5 matches found
Ukrainian Institutions Targeted Using HATVIBE and CHERRYSPY Malware
The Computer Emergency Response Team of Ukraine CERT-UA has alerted of a spear-phishing campaign that targeted a scientific research institution in the country with malware known as HATVIBE and CHERRYSPY. The agency attributed the attack to a threat actor it tracks under the name UAC-0063, which...
RedCurl Cybercrime Group Abuses Windows PCA Tool for Corporate Espionage
The Russian-speaking cybercrime group called RedCurl is leveraging a legitimate Microsoft Windows component called the Program Compatibility Assistant PCA to execute malicious commands. "The Program Compatibility Assistant Service pcalua.exe is a Windows service designed to identify and address...
Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access
The Iranian threat actor known as MuddyWater is continuing its time-tested tradition of relying on legitimate remote administration tools to commandeer targeted systems. While the nation-state group has previously employed ScreenConnect, RemoteUtilities, and Syncro, a new analysis from Group-IB h...
Budworm Hackers Resurface with New Espionage Attacks Aimed at U.S. Organization
An advanced persistent threat APT actor known as Budworm targeted a U.S.-based entity for the first time in more than six years, according to latest research. The attack was aimed at an unnamed U.S. state legislature, the Symantec Threat Hunter team, part of Broadcom Software, said in a report...
Hackers Try to Target European Officials to Get Info on Ukrainian Refugees, Supplies
Details of a new nation-state sponsored phishing campaign have been uncovered setting its sights on European governmental entities in what's seen as an attempt to obtain intelligence on refugee and supply movement in the region. Enterprise security company Proofpoint, which detected the malicious...