84 matches found
Vulnerabilities & Threats that Matter 25 – 31st July
Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 462 7 4 52 22 64 For a detailed threat digest, download the pdf file here Summary The Last week of July 2022 witnessed the discovery of 462 vulnerabilities out of which 7...
APT29 utilizes cloud storage service to deliver malicious payloads
Threat Level Actor Report For a detailed advisory, download the pdf file here Summary APT29, a cyber espionage gang uses cloud storage services such as Google Drive and Dropbox to distribute malware to compromised systems. The gang used a phishing campaign that targeted several Western diplomatic...
Russian Hackers Using DropBox and Google Drive to Drop Malicious Payloads — The Hacker News
The Russian state-sponsored hacking collective known as APT29 has been attributed to a new phishing campaign that takes advantage of legitimate cloud services like Google Drive and Dropbox to deliver malicious payloads on compromised systems. "These campaigns are believed to have targeted several...
Hackers Abusing BRc4 Red Team Penetration Tool in Attacks to Evade Detection
Malicious actors have been observed abusing legitimate adversary simulation software in their attacks in an attempt to stay under the radar and evade detection. Palo Alto Networks Unit 42 said a malware sample uploaded to the VirusTotal database on May 19, 2022, contained a payload associated wit...
Russian Hackers Targeting Diplomatic Entities in Europe, Americas, and Asia
A Russian state-sponsored threat actor has been observed targeting diplomatic and government entities as part of a series of phishing campaigns commencing on January 17, 2022. Threat intelligence and incident response firm Mandiant attributed the attacks to a hacking group tracked as APT29 aka Co...
Russian APT Hackers Used COVID-19 Lures to Target European Diplomats
The Russia-linked threat actor known as APT29 targeted European diplomatic missions and Ministries of Foreign Affairs as part of a series of spear-phishing campaigns mounted in October and November 2021. According to ESET's T3 2021 Threat Report shared with The Hacker News, the intrusions paved t...
New Malware Used by SolarWinds Attackers Went Undetected for Years
The threat actor behind the supply chain compromise of SolarWinds has continued to expand its malware arsenal with new tools and techniques that were deployed in attacks as early as 2019, once indicative of the elusive nature of the campaigns and the adversary's ability to maintain persistent...
Mitigation of Supply Chain Risks in Microsoft 365
In this blog we review five attack techniques exploited to compromise MS 365 tenants. Qualys SaaS Detection & Response can be used by both IT and security teams to assess these threats, and then to fix common misconfigurations, hardening supply chain defenses. Last October, news of Microsoft 365 ...
Tenacity 2.0 – Emulating Threat groups
Introduction The previous article: Tenacity – An Adversary Emulation Tool for Persistence, walked us through the working of Tenacity, techniques it supports, and how it can help organizations and individuals to validate the risk posture. As with the second installment of the series, this post wil...
Microsoft Warns of FoggyWeb Malware Targeting Active Directory FS Servers
Microsoft on Monday revealed new malware deployed by the hacking group behind the SolarWinds supply chain attack last December to deliver additional payloads and steal sensitive information from Active Directory Federation Services AD FS servers. The tech giant's Threat Intelligence Center MSTIC...
Experts Uncover Several C&C Servers Linked to WellMess Malware
Cybersecurity researchers on Friday unmasked new command-and-control C2 infrastructure belonging to the Russian threat actor tracked as APT29, aka Cozy Bear, that has been spotted actively serving WellMess malware as part of an ongoing attack campaign. More than 30 C2 servers operated by the...
Malware Makers Using ‘Exotic’ Programming Languages
Malware authors are increasingly using rarely spotted programming languages such as Go, Rust, Nim and DLang in order to create new tools and to hinder analysis, researchers have found. Use of those four languages is escalating in the number of malware families being identified, according to a...
Attackers Breach Microsoft Customer Service Accounts
The same group behind the SolarWinds supply-chain attacks has been targeting Microsoft’s corporate networks to gain access to specific organizations — primarily, U.S.-based IT and government organizations. Microsoft officially announced the attacks after Reuters obtained an email sent to customer...
Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs
Summary This Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency CISA and the...
Top 12 Security Flaws Russian Spy Hackers Are Exploiting in the Wild
Cyber operatives affiliated with the Russian Foreign Intelligence Service SVR have switched up their tactics in response to previous public disclosures of their attack methods, according to a new advisory jointly published by intelligence agencies from the U.K. and U.S. Friday. "SVR cyber operato...
Ryuk Ransomware Attack Sprung by Frugal Student
A European biomolecular research institute involved in COVID-19 research lost a week’s worth of research data, all thanks to a Ryuk ransomware attack traced back to a student trying to save money by buying unlicensed software. Security researchers at Sophos described the attack in a report...
A Tale of Two Hacks: From SolarWinds to Microsoft Exchange
The past four months have exposed two high-profile attacks, which both had pundits declaring them the “worst-ever” and “unprecedented.” They shared other similarities – both attacked businesses rather than individuals, and affected tens of thousands of organizations. But that is where the...
FBI, CISA Uncover Tactics Employed by Russian Intelligence Hackers
The U.S. Cybersecurity and Infrastructure Security Agency CISA, Department of Homeland Security DHS, and the Federal Bureau of Investigation FBI on Monday published a new joint advisory as part of their latest attempts to expose the tactics, techniques, and procedures TTPs adopted by the Russian...
Researchers Find Additional Infrastructure Used By SolarWinds Hackers
The sprawling SolarWinds cyberattack which came to light last December was known for its sophistication in the breadth of tactics used to infiltrate and persist in the target infrastructure, so much so that Microsoft went on to call the threat actor behind the campaign "skillful and methodic...
NSA: 5 Security Bugs Under Active Nation-State Cyberattack
The Feds are warning that nation-state actors are once again after U.S. assets, this time in a spate of cyberattacks that exploit five vulnerabilities that affect VPN solutions, collaboration-suite software and virtualization technologies. According to the U.S. National Security Agency NSA, which...