Winter Vivern with Pro-Russian Objectives Targets Government

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Winter Vivern Advanced Persistent Threat APT is a relatively underreported group that operates with pro-Russian objectives and targets government agencies. To receive real-time threat advisories, plea...

New 'Bad Magic' Cyber Threat Disrupts Ukraine's Key Sectors Amid War

Amid the ongoing war between Russia and Ukraine, government, agriculture, and transportation organizations located in Donetsk, Lugansk, and Crimea have been attacked as part of an active campaign that drops a previously unseen, modular framework dubbed CommonMagic. "Although the initial vector of...

LockBit 3.0 Ransomware: Inside the Cyberthreat That's Costing Millions

U.S. government agencies have released a joint cybersecurity advisory detailing the indicators of compromise IoCs and tactics, techniques, and procedures TTPs associated with the notorious LockBit 3.0 ransomware. "The LockBit 3.0 ransomware operations function as a Ransomware-as-a-Service RaaS...

New YoroTrooper Threat Actor Targeting Government and Energy Organizations

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary A new threat actor named "YoroTrooper," has been conducting espionage campaigns since at least June 2022. The groups main motivation appears to be espionage, and they register malicious domains or...

Winter Vivern APT Group Targeting Indian, Lithuanian, Slovakian, and Vatican Officials

The advanced persistent threat known as Winter Vivern has been linked to campaigns targeting government officials in India, Lithuania, Slovakia, and the Vatican since 2021. The activity targeted Polish government agencies, the Ukraine Ministry of Foreign Affairs, the Italy Ministry of Foreign...

APT Actors Exploited Telerik Vulnerability in Govt IIS Server – CISA

By Deeba Ahmed According to a joint advisory from the US CISA Cybersecurity and Infrastructure Security Agency, the FBI Federal Bureau… This is a post from HackRead.com Read the original post: APT Actors Exploited Telerik Vulnerability in Govt IIS Server - CISA...

Threat Source newsletter (March 16, 2023) — A deep dive into Talos' work in Ukraine

Welcome to this weeks edition of the Threat Source newsletter. Were written a ton about Cisco Talos support of Ukraine and our friends and allies there. Now, we encourage you to watch and listen to the folks who have been working hands-on there. The latest episode of ThreatWise TV from Hazel Burt...

YoroTrooper Stealing Credentials and Information from Government and Energy Organizations

A previously undocumented threat actor dubbed YoroTrooper has been targeting government, energy, and international organizations across Europe as part of a cyber espionage campaign that has been active since at least June 2022. "Information stolen from successful compromises include credentials...

Introducing MDBR+: Customized Security for Government Organizations

...

Tick Launches Attack on East Asian Data-Loss Prevention Software Company

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Tick, an APT group, attacked an East Asian data-loss prevention software company, compromising update servers and distributing malware, using trojanized installers, to access computers of government and...

Tick APT Targeted High-Value Customers of East Asian Data-Loss Prevention Company

A cyberespionage actor known as Tick has been attributed with high confidence to a compromise of an East Asian data-loss prevention DLP company that caters to government and military entities. "The attackers compromised the DLP company's internal update servers to deliver malware inside the...

CVE-2023-23392

creationtimestamp| type| source ---|---|--- 2023-03-15 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=989...

CVE-2023-21708

creationtimestamp| type| source ---|---|--- 2023-03-14 19:23:16+00:00| seen| https://t.me/cibsecurity/59981 2023-03-15 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=989 2023-03-15 07:54:44+00:00| exploited| https://t.me/kasperskyb2b/516...

The Prolificacy of LockBit Ransomware

Today, the LockBit ransomware is the most active and successful cybercrime organization in the world. Attributed to a Russian Threat Actor, LockBit has stepped out from the shadows of the Conti ransomware group, who were disbanded in early 2022. LockBit ransomware was first discovered in Septembe...

New KamiKakaBot Malware Targeting Government Entities in ASEAN Countries

Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The new KamiKakaBot malware has been discovered targeting government entities in ASEAN countries, with the Dark Pink APT group believed to be behind the campaign...

Fortinet FortiOS Flaw Exploited in Targeted Cyberattacks on Government Entities

Government entities and large organizations have been targeted by an unknown threat actor by exploiting a security flaw in Fortinet FortiOS software to result in data loss and OS and file corruption. "The complexity of the exploit suggests an advanced actor and that it is highly targeted at...

Fortinet FortiOS Flaw Exploited in Targeted Cyberattacks on Government Entities

Government entities and large organizations have been targeted by an unknown threat actor by exploiting a security flaw in Fortinet FortiOS software to result in data loss and OS and file corruption. "The complexity of the exploit suggests an advanced actor and that it is highly targeted at...

KamiKakaBot Malware Used in Latest Dark Pink APT Attacks on Southeast Asian Targets

The Dark Pink advanced persistent threat APT actor has been linked to a fresh set of attacks targeting government and military entities in Southeast Asian countries with a malware called KamiKakaBot. Dark Pink, also called Saaiwc, was extensively profiled by Group-IB earlier this year, describing...

SYS01 Stealer Targets Government and Manufacturing Industry

Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The SYS01 stealer has been targeting critical government infrastructure employees, manufacturing companies, and other industries, and using various delivery technique...

Sharp Panda Using New Soul Framework Version to Target Southeast Asian Governments

High-profile government entities in Southeast Asia are the target of a cyber espionage campaign undertaken by a Chinese threat actor known as Sharp Panda since late last year. The intrusions are characterized by the use of a new version of the Soul modular framework, marking a departure from the...