China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access

The China-linked threat actor behind the zero-day exploitation of security flaws in Microsoft Exchange servers in January 2021 has shifted its tactics to target the information technology IT supply chain as a means to obtain initial access to corporate networks. That's according to new findings...

China-Linked Hackers Suspected in ArcaneDoor Cyberattacks Targeting Network Devices

The recently uncovered cyber espionage campaign targeting perimeter network devices from several vendors, including Cisco, may have been the work of China-linked actors, according to new findings from attack surface management firm Censys. Dubbed ArcaneDoor, the activity is said to have commenced...

Charming Kitten's New Backdoor 'Sponsor' Targets Brazil, Israel, and U.A.E.

The Iranian threat actor known as Charming Kitten has been linked to a new wave of attacks targeting different entities in Brazil, Israel, and the U.A.E. using a previously undocumented backdoor named Sponsor. Slovak cybersecurity firm is tracking the cluster under the name Ballistic Bobcat...

Turla Exploits Ukraine’s Defense Sector with DeliveryCheck Backdoor

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary DeliveryCheck, a .NET-based backdoor, targets Ukraines defense sector, attributed to Russian actor Turla; it aims to exfiltrate Signal app data. Notably, it breaches Microsoft Exchange servers using...

BlackByte 2.0 Ransomware: Infiltrate, Encrypt, and Extort in Just 5 Days

Ransomware attacks are a major problem for organizations everywhere, and the severity of this problem continues to intensify. Recently, Microsoft's Incident Response team investigated the BlackByte 2.0 ransomware attacks and exposed these cyber strikes' terrifying velocity and damaging nature. Th...

The five-day job: A BlackByte ransomware intrusion case study

As ransomware attacks continue to grow in number and sophistication, threat actors can quickly impact business operations if organizations are not well prepared. In a recent investigation by Microsoft Incident Response previously known as Microsoft Detection and Response Team – DART of an...

PowerExchange Backdoor and Web Shells Breach at UAE Government Agency

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A high-severity attack targeted a UAE government agency, utilizing a custom PowerShell backdoor named PowerExchange and web shells on Microsoft Exchange servers. To receive real-time threat advisories,...

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2022-41082-POC PoC for the CVE-2022-41082 NotProxyShell OW...

APT Hackers Targeting Industrial Control Systems with ShadowPad Backdoor

Entities located in Afghanistan, Malaysia, and Pakistan are in the crosshairs of an attack campaign that targets unpatched Microsoft Exchange Servers as an initial access vector to deploy the ShadowPad malware. Russian cybersecurity firm Kaspersky, which first detected the activity in mid-October...

Elusive ToddyCat APT Targets Microsoft Exchange Servers

An advanced persistent threat APT group, dubbed ToddyCat, is believed behind a series of attacks targeting Microsoft Exchange servers of high-profile government and military installations in Asia and Europe. The campaigns, according to researchers, began in December 2020, and have been largely...

APT ToddyCat

ToddyCat is a relatively new APT actor that we have not been able to relate to other known actors, responsible for multiple sets of attacks detected since December 2020 against high-profile entities in Europe and Asia. We still have little information about this actor, but we know that its main...

Hackers Deploy IceApple Exploitation Framework on Hacked MS Exchange Servers

Researchers have detailed a previously undocumented .NET-based post-exploitation framework called IceApple that has been deployed on Microsoft Exchange server instances to facilitate reconnaissance and data exfiltration. "Suspected to be the work of a state-nexus adversary, IceApple remains under...

Microsoft Exposes Evasive Chinese Tarrask Malware Attacking Windows Computers

The Chinese-backed Hafnium hacking group has been linked to a piece of a new malware that's used to maintain persistence on compromised Windows environments. The threat actor is said to have targeted entities in the telecommunication, internet service provider and data services sectors from Augus...

A New APT Hacking Group Targeting Fuel, Energy, and Aviation Industries

A previously undocumented threat actor has been identified as behind a string of attacks targeting fuel, energy, and aviation production industries in Russia, the U.S., India, Nepal, Taiwan, and Japan with the goal of stealing data from compromised networks. Cybersecurity company Positive...

Unpatched Microsoft Exchange servers hit with ProxyShell attack

By Waqas Researchers have identified 140+ webshells launched against 1,900 unpatched Microsoft Exchange servers. This is a post from HackRead.com Read the original post: Unpatched Microsoft Exchange servers hit with ProxyShell attack...

ProxyShell and PetitPotam exploits weaponized by LockFile Ransomware Group

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. LockFile, a new ransomware gang, has been active since last week. LockFile began by using a publicly disclosed PetitPotam exploit CVE-2021-36942 to compromise Windows Domain Controllers earlier this week. Using ProxyShell...

Hackers Actively Searching for Unpatched Microsoft Exchange Servers

Threat actors are actively carrying out opportunistic scanning and exploitation of Exchange servers using a new exploit chain leveraging a trio of flaws affecting on-premises installations, making them the latest set of bugs after ProxyLogon vulnerabilities were exploited en masse at the start of...

Black Hat 2021: Rapid7 Experts Share Key Day 2 Takeaways

Here we are again, back for another day of Rapid7 expert debriefings and analysis for some of the most talked-about Black Hat sessions of this year. So without further delay, let’s take it away! Get more DEF CON 2021 insights from our Research team on Tuesday, August 10 Sign up for our What...

Microsoft Issues Security Patches for 89 Flaws — IE 0-Day Under Active Attacks

Microsoft plugged as many as 89 security flaws as part of its monthly Patch Tuesday updates released today, including fixes for an actively exploited zero-day in Internet Explorer that could permit an attacker to run arbitrary code on target machines. Of these flaws, 14 are listed as Critical, an...

Patch now! Exchange servers attacked by Hafnium zero-days

Microsoft has detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. Microsoft attributes the attacks to a group they have dubbed Hafnium. “HAFNIUM primarily targets entities in the United States across a number ...