Killnet Threat to Health and Public Sectors
Infinity Team, a collaboration between Killnet and Deanon Club, has established its own forum and marketplace called Infinity
2023 Crypto Crime Trends: Illicit Cryptocurrency Volumes Reach All-Time Highs Amid Surge in Sanctions Designations and Hacking
Every year, we publish our estimates of illicit cryptocurrency activity to demonstrate the power of blockchains’ transparency – these kinds of estimates aren’t possible in traditional finance – and to teach investigators and compliance professionals about the latest trends in cryptocurrency-related crime that they need to know about. What could those estimates look like in a year like 2022? Last year was one of the most tumultuous in cryptocurrency history, with several large firms imploding, including Celsius, Three Arrows Capital, FTX, and others — some amid allegations of fraud.
No Pineapple! –DPRK Targeting of Medical Research and Technology Sector
During Q4 2022, WithSecure™ detected and responded to a cyber attack conducted by a threat actor that WithSecure™ have attributed with high confidence to an intrusion set referred to as Lazarus Group. Attribution with high confidence was based off of overlapping techniques tactics and procedures as well as an operational security mistake by the threat actor. Amongst technical indications, the incident observed by WithSecure™ also contains characteristics of recent campaigns attributed to Lazarus Group by other researchers.
More than 200 U.S. institutions hit with ransomware in 2022: report
More than 200 local governments, schools and hospitals in the U.S. were affected by ransomware in 2022, according to research conducted by cybersecurity firm Emsisoft. The annual “State of Ransomware in the US” report found that 105 local governments; 44 universities and colleges; 45 school districts; and 25 healthcare providers operating 290 hospitals dealt with ransomware attacks last year.
Cost of data breaches to surpass US$5mn per incident in 2023
Acronis’ end-of-year cyberthreats report found that the proportion of phishing attacks has risen by 1.3x, accounting for 76% of all cyber attacks
Nokia warns 5G security ‘breaches are the rule, not the exception’
A majority of 5G network operators experienced up to six cyber incidents in the past year. Defenses are especially lacking for ransomware and phishing attacks.
Nation-state cyberattacks become more brazen as authoritarian leaders ramp up aggression
On February 23, 2022, the cybersecurity world entered a new age, the age of the hybrid war, as Russia launched both physical and digital attacks against Ukraine. This year’s Microsoft Digital Defense Report provides new detail on these attacks and on increasing cyber aggression coming from authoritarian leaders around the world.
Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium
ESET researchers have discovered Lazarus attacks against targets in the Netherlands and Belgium that use spearphishing emails connected to fake job offers.
Under the hood of a Doppelgänger
This work is the result of a collaboration with EU DisinfoLab an independent non-profit organization focused on tackling sophisticated disinformation campaigns targeting the EU. EU DisinfoLab has during the past three months been investigating a large disinformation campaign targeting western audience with pro-Russian propaganda. While our partner has focused on the actual disinformation being spread, Qurium has looked into the technical infrastructure in use to better understand how the campaign has been setup and operated. The complete report from EU Disinfo Lab can be found here: Doppelganger. Below follows the results of Qurium’s digital forensics investigation and a list of more than 50 domains used in the disinformation campaign.
MAR-10400779-1.v1 – Zimbra 1
CISA received seven files for analysis. Six Java Server Pages (JSP) webshells and a Bourne Again SHell (bash) file. Five JSP webshell files are designed to parse inbound requests for commands for execution, download files, and upload files. One JSP webshell file contains a form with input fields that prompts the attacker to enter the command in the input box and click "run" to execute. The command output will be displayed in a JSP page. The bash file is designed to perform ldapsearch queries and store the output into a newly created directory.
Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations
Mandiant attributes the ransomware attack against the Albanian government network in July of 2022 to an Iranian threat actor.
THREAT ANALYSIS REPORT: Bumblebee Loader – The High Road to Enterprise Domain Control
Cybereason GSOC observed distribution of the Bumblebee Loader and post-exploitation activities including privilege escalation, reconnaissance and credential theft. Bumblebee operators use the Cobalt Strike framework throughout the attack and abuse credentials for privilege escalation to access Active Directory, as well as abusing a domain administrator account to move laterally, create local user accounts and exfiltrate data...
Largest European DDoS Attack on Record
The risk of distributed denial-of-service attacks (DDoS) has never been greater. Over the past several years, organizations have encountered a deluge of DDoS extortion, novel threats, state-sponsored hacktivism, and unprecedented innovation in the threat landscape.
Europe’s PegasusGate: Countering spyware abuse
As civil society and media organisations expose EU Member States' use of the Pegasus commercial spyware, one of the most high-profile spying scandals of recent years is coming to light in Europe.
