Lucene search
K
HiveproMost viewed

1589 matches found

hivepro
hivepro
added 2023/03/17 7:20 a.m.21 views

New YoroTrooper Threat Actor Targeting Government and Energy Organizations

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary A new threat actor named "YoroTrooper," has been conducting espionage campaigns since at least June 2022. The groups main motivation appears to be espionage, and they register malicious domains or...

1.7AI score
Exploits0
hivepro
hivepro
added 2023/03/03 8:32 a.m.21 views

New MQsTTang Backdoor from Mustang Panda Targets Political and Governmental Organizations

Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary A new custom backdoor called MQsTTang, which they attribute to the Mustang Panda APT group. This backdoor is part of an ongoing campaign that began in early January...

1.6AI score
Exploits0
hivepro
hivepro
added 2023/02/27 12:0 p.m.21 views

Actors, Threats and Vulnerabilities 20 February to 26 February 2023

For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here HiveForce Labs has identified five active threat actors over the past week. The Earth Kitsune APT and Lazarus Group are North Korean-based cybercrime groups that focus on...

0.9AI score
Exploits0
hivepro
hivepro
added 2023/01/11 6:17 a.m.21 views

PatchWork gang dropped a variant of the BADNEWS Trojan

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Patchwork deployed a variant of the BADNEWS Ragnatela Remote Administration Trojan that employed malicious RTF files in its most recent campaign. The groups project name and control panel are named...

2.3AI score
Exploits0
hivepro
hivepro
added 2022/12/07 10:44 a.m.21 views

Recent Lazarus campaign leveraged Crypto App to spread AppleJeus malware

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Lazarus Group threat actor was noticed employing fake cryptocurrency apps as a ruse to transmit a previously unidentified version of the AppleJeus malware masquerading as malicious Microsoft Office...

1.6AI score
Exploits0
hivepro
hivepro
added 2022/06/21 2:18 p.m.21 views

New vulnerability allows attackers to takeover entire WordPress website

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary An unauthenticated attacker can call multiple methods in Ninja Forms class in order to inject objects to eventually perform Remote Code ExecutionRCE...

5.2AI score
Exploits0
hivepro
hivepro
added 2022/02/07 2:23 p.m.21 views

Iranian state-sponsored APT group MuddyWater targeting organizations via malicious executables

THREAT LEVEL: Red. United States Cyber Command USCYBERCOM has warned of an ongoing cyber attack by Iranian state sponsored actor named as MuddyWater. This APT group is currently targeting Middle Eastern countries and has also targeted European and North American nations. The Iranian-backed...

0.1AI score
Exploits0
hivepro
hivepro
added 2024/06/04 10:40 a.m.20 views

Attacks, Vulnerabilities and Actors 27 May to 02 June 2024

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of four attacks were executed, three vulnerabilities were uncovered, and two active adversaries were...

9.6CVSS7.6AI score0.1002EPSS
Exploits3
hivepro
hivepro
added 2024/05/24 5:38 a.m.20 views

REF4578 Campaign Unleashes the Highly Modular GhostEngine Malware

...

7.3AI score
Exploits0
hivepro
hivepro
added 2024/05/23 11:18 a.m.20 views

Breaking Down Andariel APT’s Strike on South Korean Entities

...

7.3AI score
Exploits0
hivepro
hivepro
added 2024/05/22 4:25 a.m.20 views

Metamorfo Banking Trojan Targets the Americas

...

7.3AI score
Exploits0
hivepro
hivepro
added 2024/05/20 1:2 p.m.20 views

DarkGate Malware: Persistent Threat in Active Distribution

...

7.3AI score
Exploits0
hivepro
hivepro
added 2024/04/26 12:30 p.m.20 views

A Zero-Day Vulnerability in CrushFTP Results in Server Compromise

...

7.3AI score
Exploits0
hivepro
hivepro
added 2024/04/10 1:44 p.m.20 views

Critical Rust Flaw Renders Windows Systems Vulnerable

...

7.3AI score
Exploits0
hivepro
hivepro
added 2024/04/03 2:28 a.m.20 views

Stealer Malwares Delivered Through Malicious Ads and Bogus Websites

Summary: Two distinct stealer malware programs, including Atomic Stealer, are being distributed to Apple macOS users through deceptive advertisements and counterfeit websites. These recent attacks have successfully infected victims macOS devices with infostealers. Threat Level - Red | Attack Repo...

