Summary: The “Stargazer Goblin” threat actor is exploiting GitHub to distribute malware through a network of over 3,000 inauthentic accounts, creating a facade of legitimacy for malicious repositories. This operation, known as the Stargazers Ghost Network, employs social engineering tactics to mislead users into trusting and downloading harmful software.…

Read More

Published On : 2024-07-25

EXECUTIVE SUMMARY

At CYFIRMA, we are committed to offering up-to-date insights into prevalent threats and tactics employed by malicious actors, targeting both organizations and individuals. This thorough examination explores the widespread adoption of ‘Flame Stealer’, a malicious tool available for purchase on Discord and Telegram.…

Read More

Summary: A report by the Royal United Services Institute (RUSI) reveals that Russia’s cyber operations in Ukraine have shifted focus from civilian infrastructure to tactical military objectives, targeting frontline military communications and devices. This change reflects an adaptation of Russia’s cybersecurity strategy to the prolonged nature of the conflict, emphasizing the importance of signals intelligence for battlefield advantages.…

Read More

Written by: Emily Astranova, Pascal Issa

 

Executive SummaryAI-powered voice cloning can now mimic human speech with uncanny precision, creating for more realistic phishing schemes.  According to news reports, scammers have leveraged voice cloning and deepfakes to steal over HK$200 million from an organization. Attackers can use AI-powered voice cloning in various phases of the attack lifecycle, including initial access, and lateral movement and privilege escalation.…
Read More
1. Overview

Recently, Windows operating system hosts using CrowdStrike’s terminal security products encountered a serious system crash, namely the “Blue Screen of Death” (BSOD), which caused the computer system to fail to operate normally. The incident affected a wide range of areas, and Antiy urgently followed up and analyzed and released a report “Technical Analysis of CrowdStrike’s Large-Scale System Crash Incident – and Meditation on “Falcon Feather Breaking”” .…

Read More

Summary: Following a significant outage caused by a software update from CrowdStrike, malicious actors are exploiting the situation to launch phishing attacks and other scams. The U.S. cybersecurity agency CISA has warned individuals to be cautious of suspicious emails and links during this chaotic period.

Threat Actor: Malicious Actors | malicious actors Victim: CrowdStrike | CrowdStrike

Key Point :

CISA reported that threat actors are taking advantage of the CrowdStrike outage for phishing and other malicious activities.…
Read More

Published On : 2024-07-19

EXECUTIVE SUMMARY

In the second quarter of 2024, Advanced Persistent Threat (APT) groups from China, North Korea, Iran, and Russia demonstrated a surge in dynamic and innovative cyber activities, significantly challenging the global cybersecurity landscape.

Starting with Iran, state-sponsored threat actors exhibited advanced capabilities across various regions and sectors.…

Read More

Summary: Ransomware activity increased in the second quarter, with threat groups listing 1,237 organizations on data leak sites, and LockBit accounting for a significant number of victims in May. U.S.-based businesses were the most targeted, particularly in the manufacturing and professional services sectors.

Threat Actor: LockBit | LockBit Victim: Various organizations | LockBit ransomware victims

Key Point :

Ransomware activity increased in Q2, with 1,237 organizations listed on data leak sites, a 20% increase from Q1.…
Read More

Summary: The content discusses the cybersecurity threats faced by the Paris 2024 Olympic Games and the increase in cybersecurity services spending to defend against these threats.

Threat Actor: Cybercriminals | Cybercriminals Victim: Paris 2024 Olympic Games | Paris 2024 Olympic Games

Key Point :

The Paris 2024 Olympic Games will face the largest number of cybersecurity threats, with a complex threat landscape and a large ecosystem of threat actors.…
Read More

The Kimsuky APT is a North Korea-based cyber espionage group operating since at least 2012. Initially, The group targeted South Korean government entities, think tanks, and individuals identified as experts in various fields.

Tracked as: APT43, Black Banshee, Velvet Chollima, THALLIUM, ARCHIPELAGO, and Emerald Sleet

Targets and Objectives: The group primarily targets South Korea, Japan, and the United States, focusing on sectors such as national defense, education, energy, government, healthcare, and think tanks.…

Read More

Summary

Insikt Group's research reveals that OilAlpha, a likely pro-Houthi group, continues to target humanitarian and human rights organizations operating in Yemen. They use malicious Android applications to steal credentials and gather intelligence, potentially to control aid distribution. Notable organizations affected include CARE International and the Norwegian Refugee Council.…

Read More