading malicious installers.…
Date Reported: 2024-03-26 Country: Palau Victim: Palau Government | palaugov.pw Additional Information:
The financial management system of Palau has been severely disrupted by a ransomware cyberattack, marking the first of its kind against the Palauan government. As a result of the attack, the Ministry of Finance has been forced to manually process salaries.…Mallox, a strain of ransomware and a group with the same name, encrypts its victims’ data and subsequently demands a ransom, typically in cryptocurrency, in return for providing the decryption key, just as a usual ransomware operator. However, this ransomware exhibited more destructiveness than many other ransomware variants in some cases.…
Key Point : – A cybercrook has been setting up websites that mimic privnote.com. – These phishing sites alter messages containing cryptocurrency addresses. – The real Privnote encrypts messages and does not send or receive them. – Privnote clones inject their own cryptocurrency payment addresses. – A user on GitHub complained about a site being flagged as malicious.…
Key Point : – The state-linked intrusion on Microsoft Exchange Online led to the theft of about 60,000 U.S. State Department emails last summer and was preventable. – Microsoft’s corporate culture deprioritized investments in enterprise security and rigorous risk management. – The Cyber Safety Review Board urged Microsoft to make security-focused reforms and recommended changes for all cloud services providers and government partners.…
Threat Actor: Server Killers Group Victim: North Macedonian Government
Key Points:
Server Killers group initiated a series of cyber attacks targeting North Macedonia.
They executed Distributed Denial of Service (DDoS) assaults on critical government websites.
The official portals of the North Macedonian government and parliament were targeted.…
In the first quarter of 2024, specialists from Positive Technologies Expert Security Center (PT ESC) detected a series of attacks targeting government organizations in Russia, Belarus, Kazakhstan, Uzbekistan, Kyrgyzstan, Tajikistan, and Armenia. We could not find any links to known groups that used the same techniques. The main goal of the attack was stealing credentials for various services from computers used by public servants.…
The world of cyber security faces new and more complex threats every day. Among these threats, which we encounter anew each day, one of the most significant is malicious software designed to steal personal and corporate information, known as “stealers”. Stealers can be considered one of today’s unseen yet most dangerous corporate threats.…
Threat Actor: Server Killers
Victim: North Macedonia
Key Points:
Server Killers is a notorious hacking group.
They have announced their involvement in a coordinated offensive against North Macedonia.
Their decision is based on North Macedonia’s perceived complicity in aiding Ukraine and imposing sanctions on Russia.…
Author: Yoav Arad Pinkas
Key FindingsAI is already extensively utilized in election campaigns worldwide. Deepfakes and voice cloning have been employed in elections in three main venues:By candidates for self-promotion. By candidates to attack and defame political opponents. By foreign nation-state actors to defame specific candidates.…Summary : Chinese hackers are targeting family members of high-value individuals to surveil and gather information for more sophisticated attacks.
Key Point :
Chinese hackers from APT 31 targeted family members of U.S. politicians and activists.
Malicious email messages with tracking links were used to gather information about targets.…
Threat Actor: Pharanos Cyber Army (PCA) Victim: Ukrainian Government-Controlled Systems
Information:
PCA claims to have successfully breached a system operated by private companies and ISPs within Ukraine.
The Ukrainian government is allegedly engaging in surveillance of its citizens.
The Ukrainian government may be utilizing the collected data to target and eliminate individuals, falsely implicating Russia or its allies.…
____________________ Summary: Google’s latest research shows a significant increase in zero-day vulnerabilities exploited by attackers in enterprise-specific software and appliances compared to previous years.
Key Point 
:
– The number of found and exploited enterprise-specific technology zero-day vulnerabilities increased by 64% in 2023.
– End-user platforms like Windows, Safari, iOS, and Android were also targeted, with notable investments from vendors like Apple, Google, and Microsoft.…
JPCERT/CC held JSAC2024 on January 25 and 26, 2024. The purpose of this conference is to raise the knowledge and technical level of security analysts, and we aimed to bring them together in one place where they can share technical knowledge related to incident analysis and response.…
Threat Actor: – Unknowns group – CyberDragon group – Cyber Army of Russia group
Victim: – Government of Slovenia – NLB (largest commercial bank in Slovenia) – Chamber of Commerce and Industry
Information: – The Unknowns group is believed to be behind the series of disruptive DDoS attacks targeting key state websites in Slovenia.…
Written by: Alden Wahlstrom, David Mainor, Daniel Kapellmann Zafra
In June 2023, Russian businessman Yevgeniy Prigozhin and his private military company (PMC) “Wagner” carried out an armed mutiny within Russia. The events triggered the meteoric political downfall of Prigozhin, raising questions about the future of his various enterprises that were only underscored when he died two months later under suspicious circumstances.…