18 matches found
CERT-UA Warns of HTA-Delivered C# Malware Attacks Using Court Summons Lures
The Computer Emergency Response Team of Ukraine CERT-UA has warned of cyber attacks carried out by a threat actor called UAC-0099 targeting government agencies, the defense forces, and enterprises of the defense-industrial complex in the country. The attacks, which leverage phishing emails as an...
Dark Caracal Uses Poco RAT to Target Spanish-Speaking Enterprises in Latin America
The threat actor known as Dark Caracal has been attributed to a campaign that deployed a remote access trojan called Poco RAT in attacks targeting Spanish-speaking targets in Latin America in 2024. The findings come from Russian cybersecurity company Positive Technologies, which described the...
Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain
The prolific Chinese nation-state actor known as APT41 aka Brass Typhoon, Earth Baku, Wicked Panda, or Winnti has been attributed to a sophisticated cyber attack targeting the gambling and gaming industry. "Over a period of at least six months, the attackers stealthily gathered valuable informati...
Attacks, Vulnerabilities and Actors 7 August to 13 August 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of eleven attacks executed, three vulnerabilities, and three different adversaries...
Bad Magic's Extended Reign in Cyber Espionage Goes Back Over a Decade
New findings about a hacker group linked to cyber attacks targeting companies in the Russo-Ukrainian conflict area reveal that it may have been around for much longer than previously thought. The threat actor, tracked as Bad Magic aka Red Stinger, has not only been linked to a fresh sophisticated...
Russia-Linked Hackers Launches Espionage Attacks on Foreign Diplomatic Entities
The Russia-linked APT29 aka Cozy Bear threat actor has been attributed to an ongoing cyber espionage campaign targeting foreign ministries and diplomatic entities located in NATO member states, the European Union, and Africa. According to Poland's Military Counterintelligence Service and the CERT...
Asian Governments and Organizations Targeted in Latest Cyber Espionage Attacks
Government and state-owned organizations in a number of Asian countries have been targeted by a distinct group of espionage hackers as part of an intelligence gathering mission that has been underway since early 2021. "A notable feature of these attacks is that the attackers leveraged a wide rang...
Iranian APT42 Launched Over 30 Espionage Attacks Against Activists and Dissidents
A state-sponsored advanced persistent threat APT actor newly christened APT42 formerly UNC788 has been attributed to over 30 confirmed espionage attacks against individuals and organizations of strategic interest to the Iranian government at least since 2015. Cybersecurity firm Mandiant said the...
Chinese Hackers Target Government Officials in Europe, South America, and Middle East
A Chinese hacking group has been attributed to a new campaign aimed at infecting government officials in Europe, the Middle East, and South America with a modular malware known as PlugX. Cybersecurity firm Secureworks said it identified the intrusions in June and July 2022, once again demonstrati...
Nation-state Hackers Target Journalists with Goldbackdoor Malware
Sophisticated hackers believed to be tied to the North Korean government are actively targeting journalists with novel malware dubbed Goldbackdoor. Attacks have consisted of multistage infection campaign with the ultimate goal of stealing sensitive information from targets. The campaign is believ...
China-linked Daxin Malware Targeted Multiple Governments in Espionage Attacks
A previously undocumented espionage tool has been deployed against selected governments and other critical infrastructure targets as part of a long-running espionage campaign orchestrated by China-linked threat actors since at least 2013. Broadcom's Symantec Threat Hunter team characterized the...
Charming Kitten Sharpens Its Claws with PowerShell Backdoor
The Iranian advanced persistent threat APT Charming Kitten is sharpening its claws with a new set of tools, including a novel PowerShell backdoor and related stealth tactics, that show the group evolving yet again. The new tools may signal that it’s getting ready to pounce on new victims,...
‘Tomiris’ Backdoor Linked to SolarWinds Malware
Researchers have discovered a campaign delivering a previously unknown backdoor they’re calling Tomiris. Analysis of the new malware suggests that we may not have heard the last from the Nobelium advanced persistent threat APT behind the sprawling SolarWinds supply-chain attacks of 2020. Namely,...
Healthcare 2021: Cyberattacks to Center on COVID-19 Spying, Patient Data
Sophisticated cybercriminals have been trying to steal COVID-19 vaccine research – and researchers say there’s more of that to come going into 2021. Intellectual property theft will join ransomware, cloud-stored patient data theft and advanced phishing efforts as the main hallmarks of...
Trojanized Security Software Hits South Korea Users in Supply-Chain Attack
Cybersecurity researchers took the wraps off a novel supply chain attack in South Korea that abuses legitimate security software and stolen digital certificates to distribute remote administration tools RATs on target systems. Attributing the operation to the Lazarus Group, also known as Hidden...
COVID-19 Clinical Trials Slowed After Ransomware Attack
A ransomware attack has hit eResearchTechnology, a medical software company that supplies pharma companies with tools for conducting clinical trials – including trials for COVID-19 vaccines. The attackers could be financially motivated — or could be backed by a nation-state looking to gain...
NSO Group Impersonates Facebook Security Team to Spread Spyware — Report
According to an investigative journalist team, the Israeli authors of the infamous Pegasus mobile spyware, NSO Group, have been using a spoofed Facebook login page, crafted to look like an internal Facebook security team portal, to lure victims in. The news comes as Facebook alleges that NSO Grou...
Malaysian flight MH370 tragedy abused by Chinese hackers for Espionage attacks
The Mysterious Malaysian Airlines flight MH370, a Boeing 777-200 aircraft that has gone missing by the time it flew from Kuala Lumpur to Beijing. The Malaysian Prime Minister had also confirmed that the Malaysia Airlines plane had crashed in a remote part of the southern Indian Ocean. Cyber...