Summary: The “Stargazer Goblin” threat actor is exploiting GitHub to distribute malware through a network of over 3,000 inauthentic accounts, creating a facade of legitimacy for malicious repositories. This operation, known as the Stargazers Ghost Network, employs social engineering tactics to mislead users into trusting and downloading harmful software.…
Tag: SOCIAL ENGINEERING
Published On : 2024-07-25
EXECUTIVE SUMMARYAt CYFIRMA, we are committed to offering up-to-date insights into prevalent threats and tactics employed by malicious actors, targeting both organizations and individuals. This thorough examination explores the widespread adoption of ‘Flame Stealer’, a malicious tool available for purchase on Discord and Telegram.…
Summary: A report by the Royal United Services Institute (RUSI) reveals that Russia’s cyber operations in Ukraine have shifted focus from civilian infrastructure to tactical military objectives, targeting frontline military communications and devices. This change reflects an adaptation of Russia’s cybersecurity strategy to the prolonged nature of the conflict, emphasizing the importance of signals intelligence for battlefield advantages.…
Written by: Emily Astranova, Pascal Issa
Executive SummaryAI-powered voice cloning can now mimic human speech with uncanny precision, creating for more realistic phishing schemes. According to news reports, scammers have leveraged voice cloning and deepfakes to steal over HK$200 million from an organization. Attackers can use AI-powered voice cloning in various phases of the attack lifecycle, including initial access, and lateral movement and privilege escalation.…
Summary: The shift to hybrid work models has increased reliance on Remote Monitoring and Management (RMM) tools, which, while beneficial for IT management, also pose significant security risks. This article explores how threat actors exploit RMM tools and offers strategies for organizations to protect themselves from these attacks.…
1. Overview
Read More Recently, Windows operating system hosts using CrowdStrike’s terminal security products encountered a serious system crash, namely the “Blue Screen of Death” (BSOD), which caused the computer system to fail to operate normally. The incident affected a wide range of areas, and Antiy urgently followed up and analyzed and released a report “Technical Analysis of CrowdStrike’s Large-Scale System Crash Incident – and Meditation on “Falcon Feather Breaking”” .…
What is Black Basta ransomware?
Read More Black Basta is a malware that falls under the category of ransomware-as-a-service (RaaS). This software is operated by the cybercrime group known as Storm-1811. First detected in 2022, Black Basta has gained attention for its tactics.
The strategy of Black Basta involves double extortion.…
Summary: A 17-year-old boy from Walsall has been arrested by UK police for his alleged involvement in the 2023 MGM Resorts ransomware attack and as a member of the Scattered Spider hacking collective. The arrest is part of a larger investigation into a network of cybercriminals targeting large organizations with ransomware attacks.…
Summary: Following a significant outage caused by a software update from CrowdStrike, malicious actors are exploiting the situation to launch phishing attacks and other scams. The U.S. cybersecurity agency CISA has warned individuals to be cautious of suspicious emails and links during this chaotic period.
Threat Actor: Malicious Actors | malicious actors Victim: CrowdStrike | CrowdStrike
Key Point :
CISA reported that threat actors are taking advantage of the CrowdStrike outage for phishing and other malicious activities.…Published On : 2024-07-21
EXECUTIVE SUMMARYA recent update from cybersecurity firm CrowdStrike caused the Blue Screen of Death (BSOD) on many Windows computers due to a faulty update to the Falcon Sensor agent. Millions of Windows-based systems across the globe experienced the dreaded Blue Screen of Death (BSOD), causing total system crashes.…
Threat Actor: Unknown | unknown Victim: CrowdStrike | CrowdStrike Price: Potential financial loss due to scams Exfiltrated Data Type: Sensitive data requests
Key Points :
Threat actors registered fake domains to exploit the CrowdStrike update issue. The malicious domains may be used for social engineering attacks, requesting sensitive information.…Summary: A public-private initiative called Operation Spincaster has been launched to combat cryptocurrency-related phishing scams, identifying over 230 victims in the U.K. and recovering some of the £33 million lost. The operation involves collaboration between law enforcement and crypto exchanges across multiple countries to disrupt organized crime linked to these scams.…
Published On : 2024-07-19
EXECUTIVE SUMMARYIn the second quarter of 2024, Advanced Persistent Threat (APT) groups from China, North Korea, Iran, and Russia demonstrated a surge in dynamic and innovative cyber activities, significantly challenging the global cybersecurity landscape.
Starting with Iran, state-sponsored threat actors exhibited advanced capabilities across various regions and sectors.…
Summary: This article discusses a new Mac malware called BeaverTail that targets users through a trojanized meeting app.
Threat Actor: DPRK | DPRK Victim: Users of the trojanized meeting app | trojanized meeting app
Key Point :
A new Mac malware called BeaverTail has been discovered, which is believed to be developed by the DPRK.…Summary: Ransomware activity increased in the second quarter, with threat groups listing 1,237 organizations on data leak sites, and LockBit accounting for a significant number of victims in May. U.S.-based businesses were the most targeted, particularly in the manufacturing and professional services sectors.
Threat Actor: LockBit | LockBit Victim: Various organizations | LockBit ransomware victims
Key Point :
Ransomware activity increased in Q2, with 1,237 organizations listed on data leak sites, a 20% increase from Q1.…Summary: The content discusses the cybersecurity threats faced by the Paris 2024 Olympic Games and the increase in cybersecurity services spending to defend against these threats.
Threat Actor: Cybercriminals | Cybercriminals Victim: Paris 2024 Olympic Games | Paris 2024 Olympic Games
Key Point :
The Paris 2024 Olympic Games will face the largest number of cybersecurity threats, with a complex threat landscape and a large ecosystem of threat actors.…The Kimsuky APT is a North Korea-based cyber espionage group operating since at least 2012. Initially, The group targeted South Korean government entities, think tanks, and individuals identified as experts in various fields.
Tracked as: APT43, Black Banshee, Velvet Chollima, THALLIUM, ARCHIPELAGO, and Emerald Sleet
Targets and Objectives: The group primarily targets South Korea, Japan, and the United States, focusing on sectors such as national defense, education, energy, government, healthcare, and think tanks.…
How to use Validin’s DNS history and host responses to track the Lazarus Group APT
Read More Lazarus Group (APT38) is a North Korean state-sponsored cyber threat group that has been attributed to the Reconnaissance General Bureau that has been active since 2009 and is widely thought to be responsible for the Sony Pictures Entertainment cyber-attack in 2014.…
Summary: This article discusses the Ukrainian hacker Vyacheslav Penchukov, who was on the FBI’s ‘Most Wanted’ list for a decade.
Threat Actor: Ukrainian Hacker Vyacheslav Penchukov | Vyacheslav Penchukov Victim: N/A
Key Point :
Vyacheslav Penchukov was a Ukrainian hacker who was on the FBI’s ‘Most Wanted’ list for ten years.…Summary
Insikt Group's research reveals that OilAlpha, a likely pro-Houthi group, continues to target humanitarian and human rights organizations operating in Yemen. They use malicious Android applications to steal credentials and gather intelligence, potentially to control aid distribution. Notable organizations affected include CARE International and the Norwegian Refugee Council.…