Published On : 2024-07-19

EXECUTIVE SUMMARY

In the second quarter of 2024, Advanced Persistent Threat (APT) groups from China, North Korea, Iran, and Russia demonstrated a surge in dynamic and innovative cyber activities, significantly challenging the global cybersecurity landscape.

Starting with Iran, state-sponsored threat actors exhibited advanced capabilities across various regions and sectors.…

Read More

Summary: Ransomware activity increased in the second quarter, with threat groups listing 1,237 organizations on data leak sites, and LockBit accounting for a significant number of victims in May. U.S.-based businesses were the most targeted, particularly in the manufacturing and professional services sectors.

Threat Actor: LockBit | LockBit Victim: Various organizations | LockBit ransomware victims

Key Point :

Ransomware activity increased in Q2, with 1,237 organizations listed on data leak sites, a 20% increase from Q1.…
Read More

Summary: The content discusses the cybersecurity threats faced by the Paris 2024 Olympic Games and the increase in cybersecurity services spending to defend against these threats.

Threat Actor: Cybercriminals | Cybercriminals Victim: Paris 2024 Olympic Games | Paris 2024 Olympic Games

Key Point :

The Paris 2024 Olympic Games will face the largest number of cybersecurity threats, with a complex threat landscape and a large ecosystem of threat actors.…
Read More

The Kimsuky APT is a North Korea-based cyber espionage group operating since at least 2012. Initially, The group targeted South Korean government entities, think tanks, and individuals identified as experts in various fields.

Tracked as: APT43, Black Banshee, Velvet Chollima, THALLIUM, ARCHIPELAGO, and Emerald Sleet

Targets and Objectives: The group primarily targets South Korea, Japan, and the United States, focusing on sectors such as national defense, education, energy, government, healthcare, and think tanks.…

Read More

Summary

Insikt Group's research reveals that OilAlpha, a likely pro-Houthi group, continues to target humanitarian and human rights organizations operating in Yemen. They use malicious Android applications to steal credentials and gather intelligence, potentially to control aid distribution. Notable organizations affected include CARE International and the Norwegian Refugee Council.…

Read More

Summary: Japanese organizations are being targeted by the North Korean ‘Kimsuky’ threat actors, who use social engineering and phishing to gain initial access to networks and deploy custom malware to steal data and maintain persistence.

Threat Actor: Kimsuky | Kimsuky Victim: Japanese organizations | Japanese organizations

Key Point :

The North Korean ‘Kimsuky’ threat actors are targeting Japanese organizations.…
Read More

Summary: This article discusses the shift in tactics of ransomware groups, who are now stealing sensitive information instead of just encrypting files and demanding ransom payments.

Threat Actor: Various ransomware groups

Victim: Multiple victims targeted by the ransomware groups

Key Point :

Ransomware groups are developing custom malware to steal sensitive information from victims.…
Read More

Written by: John Hultquist

 

As North Atlantic Treaty Organization (NATO) members and partners gather for a historic summit, it is important to take stock of one of its most pressing challenges—the cyber threat. The Alliance faces a barrage of malicious cyber activity from all over the globe, carried out by emboldened state-sponsored actors, hacktivists, and criminals who are willing to cross lines and carry out activity that was previously considered unlikely or inconceivable.…

Read More

Summary: This content discusses the arrest of 54 individuals involved in a vishing fraud scheme that targeted Spanish senior citizens, resulting in €2.5m ($2.7m) in losses. Additionally, Interpol’s “Operation First Light 2024” led to the arrest of thousands of suspects involved in various scams globally.

Threat Actor: Vishing fraud gang

Key Points:

The Spanish National Police, Mossos d’Esquadra, and Portuguese Judicial Police have arrested 54 individuals suspected of participating in a vishing fraud scheme that targeted Spanish senior citizens.…
Read More

Published On : 2024-07-06

EXECUTIVE SUMMARY

At CYFIRMA, we deliver timely insights into prevalent threats and malicious tactics impacting organizations and individuals. Our research team recently discovered a RAR archive in the wild, likely distributed via spam or phishing emails. This archive contains a loader binary that, upon infection, deploys batch and PowerShell scripts designed to collect sensitive user information.…

Read More
Table of ContentsOverview Distribution Method and ChangesDistribution Method Changes to HappyDoorDetailed AnalysisSummary CharacteristicsRegistry Data Packet Data Packet Structure and Server Operation MethodFeaturesInformation Theft BackdoorConclusion

This report is a summarized version of “Analysis Report of Kimsuky Group’s HappyDoor Malware” introduced in AhnLab Threat Intelligence Platform (TIP), containing key information for analyzing breaches. …

Read More

We’ve recently seen a surge in attacks involving the Mekotio banking trojan. In this blog entry, we’ll provide an overview of the trojan and what it does.

Introduction

The Mekotio banking trojan is  a sophisticated piece of malware that has been active since at least 2015, primarily targeting Latin American countries with the goal of stealing sensitive information — particularly banking credentials — from its targets.…

Read More

Summary: The content discusses the emergence of the FakeBat loader as a prominent threat in the first half of 2024, which utilizes the drive-by download technique to spread malware.

Threat Actor: FakeBat loader | FakeBat loader Victim: Unsuspecting users | unsuspecting users

Key Point :

The FakeBat loader, also known as EugenLoader or PaykLoader, is a threat that utilizes the drive-by download technique to spread malware.…
Read More

Summary: Spanish and Portuguese police have arrested 54 individuals suspected of participating in a vishing fraud scheme that targeted Spanish senior citizens, resulting in €2.5m ($2.7m) in losses.

Threat Actor: Unknown | Unknown Victim: Spanish senior citizens | Spanish senior citizens

Key Point :

54 individuals have been arrested in Spain and Portugal for participating in a vishing fraud scheme that targeted Spanish senior citizens.…
Read More