Estimated reading time: 6 minutes
Cerber is a strain of ransomware that was first identified in early 2016. It is a type of malware that encrypts a victim’s files and demands a ransom for the decryption key needed to unlock the files. Cerber, like many other ransomware variants, typically targets individuals and organizations by encrypting their files and demanding a ransom payment (usually in cryptocurrencies like Bitcoin) for the decryption key.…
The crimeware landscape is diverse. Cybercriminals try to capitalize on their victims in every possible way by distributing various types of malware designed for different platforms. In recent months, we have written private reports on a wide range of topics, such as new cross-platform ransomware, macOS stealers and malware distribution campaigns.…
High
Analysis SummaryAPT37, also known as ScarCruft or Red Eyes, is a state-sponsored cyber espionage group originating from North Korea. The group has been active since at least 2012 and primarily targets victims in South Korea. However, it has also conducted operations against entities in other countries, including Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and various parts of the Middle East.…
Headlace backdoor capable of facilitating multiple malicious actions on objectives.
It is unclear precisely how many entities were impacted by the campaign, but our analysis indicates that organizations in the following countries were targeted: Hungary, Türkiye, Australia, Poland, Belgium, Ukraine, Germany, Azerbaijan, Saudi Arabia, Kazakhstan, Italy, Latvia and Romania.…
In 2021, Anonymous declared a cyber war against Russia after the Ukraine invasion, with similar tactics seen in the Israel-Hamas conflict. Main attacks:
Denial of Service Attacks: These attacks flood websites with excessive traffic, rendering them unavailable to legitimate users for extended periods.…This post is also available in: 日本語 (Japanese)
Executive SummaryEarly this year, Ukrainian cybersecurity researchers found Fighting Ursa leveraging a zero-day exploit in Microsoft Outlook (now known as CVE-2023-23397). This vulnerability is especially concerning since it doesn’t require user interaction to exploit. Unit 42 researchers have observed this group using CVE-2023-23397 over the past 20 months to target at least 30 organizations within 14 nations that are of likely strategic intelligence value to the Russian government and its military.…
In 2023, our Positive Technologies Computer Security Incident Response Team (PT CSIRT) discovered that a certain power company was compromised by the Decoy Dog trojan. According to the PT CSIRT investigation, Decoy Dog has been actively used in cyberattacks on Russian companies and government organizations since at least September 2022. This trojan was previously discussed by NCIRCC, Infoblox, CyberSquatting, and Solar 4RAYS.…
The message itself came from the official account of the hotel merchant, Tas has contacted them before via this method to inquiry information about the hotel room.…
More and more people nowadays prefer to buy goods online. And why not? It’s convenient, goods will be delivered to your doorstep, and if you choose one of many online marketplaces, it’s even possible to save some money. Sadly, scammers abuse this, targeting these services and their customers for the scammer’s benefit.…
Authors: Shilpesh Trivedi and Nisarga C M
In April 2023, the cybersecurity community faced a significant challenge with the discovery of CVE-2023-38831, a vulnerability affecting versions of WinRAR prior to 6.23. This security flaw has become a critical concern due to its exploitation by various advanced persistent threat (APT) groups, who have used it to gain control of victim systems through deceptive methods.…
Newly discovered open source software packages on the npm platform contain scripts that broadcast peace messages related to ongoing conflicts in Ukraine and on the Gaza Strip when they are deployed, according to research conducted by ReversingLabs.
The packages are just the latest examples of so-called “protestware,” a recurrent issue in the open source software ecosystem in which application developers conceal political messages inside open source code, often designing it to display to the user after an application is installed or when it is executed.…
Audience-Role: Security Leadership | Sector: Government
Disinformation campaigns to attempt to disrupt or influence European elections continue. A recent example in Spain shows how they can be structured to target niche groups.The recent years have seen an increase in information operations aimed at interfering with the election processes in Europe.…
Resecurity has identified an alarming rise in ransomware operators targeting the energy sector, including nuclear facilities and related research entities. Over the last year, ransomware attackers have targeted energy installations in North America, Asia, and the European Union. In the EU, Handelsblatt reported that ransomware attacks targeting the energy sector more than doubled in 2022 over the previous year, with defenders recording 21 attacks through the past October.…
In 2022, NSFOCUS Research Labs revealed a large-scale APT attack campaign called DarkCasino and identified an active and dangerous aggressive threat actor. By continuously tracking and in-depth study of the attacker’s activities, NSFOCUS Research Labs has ruled out its link with known APT groups, confirmed its high-level persistent threat nature, and following the operational name, named this APT group DarkCasino.…
In late 2022, Mandiant responded to a disruptive cyber physical incident in which the Russia-linked threat actor Sandworm targeted a Ukrainian critical infrastructure organization. This incident was a multi-event cyber attack that leveraged a novel technique for impacting industrial control systems (ICS) / operational technology (OT).…
The hacker collective called GhostSec has unveiled an innovative Ransomware-as-a-Service (RaaS) framework called GhostLocker. They provide comprehensive assistance to customers interested in acquiring this service through a dedicated Telegram channel. Presently, GhostSec is focusing its attacks on Israel. This move represents a surprising departure from their past activities and stated agenda.…
The login page for the criminal reshipping service SWAT USA Drop.
One of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. Here’s a closer look at the Russia-based SWAT USA Drop Service, which currently employs more than 1,200 people across the United States who are knowingly or unwittingly involved in reshipping expensive consumer goods purchased with stolen credit cards.…
Published On : 2023-11-03
Ransomware of the WeekCYFIRMA Research and Advisory Team would like to highlight ransomware trends and insights gathered while monitoring various forums. This includes multiple – industries, geography, and technology – which could be relevant to your organization.
Type: Ransomware.Target Technologies: MS Windows.…
When searching for necessary software, users often visit seemingly safe websites and torrent trackers to download, install and use programs. But are these programs truly safe? Illegal software could contain threats of all kinds, from miners to complex rootkits. The danger of malware spreading through dubious software downloads is not new and has now reached a global scale.…