6.8AI score
Exploits0
hivepro
hivepro
added 2024/03/19 7:26 p.m.20 views

LockBit Takedown and Resurgence

What Happened? In a coordinated effort by National Crime Agency, Europol and multiple other internation law enforcement agencies dealt a significant blow to the operations of the LockBit ransomware group. Dubbed Operation Cronos, this multi-agency initiative led to the seizure of LockBit's dark w...

9.8CVSS9.9AI score0.08003EPSS
Exploits3
hivepro
hivepro
added 2024/03/14 6:15 p.m.20 views

VCURMS and STRRAT Trojans Using AWS and GitHub as Launchpads

Summary: A sophisticated phishing campaign is targeting personnel, enticing them to click on a seemingly innocuous button to authenticate payment details. However, this action initiates the download of a harmful JAR file from Amazon Web Services AWS onto the victims device. This malicious file...

7.3AI score
Exploits0
hivepro
hivepro
added 2024/03/08 1:27 p.m.20 views

GhostSec and Stormous Join Forces for a Ransomware Blitz

Summary: The GhostSec and Stormous ransomware factions have launched a sophisticated campaign. Introducing the GhostLocker 2.0 ransomware and the STMXGhostLocker ransomware-as-a-service RaaS initiative, these groups employ double extortion tactics, posing a significant threat to businesses...

7.1AI score
Exploits0
hivepro
hivepro
added 2024/02/23 6:15 a.m.20 views

RansomHouse’s MrAgent Reshaping Automation in Cyber Attacks

Summary: The RansomHouse group, operating as a Ransomware-as-a-Service RaaS entity, has recently introduced a sophisticated tool named MrAgent aimed at automating the deployment of its data encrypter across multiple hypervisors. Threat Level - Amber | Attack Report For a detailed threat advisory,...

7.2AI score
Exploits0
hivepro
hivepro
added 2024/02/21 2:22 p.m.20 views

Kimsuky Exploits Legitimate Certificate to Disseminate TrollAgent

Summary: The Kimsuky group, backed by North Korea, used TrollAgent malware via a fake security program to target a Korean construction associations website, stealing data and enabling remote control between December 2023 and January 2024. Threat Level - Amber | Attack Report For a detailed threat...

7.3AI score
Exploits0
hivepro
hivepro
added 2024/02/21 2:7 p.m.20 views

Iranian Threat Actor Adapts Tactics to Stay One Step Ahead

Summary: Charming Kitten, an Iranian threat actor, has recently been linked to a series of attacks targeting the Middle East. This campaign involves deploying a new backdoor called BASICSTAR through a deceptive webinar portal. Threat Level - Red | Attack Report For a detailed threat advisory,...

7.1AI score
Exploits0
hivepro
hivepro
added 2024/02/14 12:28 p.m.20 views

The Zardoor Backdoor’s Silent Takeover of Saudi Charities

Summary: An espionage operation, designed to distribute a backdoor called Zardoor, was uncovered with evidence suggesting it dates back to March 2021. In May 2023, this meticulously orchestrated campaign specifically targeted non-profit organizations in Saudi Arabia. Threat Level - Amber | Attack...

7.1AI score
Exploits0
hivepro
hivepro
added 2024/02/12 12:0 p.m.20 views

Albabat Ransomware Infiltrates via Counter-Strike Cheat Utility

Summary: Albabat ransomware, made its debut in November 2023, emerging as a financially motivated threat crafted in Rust. This ransomware has targeted both corporate entities and individual consumers across diverse geographical regions. Threat Level - Red | Attack Report For a detailed threat...

7.2AI score
Exploits0
hivepro
hivepro
added 2024/02/02 6:2 a.m.20 views

UNC4990 Leverage Hosting Platforms in USB Infection Chain

Summary: UNC4990, a financially motivated threat actor, has been observed targeting organizations in Italy by utilizing weaponized USB drives as an initial infection vector. Additionally, they are employing trusted websites such as Vimeo, GitHub, and Ars Technica to host encoded payloads disguise...

7.1AI score
Exploits0
hivepro
hivepro
added 2023/12/26 12:13 p.m.20 views

Bandook a 2007 Legacy Still Thriving in the Threat Landscape

Summary: The Bandook malware is a persistent remote access trojan RAT that surfaced in 2007. Programmed in Delphi and C++, it has evolved through various iterations over the years and has historical associations with Dark Caracal. It featured prominently in a campaign dubbed ‘Operation Manul’...

