PurpleKeep - Providing Azure Pipelines To Create An Infrastructure And Run Atomic Tests

With the rapidly increasing variety of attack techniques and a simultaneous rise in the number of detection rules offered by EDRs Endpoint Detection and Response and custom-created ones, the need for constant functional testing of detection rules has become evident. However, manually re-running...

Attacks on European Union and Ukrainian government entities carried out by the Armageddon group

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The Computer Emergency Response Team of Ukraine CERT-UA has issued an alert warning of an ongoing spear-phishing attempt aimed at delivering an email with a malware attachment to Ukrainian government institutions and European...

APT 10, a state-sponsored Chinese threat group, conducting a global cyber espionage operation

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here A Chinese state-sponsored advanced persistent threat APT 10 group has been attacking government, legal, religious entities and non-governmental organizations NGOs around the world in what appears to be an espionage campaign th...

Deep Panda deploys new rootkit “Fire Chili” by exploiting Log4shell in VMware horizon

THREAT LEVEL: Red For a detailed advisory, download the pdf file here Deep Panda, a Chinese APT group, took advantage of the well-known Log4Shell vulnerability in VMware Horizon servers to deploy a backdoor, rootkit, and steal sensitive data. This threat actor is primarily targeting firms in the...

Prolific threat actor TA551 using new malware IcedID

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here TA551 is a financially motivated threat group that has been active at least since 2018. The gang primarily targeted English, German, Italian, and Japanese speakers through email-based malware distribution activities. IcedID, a...

Muhstik botnet adds another vulnerability exploit to its arsenal

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Muhstik malware has begun attacking Redis Servers by exploiting a recently reported vulnerability, CVE-2022-0543. This flaw can be found in several Redis Debian packages. The attack began on March 11, 2022, and was carried out...

North Korean state-sponsored threat actor Lazarus Group exploiting Chrome Zero-day vulnerability

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here For more than a month before a fix was available, North Korean state hackers known as Lazarus group exploited a zero-day, remote code execution vulnerability CVE-2022-0609 in Google Chromes web browser. The attack mainly targe...

LAPSUS$ – New extortion group involved in the breach against Nvidia, Microsoft, Okta and Samsung

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Lapsus$ DEV-0537 is an extortion threat group that first appeared on December 10, 2021, and has since breached the Brazilian Ministry of Health, NVIDIA, Samsung, Vodafone, Ubisoft, Octa, and Microsoft. Unlike other extortionis...

AvosLocker Ransomware group has targeted 50+ Organizations Worldwide

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency released threat advisories on AvosLocker Ransomware. It is a Ransomware as a Service RaaS affiliate-based group that has targeted 50+...

New Threat Actor Exotic Lily acting as Initial Access Broker for Conti and Diavol ransomware group

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Exotic Lily was first discovered exploiting a zero-day vulnerability in Microsoft MSHTML CVE-2021-40444, which piqued the curiosity of researchers as a potentially sophisticated threat actor. Following additional analysis, it...

Russian threat actors leveraging misconfigured multifactor authentication to exploit PrintNightmare vulnerability

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI have issued an alert for enterprises that Russian state-sponsored cyber attackers have obtained network access by exploiting...

Russian threat actor UAC-0056 targets European countries

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. The Governmental Computer Emergency Response Team of Ukraine CERT-UA has released an alert about a Russian threat actor UAC-0056 SaintBear, UNC2589, TA471 delivering malwares using email attachments. UNC2589 is a cyber...

Pandora Ransomware Targets Multiple Plants around the Globe

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Pandora ransomware is a new operation that targets business networks and obtains data for double-extortion assaults and active since March 2022. DENSO, a Japanese auto parts manufacturers plant in Germany, and Global Wafers...

LockBit 2.0 Ransomware affiliates targeting Renowned Organizations

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Since September 2021, LockBit 2.0 has targeted 500+ organizations in vital areas globally. The most recent attack targeted well-known tire producer Bridgestone, software behemoth Accenture, and the French Ministry of Justice...

RangnarLocker Ransomware hits Critical Infrastructure Compromising 50+ Organizations

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The Federal Bureau of Investigation FBI has released an alert on Ragnarlocker campaign that has affected nearly 52 organizations encompassing 10 critical infrastructure sectors, including entities in significant manufacturing,...

Chinese state-sponsored threat group APT41 targets U.S. critical organizations using two Zero-Days

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here A China state-sponsored threat group known as APT41 is observed compromising at least six U.S. state governments networks in a threat campaign beginning from May 2021. APT41 is a well-known Chinese state-sponsored espionage...