Mallox, a strain of ransomware and a group with the same name, encrypts its victims’ data and subsequently demands a ransom, typically in cryptocurrency, in return for providing the decryption key, just as a usual ransomware operator. However, this ransomware exhibited more destructiveness than many other ransomware variants in some cases.…
Tag: RUSSIA
Key Point : – A cybercrook has been setting up websites that mimic privnote.com. – These phishing sites alter messages containing cryptocurrency addresses. – The real Privnote encrypts messages and does not send or receive them. – Privnote clones inject their own cryptocurrency payment addresses. – A user on GitHub complained about a site being flagged as malicious.…
Key Point : – The state-linked intrusion on Microsoft Exchange Online led to the theft of about 60,000 U.S. State Department emails last summer and was preventable. – Microsoft’s corporate culture deprioritized investments in enterprise security and rigorous risk management. – The Cyber Safety Review Board urged Microsoft to make security-focused reforms and recommended changes for all cloud services providers and government partners.…
Threat Actor: Server Killers Group Victim: North Macedonian Government
Key Points:
Server Killers group initiated a series of cyber attacks targeting North Macedonia.
They executed Distributed Denial of Service (DDoS) assaults on critical government websites.
The official portals of the North Macedonian government and parliament were targeted.…
In the first quarter of 2024, specialists from Positive Technologies Expert Security Center (PT ESC) detected a series of attacks targeting government organizations in Russia, Belarus, Kazakhstan, Uzbekistan, Kyrgyzstan, Tajikistan, and Armenia. We could not find any links to known groups that used the same techniques. The main goal of the attack was stealing credentials for various services from computers used by public servants.…
The world of cyber security faces new and more complex threats every day. Among these threats, which we encounter anew each day, one of the most significant is malicious software designed to steal personal and corporate information, known as “stealers”. Stealers can be considered one of today’s unseen yet most dangerous corporate threats.…
Threat Actor: Server Killers
Victim: North Macedonia
Key Points:
Server Killers is a notorious hacking group.
They have announced their involvement in a coordinated offensive against North Macedonia.
Their decision is based on North Macedonia’s perceived complicity in aiding Ukraine and imposing sanctions on Russia.…
Author: Yoav Arad Pinkas
Key FindingsAI is already extensively utilized in election campaigns worldwide. Deepfakes and voice cloning have been employed in elections in three main venues:By candidates for self-promotion. By candidates to attack and defame political opponents. By foreign nation-state actors to defame specific candidates.…Summary : Chinese hackers are targeting family members of high-value individuals to surveil and gather information for more sophisticated attacks.
Key Point :
Chinese hackers from APT 31 targeted family members of U.S. politicians and activists.
Malicious email messages with tracking links were used to gather information about targets.…
Threat Actor: Pharanos Cyber Army (PCA) Victim: Ukrainian Government-Controlled Systems
Information:
PCA claims to have successfully breached a system operated by private companies and ISPs within Ukraine.
The Ukrainian government is allegedly engaging in surveillance of its citizens.
The Ukrainian government may be utilizing the collected data to target and eliminate individuals, falsely implicating Russia or its allies.…
____________________ Summary: Google’s latest research shows a significant increase in zero-day vulnerabilities exploited by attackers in enterprise-specific software and appliances compared to previous years.
Key Point :
– The number of found and exploited enterprise-specific technology zero-day vulnerabilities increased by 64% in 2023.
– End-user platforms like Windows, Safari, iOS, and Android were also targeted, with notable investments from vendors like Apple, Google, and Microsoft.…
JPCERT/CC held JSAC2024 on January 25 and 26, 2024. The purpose of this conference is to raise the knowledge and technical level of security analysts, and we aimed to bring them together in one place where they can share technical knowledge related to incident analysis and response.…
Slovenia Targeted by Cyber Attacks Amidst Growing Tensions Over Support for Ukraine – Daily Dark Web
Threat Actor: – Unknowns group – CyberDragon group – Cyber Army of Russia group
Victim: – Government of Slovenia – NLB (largest commercial bank in Slovenia) – Chamber of Commerce and Industry
Information: – The Unknowns group is believed to be behind the series of disruptive DDoS attacks targeting key state websites in Slovenia.…
Written by: Alden Wahlstrom, David Mainor, Daniel Kapellmann Zafra
In June 2023, Russian businessman Yevgeniy Prigozhin and his private military company (PMC) “Wagner” carried out an armed mutiny within Russia. The events triggered the meteoric political downfall of Prigozhin, raising questions about the future of his various enterprises that were only underscored when he died two months later under suspicious circumstances.…
Article Summary:
The U.S. military needs a cyber branch to address growing threats in cyberspace.
A report by the Foundation for Defense of Democracies calls for the establishment of a Cyber Force branch with 10,000 personnel and a $16.5 billion budget.
The report highlights inefficiencies in the current division of labor between the Army, Navy, Air Force, and Marine Corps in cyber operations.…
Article Summary:
Russian state-backed hackers likely behind recent attacks on four small Ukrainian internet providers, disrupting operations for over a week.
Group known as Solntsepek claimed responsibility for incidents, believed to be behind 2023 cyberattack on Ukraine’s largest telecommunication provider.
Ukrainian officials tracking threat actor behind attack as UAC-0165, a subgroup of Sandworm run by Russia’s military intelligence agency.…
The encryptor has hit the scene recently, but without any notable leak site from the threat actor or typical ransomware branding. The ransomware note is not unique in the wording used, but it is clear the threat actor is masquerading as a pentester. This tactic has been used by other threat actors in the past and is not going to fool the victim when they come across the ransomware note on an encrypted system.…
Article Summary:
A United Nations panel is investigating 58 cyberattacks by North Korean hackers, resulting in $3 billion in revenue over six years.
The cyberthreat actors targeted defense companies, software supply chains, and cryptocurrency hacks.
Stolen funds were used for technological advancements and sold for profit.…
Article Summary :
APT29, a Russian hacking group linked to SVR, is targeting political parties in Germany with phishing attacks.
The group is using a backdoor malware named WineLoader to gain remote access to compromised devices.
WineLoader has been used in previous attacks by APT29 and features encrypted communication with a C2 server.…
According to allegations, a series of DDoS attacks orchestrated by UserSec and the Cyber Army of Russia have been revealed, aiming to disrupt the operations of multiple Luxembourg websites. Reportedly, prominent targets of these purported attacks include Luxembourg’s Lux-Airport, Ministry of Foreign Affairs, and Luxembourg Stock Exchange Platform.…