Operation-Molasses

🍯 OPERATION MOLASSES PEKMEZ Zencefil Efendi's Cyber Dow...

Libraesva ESG 4.5 < 5.0.31 / 5.1.20 / 5.2.31 / 5.3.16 / 5.4.8 / 5.5.7 Command Injection (CVE-2025-59689)

The version of Libraesva ESG installed on the remote host is affected by a command injection flaw as referenced in the CVE-2025-59689 advisory. The vulnerability is triggered by an improper sanitization mechanism when removing active code from specific compressed archive formats. An attacker can...

Chinese Hackers RedNovember Target Global Governments Using Pantegana and Cobalt Strike

A suspected cyber espionage activity cluster that was previously found targeting global government and private sector organizations spanning Africa, Asia, North America, South America, and Oceania has been assessed to be a Chinese state-sponsored threat actor. Recorded Future, which was tracking...

Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats

Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been targeting embassies located in Moscow using an adversary-in-the-middle AiTM position to deploy their custom ApolloShadow malware. ApolloShadow has the...

Iran-Linked BladedFeline Hits Iraqi and Kurdish Targets with Whisper and Spearal Malware

An Iran-aligned hacking group has been attributed to a new set of cyber attacks targeting Kurdish and Iraqi government officials in early 2024. The activity is tied to a threat group ESET tracks as BladedFeline , which is assessed with medium confidence to be a sub-cluster within OilRig, a known...

ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach

ConnectWise, the developer of remote access and support software ScreenConnect, has disclosed that it was the victim of a cyber attack that it said was likely perpetrated by a nation-state threat actor. "ConnectWise recently learned of suspicious activity within our environment that we believe wa...

Cloudflare Hacked After State Actor Leverages Okta Breach

By Deeba Ahmed CloudFlare Servers Were Hacked on Thanksgiving Day Using Auth Tokens Stolen in Okta Breach. This is a post from HackRead.com Read the original post: Cloudflare Hacked After State Actor Leverages Okta Breach...

Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 Years

An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been attributed to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021. "UNC3886 has a track record of utilizing...

PT-2024-15283 · Undefined · Undefined

🚨 ZeroDay Alert in Ivanti VPN! CVE-2023-846805 & CVE-2024-21887 let attackers bypass 2FA & run code. 🛡️ Volexity links this to UTA0178, a suspected state-level actor. Urgent patching needed! 💻🔐 CyberSecurity IvantiVPN InfoSec...

Star Blizzard increases sophistication and evasion in ongoing attacks

Microsoft Threat Intelligence continues to track and disrupt malicious activity attributed to a Russian state-sponsored actor we track as Star Blizzard formerly SEABORGIUM, also known as COLDRIVER and Callisto Group. Star Blizzard has improved their detection evasion capabilities since 2022 while...

DoNot Team's New Firebird Backdoor Hits Pakistan and Afghanistan

The threat actor known as DoNot Team has been linked to the use of a novel .NET-based backdoor called Firebird targeting a handful of victims in Pakistan and Afghanistan. Cybersecurity company Kaspersky, which disclosed the findings in its APT trends report Q3 2023, said the attack chains are als...

Update now! Atlassian Confluence vulnerability is being actively exploited

Microsoft Threat Intelligence has revealed that it has been tracking the active exploitation of a vulnerability in Atlassian Confluence software since September 14, 2023. At the time the attacks were first observed the vulnerability was a zero-day, meaning that no update was available, so defende...

Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability

Microsoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Data Center and Server to a nation-state actor it tracks as Storm-0062 aka DarkShadow or Oro0lxy. The tech giant's threat intelligence team said it observed in-the-wild abuse of the vulnerability...

STARK#MULE Targets Koreans with U.S. Military-themed Document Lures

An ongoing cyber attack campaign has set its sights on Korean-speaking individuals by employing U.S. Military-themed document lures to trick them into running malware on compromised systems. Cybersecurity firm Securonix is tracking the activity under the name STARKMULE. The scale of the attacks i...

Azure AD Token Forging Technique in Microsoft Attack Extends Beyond Outlook, Wiz Reports

The recent attack against Microsoft's email infrastructure by a Chinese nation-state actor referred to as Storm-0558 is said to have a broader scope than previously thought. According to cloud security company Wiz, the inactive Microsoft account MSA consumer signing key used to forge Azure Active...

JumpCloud Blames 'Sophisticated Nation-State' Actor for Security Breach

A little over a week after JumpCloud reset API keys of customers impacted by a security incident, the company said the intrusion was the work of a sophisticated nation-state actor. The adversary "gained unauthorized access to our systems to target a small and specific set of our customers," Bob...

U.S. and U.K. Warn of Russian Hackers Exploiting Cisco Router Flaws for Espionage

U.K. and U.S. cybersecurity and intelligence agencies have warned of Russian nation-state actors exploiting now-patched flaws in networking equipment from Cisco to conduct reconnaissance and deploy malware against select targets. The intrusions, per the authorities, took place in 2021 and targete...

Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets

Over the past several months, Microsoft has observed a mature subgroup of Mint Sandstorm, an Iranian nation-state actor previously tracked as PHOSPHORUS, refining its tactics, techniques, and procedures TTPs. Specifically, this subset has rapidly weaponized N-day vulnerabilities in common...

MERCURY and DEV-1084: Destructive attack on hybrid environment

April 2023 update – Microsoft Threat Intelligence has shifted to a new threat actor naming taxonomy aligned around the theme of weather. MERCURY is now tracked as Mango Sandstorm and DEV-1084 is now tracked as Storm-1084. To learn more about the new taxonomy represents the origin, unique traits,...

MERCURY and DEV-1084: Destructive attack on hybrid environment

April 2023 update – Microsoft Threat Intelligence has shifted to a new threat actor naming taxonomy aligned around the theme of weather. MERCURY is now tracked as Mango Sandstorm and DEV-1084 is now tracked as Storm-1084. To learn more about the new taxonomy represents the origin, unique traits,...