7.3AI score
Exploits0
hivepro
hivepro
added 2023/12/06 5:22 a.m.20 views

Iranian APT Group ‘CyberAv3ngers’ Target U.S. Critical Infrastructure

Summary: CyberAv3ngers, an Iranian APT group affiliated with the IRGC, is known for cyberattacks against critical infrastructure, recently targeting U.S. Water and Wastewater Systems facilities. The group employs defacement tactics, exploiting default credentials in Unitronics PLCs, and expressin...

7.3AI score
Exploits0
hivepro
hivepro
added 2023/11/15 5:17 a.m.20 views

Multiple Critical Vulnerabilities in Juniper Exploited in the Wild

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Multiple vulnerabilities have been discovered in Juniper Networks Junos OS, with the potential for pre-auth Remote Code Execution when chained in Juniper devices. Juniper Networks has confirmed th...

8.3AI score
Exploits0
hivepro
hivepro
added 2023/10/19 6:50 a.m.20 views

Kimsuky Unveils New Addition to Its Malware Arsenal

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Kimsuky, a cyber-espionage group, is known for infiltrating via spear-phishing attacks, and is recognized for its versatility in using various types of malware and tools to facilitate remote control durin...

6.7AI score
Exploits0
hivepro
hivepro
added 2023/10/14 8:45 a.m.20 views

Unraveling the Intricate Arsenal of Stayin’ Alive Campaign

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In the October Patch Tuesday release, Microsoft addressed 103 flaws, including three actively exploited zero-day vulnerabilities. These patches cover critical and important vulnerabilities, a Chromium fi...

6.9AI score
Exploits0
hivepro
hivepro
added 2023/10/03 11:15 a.m.20 views

Attacks, Vulnerabilities and Actors 25 September to 1 October 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of eight executed attacks, three instances of adversary activity, and four zero-day...

7AI score
Exploits0
hivepro
hivepro
added 2023/09/08 6:41 a.m.20 views

DuckTail Targets the Digital Marketers with Malicious Operations

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary DuckTail refers to an operation organized by several threat actors based in Vietnam. These threat actors not only employ common techniques but also share a common objective: to gain unauthorized access t...

7AI score
Exploits0
hivepro
hivepro
added 2023/08/23 1:19 p.m.20 views

Data Center Vulnerabilities a Ticking Time Bomb for Cloud Services

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Several flaws in critical data center infrastructure management systems and power distribution units pose a significant risk to cloud-based services. CyberPowers PowerPanel Enterprise has four...

6.8AI score
Exploits0
hivepro
hivepro
added 2023/08/10 1:4 p.m.20 views

LOLKEK Ransomware Evolving New Tactics to Evade Detection

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary LOLKEK ransomware is still being actively developed and uses new tactics to evade detection, including obfuscation, legitimate tools, and network shares. It encrypts all drives, including network shares,...

6.8AI score
Exploits0
hivepro
hivepro
added 2023/08/09 4:18 a.m.20 views

TargetCompany Ransomware’s FUD Obfuscation Maneuvers

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The TargetCompany ransomware employs a combination of its proprietary variant and the BatCloak obfuscator engine, acclaimed for its full undetectability FUD capabilities. Accompanying this fusion is the...

6.9AI score
Exploits0
hivepro
hivepro
added 2023/07/28 4:50 a.m.20 views

Unmasking Decoy Dog Malware Toolkit Hiding in DNS Traffic

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Decoy Dog, a sophisticated malware toolkit uses DNS for C2 communication, evading detection with its wildcard-type behavior and encryption methods. Its origin remains mysterious, and the malwares...

6.9AI score
Exploits0
hivepro
hivepro
added 2023/07/20 7:31 a.m.20 views

FIN8 Strikes with Noberus Ransomware via Altered Sardonic Backdoor

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The financially motivated threat actor FIN8 has been detected employing a revised variant of the backdoor known as Sardonic to deliver the Noberus ransomware. To receive real-time threat advisories, plea...

6.9AI score
Exploits0
hivepro
hivepro
added 2023/06/28 5:21 a.m.20 views

Millions of Github Repository susceptible to Repojacking

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Millions of GitHub repositories may be vulnerable to Repojacking, which could lead to large-scale supply chain attacks. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...

6.9AI score
Exploits0
hivepro
hivepro
added 2023/06/19 2:0 p.m.20 views

Mystic Stealer Malware Targeting Browsers, Wallets, and Messaging Platforms

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Mystic Stealer is an advanced information stealer malware known for its low detection rate, code manipulation techniques and is stealing sensitive data from browsers, wallets & messaging platforms, posin...

