24 matches found
TA446 Deploys DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign
Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit kit to target iOS devices. The activity has been attributed with high confidence to the Russian state-sponsored threat group known as...
CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance
The U.S. Cybersecurity and Infrastructure Security Agency CISA is warning that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager LTM module to conduct reconnaissance of target networks. It said the module is being used to...
Russian Military Cyber Actors Target US and Global Critical Infrastructure
Summary The Federal Bureau of Investigation FBI, Cybersecurity and Infrastructure Security Agency CISA, and National Security Agency NSA assess that cyber actors affiliated with the Russian General Staff Main Intelligence Directorate GRU 161st Specialist Training Center Unit 29155 are responsible...
Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets
Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard aka APT29 or Cozy Bear managed to gain access to some of its source code repositories and internal systems following a hack that came to light in January 2024. "In recent weeks, we have seen evidence that...
Five Eyes Agencies Expose APT29's Evolving Cloud Attack Tactics
Cybersecurity and intelligence agencies from the Five Eyes nations have released a joint advisory detailing the evolving tactics of the Russian state-sponsored threat actor known as APT29. The hacking outfit, also known as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard formerly Nobelium, a...
Russian APT28 Hackers Targeting High-Value Orgs with NTLM Relay Attacks
Russian state-sponsored actors have staged NT LAN Manager NTLM v2 hash relay attacks through various methods from April 2022 to November 2023, targeting high-value targets worldwide. The attacks, attributed to an "aggressive" hacking crew called APT28, have set their eyes on organizations dealing...
Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global Orgs
Microsoft on Thursday said the Russian state-sponsored threat actors responsible for a cyber attack on its systems in late November 2023 have been targeting other organizations and that it's currently beginning to notify them. The development comes a day after Hewlett Packard Enterprise HPE...
Star Blizzard increases sophistication and evasion in ongoing attacks
Microsoft Threat Intelligence continues to track and disrupt malicious activity attributed to a Russian state-sponsored actor we track as Star Blizzard formerly SEABORGIUM, also known as COLDRIVER and Callisto Group. Star Blizzard has improved their detection evasion capabilities since 2022 while...
Star Blizzard increases sophistication and evasion in ongoing attacks
Microsoft Threat Intelligence continues to track and disrupt malicious activity attributed to a Russian state-sponsored actor we track as Star Blizzard formerly SEABORGIUM, also known as COLDRIVER and Callisto Group. Star Blizzard has improved their detection evasion capabilities since 2022 while...
CERT-UA Alerts Ukrainian State Authorities of Remcos Software-Fueled Cyber Attacks
The Computer Emergency Response Team of Ukraine CERT-UA has issued an alert warning of cyber attacks against state authorities in the country that deploy a legitimate remote access software named Remcos. The mass phishing campaign has been attributed to a threat actor it tracks as UAC-0050, with...
Attackers target Ukraine using GoMet backdoor
Executive summary Since the Russian invasion of Ukraine began, Ukrainians have been under a nearly constant barrage of cyber attacks. Working jointly with Ukrainian organizations, Cisco Talos has discovered a fairly uncommon piece of malware targeting Ukraine — this time aimed at a large software...
U.S. Government Attributes Cyberattacks on SATCOM Networks to Russian State-Sponsored Malicious Cyber Actors
CISA and the Federal Bureau of Investigation FBI have updated the joint cybersecurity advisory, Strengthening Cybersecurity of SATCOM Network Providers and Customers, originally released March 17, 2022, with U.S. government attribution to Russian state-sponsored malicious cyber actors. The United...
Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability
Summary Multifactor Authentication MFA: A Cybersecurity Essential • MFA is one of the most important cybersecurity practices to reduce the risk of intrusions—according to industry research, users who enable MFA are up to 99 percent less likely to have an account compromised. • Every organization...
CISA Warns CISOs to Brace for Attacks
The U.S. Cybersecurity and Infrastructure Security Agency CISA, a United States federal agency under the oversight of the Department of Homeland Security, is urging business leaders and those responsible for digital security to prepare for attacks and adapt their digital security posture. This is...
New Variant of Russian Cyclops Blink Botnet Targeting ASUS Routers
ASUS routers have emerged as the target of a nascent botnet called Cyclops Blink, almost a month after it was revealed the malware abused WatchGuard firewall appliances as a stepping stone to gain remote access to breached networks. According to a new report published by Trend Micro, the botnet's...
Russian State-Sponsored Cyber Actors Access Network Misconfigured with Default MFA Protocols
CISA and the Federal Bureau of Investigation FBI have released a joint Cybersecurity Advisory that details how Russian state-sponsored cyber actors accessed a network with misconfigured default multifactor authentication MFA protocols. The actors then exploited a critical Windows Print Spooler...
Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure
Summary Actions Critical Infrastructure Organizations Should Implement to Immediately Strengthen Their Cyber Posture. • Patch all systems. Prioritize patching known exploited vulnerabilities. • Implement multi-factor authentication. • Use antivirus software. • Develop internal contact lists and...
Russian state-sponsored cyber actors targeting U.S. critical infrastructure
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here In a joint cybersecurity advisory, the Federal Bureau of Investigation FBI, the National Security Agency NSA, the Cybersecurity and Infrastructure Security Agency CISA revealed that Russian state-sponsored threat actors target...
This Week in Security News - February 18, 2022
SMS PVA services' use of infected Android phones reveals flaws in SMS verification, and 'Russian state-sponsored cyber actors' cited in hacks of U.S. defense contractors...
Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology
Summary Actions to Help Protect Against Russian State-Sponsored Malicious Cyber Activity: • Enforce multifactor authentication. • Enforce strong, unique passwords. • Enable M365 Unified Audit Logs. • Implement endpoint detection and response tools. From at least January 2020, through February 202...