Unsophisticated Cyber Actor(s) Targeting Operational Technology

CISA is increasingly aware of unsophisticated cyber actors targeting ICS/SCADA systems within U.S. critical Infrastructure sectors Oil and Natural Gas, specifically in Energy and Transportation Systems. Although these activities often include basic and elementary intrusion techniques, the presenc...

SocGholish’s Intrusion Techniques Facilitate Distribution of RansomHub Ransomware

Trend Research analyzed SocGholish’s MaaS framework and its role in deploying RansomHub ransomware through compromised websites, using highly obfuscated JavaScript loaders to evade detection and execute various malicious tasks...

SocGholish’s Intrusion Techniques Facilitate Distribution of RansomHub Ransomware

Trend Research analyzed SocGholish’s MaaS framework and its role in deploying RansomHub ransomware through compromised websites, using highly obfuscated JavaScript loaders to evade detection and execute various malicious tasks...

Inside Sophos' 5-Year War With the Chinese Hackers Hijacking Its Devices

Sophos went so far as to plant surveillance “implants” on its own devices to catch the hackers at work—and in doing so, revealed a glimpse into China's R&D pipeline of intrusion techniques...

FIN7 Cybercrime Syndicate Emerges as a Major Player in Ransomware Landscape

An exhaustive analysis of FIN7 has unmasked the cybercrime syndicate's organizational hierarchy, alongside unraveling its role as an affiliate for mounting ransomware attacks. It has also exposed deeper associations between the group and the larger threat ecosystem comprising the now-defunct...

Russian Foreign Intelligence Service (SVR) Cyber Operations: Trends and Best Practices for Network Defenders

Summary The Federal Bureau of Investigation FBI, Department of Homeland Security DHS, and Cybersecurity and Infrastructure Security Agency CISA assess Russian Foreign Intelligence Service SVR cyber actors—also known as Advanced Persistent Threat 29 APT 29, the Dukes, CozyBear, and Yttrium—will...