6.9AI score
Exploits0
hivepro
hivepro
added 2023/06/09 6:32 a.m.20 views

Satacom Malware Campaign Unleashed Crypto-stealing Extension

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A recently discovered malware campaign has been identified, utilizing the Satacom downloader as a conduit to distribute covert malware designed to illicitly extract cryptocurrency using a deceitful...

6.9AI score
Exploits0
hivepro
hivepro
added 2023/05/24 1:25 p.m.20 views

Unveiling the Stealthy Operations of GoldenJackal APT Group

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary GoldenJackal is an APT group targeting government and diplomatic entities in the Middle East and South Asia. Their advanced capabilities include a range of .NET malware tools for gaining control, stealing...

6.9AI score
Exploits0
hivepro
hivepro
added 2023/05/16 11:19 a.m.20 views

Lancefly APT Group Deploys Custom Backdoor ‘Merdoor’ in Targeted Attacks

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Lancefly APT group targets South and Southeast Asia using the Merdoor backdoor and an updated ZXShell rootkit. Their attack chain involves credential theft, lateral movement, file staging, and...

6.8AI score
Exploits0
hivepro
hivepro
added 2023/05/08 6:11 a.m.20 views

SideCopy Resurfaces to Target Indian Defense

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary SideCopys recent campaign utilizes SILENTTRINITY and targets the Indian defense industry, warranting attention from SideCopy threat actors. To receive real-time threat advisories, please follow HiveForce...

6.9AI score
Exploits0
hivepro
hivepro
added 2023/04/25 7:30 a.m.20 views

APT28’s SNMP Attack on Cisco Routers

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary APT28 used SNMP access to exploit Cisco routers and gain network access, utilizing weak SNMP community strings and exploiting a vulnerability to deploy Jaguar Tooth. To receive real-time threat advisorie...

6.9AI score
Exploits0
hivepro
hivepro
added 2023/02/28 7:11 a.m.20 views

New Post-Exploitation Exfiltrator-22 Ransomware Framework Designed to Evade Detection

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new post-exploitation framework called EXFILTRATOR-22 a.k.a. EX-22 appears to have been created by a group operating in North, East, or South-East Asia. The group is skilled in defense evasion and...

1.6AI score
Exploits0
hivepro
hivepro
added 2023/02/21 10:21 a.m.20 views

The Intricate Evolution of SoulSearcher Loader for Multi-Stage Malware Execution

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary SoulSearcher is a second-stage loader that has been seen in the wild since October 2017, and it is responsible for executing the Soul module payload and parsing its configuration. The samples found in th...

1.8AI score
Exploits0
hivepro
hivepro
added 2023/02/20 1:13 p.m.20 views

Actors, Threats and Vulnerabilities 13 February to 19 February 2023

For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here HiveForce Labs identified seven active actors over the past week. There were three prominent Russian actors, namely TA505, Nodaria, and KillNet. Additionally, three Chinese...

0.9AI score
Exploits0
hivepro
hivepro
added 2023/01/31 7:59 a.m.20 views

Actors, Threats and Vulnerabilities 23 January 2023 – 29 January 2023

For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here Hive Pro discovered four actors that have been active in the past week. The first, APT40 and Tick, are well-known Chinese threat actors known for information theft and...

0.7AI score
Exploits0
hivepro
hivepro
added 2023/01/26 2:53 a.m.20 views

DragonSpark Attacks Targeting East Asian Countries Using SparkRAT Malware

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Recently, a group of cyber-attacks against organizations in East Asia has been identified and named "DragonSpark". These attacks are known for using a relatively unknown open-source tool called SparkRAT,...

2.8AI score
Exploits0
hivepro
hivepro
added 2023/01/15 6:23 p.m.20 views

Newly Discovered PoweRAT Malware Distributed through PyPI

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A newly discovered malware called “PoweRAT" combines a stealer and a RAT remote access tool. The malware is being distributed through the Python Package Index PyPI, a repository of software for the Pytho...

2.9AI score
Exploits0
hivepro
hivepro
added 2023/01/15 6:10 p.m.20 views

GootKit Loader is targeting organizations in the Australian healthcare industry

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Gootkit, also known as Gootloader, is a type of malware known for being used in advanced persistent threat APT campaigns. Recently, it has been discovered to be targeting organizations in the Australian...

2.6AI score
Exploits0
Total number of security vulnerabilities1589