Tag: RUSSIA

How APT Naming Conventions Make Us Less Safe
Summary: The commentary discusses the confusion created by the proliferation of advanced persistent threat (APT) naming conventions in the cybersecurity industry, which complicates tracking and defense strategies. It argues for a shift towards standardized naming and a more holistic approach to cybersecurity that focuses on entire adversary organizations rather than their subdivisions.…
Read More
UAC-0212 Attack Detection: Hackers Linked to UAC-0002 aka Sandworm APT Subcluster Launch Targeted Attacks Against the Ukrainian Critical Infrastructure – SOC Prime
In early 2024, a significant uptick in destructive cyberattacks targeting critical infrastructure in Ukraine was uncovered, attributed to the Russia-linked UAC-0212 group, tied to the notorious Sandworm APT collective. CERT-UA highlighted the risks posed to around 20 Ukrainian organizations across various sectors, suggesting a trend indicating these offensives are being used as a means to refine tactics for broader attacks.…
Read More
⚡ THN Weekly Recap: From .5B Crypto Heist to AI Misuse & Apple’s Data Dilemma
Summary: This week’s cyber news highlights a record-breaking .5 billion crypto theft linked to the Lazarus Group, the banning of ChatGPT accounts for malicious activities by OpenAI, and Apple’s withdrawal of its Advanced Data Protection feature in the UK. These incidents underscore the evolving landscape of cyber threats and their impact on organizations and users alike.…
Read More
The GitVenom campaign: cryptocurrency theft using GitHub
The GitVenom campaign has emerged as a significant threat where cybercriminals create fake GitHub repositories with malicious code disguised as legitimate open-source projects. These repositories lure unsuspecting developers into executing infected code. The threat actors employ various programming languages to hide malware, which aims to steal sensitive data and perform unauthorized actions.…
Read More
GitVenom Campaign: Malicious GitHub Repositories Target Crypto and Credentials
Summary: Kaspersky Labs has identified a significant cybercrime campaign known as GitVenom, which targets GitHub users by distributing malicious repositories designed to steal cryptocurrency and sensitive credentials. This campaign utilizes fake open-source projects to exploit developers’ trust, with various coding languages employed to deliver hidden malware.…
Read More
Philippine Army Suffers Massive Data Breach by Philippine Exodus Security
Summary: A significant cybersecurity breach has been reported within the Philippine Army, resulting in the exposure of sensitive data about military personnel. The hacking group Philippine Exodus Security claims to have stolen extensive classified information, including personal and operational details of soldiers. This incident raises serious concerns about national security and the vulnerabilities of the army’s cybersecurity defenses.…
Read More
Bloody Wolf Cybercrime Group Evolves Tactics, Expands Targets
Summary: The BI.ZONE Threat Intelligence team reports on the Bloody Wolf cybercrime group’s evolution, noting a significant expansion in their targeting and tactics. They now exploit widely-used remote administration tools like NetSupport to conduct campaigns against organizations in Kazakhstan and Russia, compromising over 400 systems. This shift emphasizes the need for behavior-based threat detection, as traditional defenses struggle against their techniques.…
Read More
Proofpoint Research: 2024 Account Takeover Statistics
The article discusses the prevalence of account takeover (ATO) attacks, highlighting that a staggering 99% of monitored organizations experienced ATO attempts in 2024. Despite the effectiveness of multifactor authentication, many accounts remained vulnerable. The data reveals that sectors such as education, electronics, aerospace, legal services, food & beverage, and financial services were significantly impacted by ATOs.…
Read More
Cybersecurity News Review, — Week 8 (2025)
This week’s cybersecurity updates reveal critical vulnerabilities in several platforms like OpenSSH, Atlassian products, and Palo Alto Networks firewalls. There are also reports of new phishing techniques, malware campaigns targeting sensitive data, and alarming data breaches affecting healthcare organizations. Affected: OpenSSH, Atlassian (Confluence, Bamboo, Bitbucket, Jira, Crowd), Palo Alto Networks, Signal Messenger, Australian Infrastructure, HCRG Care Group, DM Clinical Research

Keypoints :

Two critical vulnerabilities in OpenSSH could lead to man-in-the-middle and denial-of-service attacks.…
Read More
Black Basta’s Internal Chats Leak: Everything You Need to Know
On February 11, 2025, leaked internal chat logs from the notorious Black Basta ransomware group surfaced, exposing internal conflicts and their alleged targeting of Russian banks. The revelations include significant instability within the group, with key members defecting and operational weaknesses laid bare. SOCRadar’s intelligence findings present critical Indicators of Compromise (IoCs) which may aid organizations in defending against potential attacks.…
Read More
German election targeted by Russian disinformation, security services warn
Summary: Germany’s security services have issued a warning about fake videos that falsely depict ballot manipulation ahead of the upcoming federal elections, labeling the incidents as part of a Russian information operation. These videos, which target the far-right Alternative for Deutschland (AfD) party, are believed to be linked to a group known as Storm-1516 previously involved in U.S.…
Read More
Angry Likho: Old beasts in a new forest
Angry Likho, an APT group also known as Sticky Werewolf, has been active since 2023, targeting government agencies and large organizations primarily in Russia and Belarus through spear-phishing campaigns. The group employs sophisticated techniques involving malicious RAR archives, obfuscated scripts, and known payloads like the Lumma stealer to harvest sensitive data, maintaining ongoing operations with periodic activity pauses.…
Read More
AI-Powered Deception is a Menace to Our Societies
Summary: The article discusses the historical and contemporary impact of propaganda and information manipulation, particularly in the context of AI and social media. It highlights how AI tools have evolved to deceive people, leading to polarized viewpoints and potentially undermining democratic processes. The need for awareness and education to combat these deception tactics is emphasized for individuals and organizations.…
Read More
Cyber threats impacting the financial sector in 2024 – focus on the main actors
This report discusses the evolving landscape of cybercrime and state-sponsored threats targeting the financial sector, focusing on Initial Access Brokers (IABs), ransomware groups, and Trojan operators. It highlights the roles of various actors and techniques, showcasing the persistent threat posed by these entities through sophisticated malware, exploitation of vulnerabilities, and collaborative tactics.…
Read More
Black Basta ransomware gang’s internal chat logs leak online
Summary: An unknown individual has leaked internal chat logs from the Black Basta ransomware operation, revealing extensive information regarding their activities, tactics, and potential targets. The leak was attributed to tensions within the gang and may be a reaction to their targeting of Russian banks. Cyber threat analysts believe this incident could significantly impact the group’s operations, similar to previous ransomware leaks.…
Read More