Crypto24 Ransomware Group Blends Legitimate Tools with Custom Malware for Stealth Attacks

Crypto24 is a ransomware group that stealthily blends legitimate tools with custom malware, using advanced evasion techniques to bypass security and EDR technologies...

Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities

The Russia-linked advanced persistent threat APT group known as Turla has been linked to a previously undocumented campaign that involved infiltrating the command-and-control C2 servers of a Pakistan-based hacking group named Storm-0156 to conduct its own operations since 2022. The activity, firs...

Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware

Executive Summary Beginning in early October, Rapid7 has observed a resurgence of activity related to the ongoing social engineering campaign being conducted by Black Basta ransomware operators. Rapid7 initially reported the discovery of the novel social engineering campaign back in May, 2024,...

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 04 - Nov 10)

⚠️ Imagine this: the very tools you trust to protect you online—your two-factor authentication, your car's tech system, even your security software—turned into silent allies for hackers. Sounds like a scene from a thriller, right? Yet, in 2024, this isn't fiction; it's the new cyber reality...

TIDRONE Espionage Group Targets Taiwan Drone Makers in Cyber Campaign

A previously undocumented threat actor with likely ties to Chinese-speaking groups has predominantly singled out drone manufacturers in Taiwan as part of a cyber attack campaign that commenced in 2024. Trend Micro is tracking the adversary under the moniker TIDRONE, stating the activity is...

China-Linked Hackers Suspected in ArcaneDoor Cyberattacks Targeting Network Devices

The recently uncovered cyber espionage campaign targeting perimeter network devices from several vendors, including Cisco, may have been the work of China-linked actors, according to new findings from attack surface management firm Censys. Dubbed ArcaneDoor, the activity is said to have commenced...

Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan

Cisco Talos assesses with high confidence that YoroTrooper, an espionage-focused threat actor first active in June 2022, likely consists of individuals from Kazakhstan based on their use of Kazakh currency and fluency in Kazakh and Russian. The actor also appears to have a defensive interest in t...

Experts Uncover Year-Long Cyber Attack on IT Firm Utilizing Custom Malware RDStealer

A highly targeted cyber attack against an East Asian IT company involved the deployment of a custom malware written in Golang called RDStealer. "The operation was active for more than a year with the end goal of compromising credentials and data exfiltration," Bitdefender security researcher Vict...

Experts Uncover Year-Long Cyber Attack on IT Firm Utilizing Custom Malware RDStealer

A highly targeted cyber attack against an East Asian IT company involved the deployment of a custom malware written in Golang called RDStealer. "The operation was active for more than a year with the end goal of compromising credentials and data exfiltration," Bitdefender security researcher Vict...

North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware

The North Korean advanced persistent threat APT group known as Kimsuky has been observed using a piece of custom malware called RandomQuery as part of a reconnaissance and information exfiltration operation. "Lately, Kimsuky has been consistently distributing custom malware as part of...

New Tomiris APT Group Targets Governments

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Tomiris is a Russian-speaking advanced persistent threat APT group that has been active since at least 2021 and is known for its use of sophisticated tactics and tools, including zero-day exploits and...

PT-2023-1654 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: Fortinet FortiOS versions 7.2.0 through 7.2.3 Fortinet FortiOS versions 7.0.0 through 7.0.9 Fortinet FortiOS versions before 6.4.11 Description: The issue is related to an improper limitation of a pathname to a restricted directory...

Chinese Hackers Targeting European Entities with New MQsTTang Backdoor

The China-aligned Mustang Panda actor has been observed using a hitherto unseen custom backdoor called MQsTTang as part of an ongoing social engineering campaign that commenced in January 2023. "Unlike most of the group's malware, MQsTTang doesn't seem to be based on existing families or publicly...

New Attack Group Clasiopa Targets Materials Research Organization in Asia with Custom Malware

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary A new attack group called Clasiopa has been observed targeting materials research organizations in Asia using a distinct toolset that includes a custom malware called Backdoor.Atharvan. It is unclear wher...

Newly Identified Threat Actor Hydrochasma Targets Shipping Companies and Medical Laboratories in Asia

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Hydrochasma is a newly identified threat actor that has been targeting shipping companies and medical laboratories in Asia since October 2022. This groups primary focus appears to be on intelligence...

Researchers Uncover Connection b/w Moses Staff and Emerging Abraham's Ax Hacktivists Group

New research has linked the operations of a politically motivated hacktivist group known as Moses Staff to another nascent threat actor named Abraham's Ax that emerged in November 2022. This is based on "several commonalities across the iconography, videography, and leak sites used by the groups,...

Dark Pink APT Group Targets Governments and Military in APAC Region

Government and military organizations in the Asia-Pacific region are being targeted by a previously unknown advanced persistent threat APT actor, per latest research conducted by Albert Priego of Group-IB The Singapore-headquartered company, in a report shared with The Hacker News, said it's...

Russia Is Being Hacked at an Unprecedented Scale

From “IT Army” DDoS attacks to custom malware, the country has become a target like never before...

U.S. Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware

The U.S. government on Wednesday warned of nation-state actors deploying specialized malware to maintain access to industrial control systems ICS and supervisory control and data acquisition SCADA devices. "The APT actors have developed custom-made tools for targeting ICS/SCADA devices," multiple...

NICKEL targeting government organizations across Latin America and Europe

The Microsoft Threat Intelligence Center MSTIC has observed NICKEL, a China-based threat actor, targeting governments, diplomatic entities, and non-governmental organizations NGOs across Central and South America, the Caribbean, Europe, and North America. MSTIC has been tracking NICKEL since 2016...