THREAT ALERT: Raspberry Robin Worm Abuses Windows Installer and QNAP Devices
Raspberry Robin involves a worm that spreads over USB devices or shared folders, leveraging compromised QNAP (Network Attached Storage or NAS) devices as stagers and an old but still effective method of using “LNK” shortcut files to lure its victims...
Il malware EnvyScout (APT29) è stato veicolato anche in Italia
Il malware EnvyScout (APT29) è stato veicolato anche in Italia
Cybersecurity experts question Microsoft's Ukraine report
Leading cybersecurity experts and foreign policy scholars raise serious questions and concerns about Microsoft's report on the Ukraine war.
Facing reality? Law enforcement and the challenge of deepfakes
‘Facing reality? Law enforcement and the challenge of deepfakes’ is the first report produced through the Observatory function of the Europol Innovation Lab. The Europol Innovation Lab’s Observatory function monitors technological developments that are relevant for law enforcement and reports on the risks, threats and opportunities of these emerging technologies. The report provides a detailed overview of the criminal use...
Defending Ukraine: Early Lessons from the Cyber War
This report represents research conducted by Microsoft’s threat intelligence and data science teams with the goal of sharpening our understanding of the threat landscape in the ongoing war in Ukraine. The report also offers a series of lessons and conclusions resulting from the data gathered and analyzed. Notably, the report reveals new information about Russian efforts including an increase in network penetration and espionage activities amongst allied governments, non-profits and other organizations outside Ukraine. This report also unveils detail about sophisticated and widespread Russian foreign influence operations being used among other things, to undermine Western unity and bolster their war efforts. We are seeing these foreign influence operations enacted in force in a coordinated fashion along with the full range of cyber destructive and espionage campaigns. Finally, the report calls for a coordinated and comprehensive strategy to strengthen collective defenses – a task that will require the private sector, public sector, nonprofits and civil society to come together. The foreword of this new report, written by Microsoft President and Vice Chair Brad Smith, offers additional detail below.
Fronton: A Botnet for Creation, Command, and Control of Coordinated Inauthentic Behavior
May 2022 Investigative Report Release: Nisos analysts determined that Fronton is a system developed for coordinated inauthentic behavior on a massive scale. Read more. document
Kaspersky DDoS report, Q1 2022
Against the backdrop of the conflict between Russia and Ukraine, the number of DDoS attacks in Q1 2022 increased by 4.5 times against Q1 2021. A significant proportion of them were by hacktivists.
Aquarium Leaks. Inside the GRU’s Psychological Warfare Program
In this exclusive and groundbreaking report, Free Russia Foundation has translated and published five documents from the GRU, Russia’s military intelligence agency. The documents, obtained and analyzed by Free Russia Foundation’s Director of Special Investigations Michael Weiss, details the...
SysJoker analyzing the first (macOS) malware of 2022!
Earlier today (January 11th), Researchers at Intezer published an report titled, “New SysJoker Backdoor Targets Windows, Linux, and macOS.” In this report, they detailed a new cross-platform backdoor they named SysJoker. Though initially discovered on Linux, the Intezer researchers shortly thereafter also found both Windows and Mac versions: "SysJoker was first discovered during an active attack on a Linux-based web server of a leading educational institution. After further investigation, we found that SysJoker also has Mach-O and Windows PE versions." -Intezer
Google Online Security Blog: Vulnerability Reward Program: 2021 Year in Review
Last year was another record setter for our Vulnerability Reward Programs (VRPs). Throughout 2021, we partnered with the security researcher community to identify and fix thousands of vulnerabilities – helping keep our users and the internet safe.
Mac Malware MacStealer Spreads as Fake P2E Apps
We detected Mac malware MacStealer spreading via websites, social media, and messaging platforms Twitter, Discord, and Telegram. Cybercriminals lure victims to download it by plagiarizing legitimate play-to-earn (P2E) apps’ images and offering jobs as beta testers.
Creal: New Stealer Targeting Cryptocurrency Users Via Phishing Sites
Open-Source Stealer Widely Abused by Threat Actors The threat of InfoStealers is widespread and has been frequently employed by various Threat Actors (TA)s to launch attacks and make financial gains. Until now, the primary use of stealers by TAs has been to sell logs or to gain initial entry into a corporate network.
West ill-prepared to deal with evolving cyber threats, report concludes
Hacking and disinformation operation has continued to expand its activity, despite separate interventions in several European countries [PDF](https://www.cardiff.ac.uk/__data/assets/pdf_file/0005/2699483/Ghostwriter-Report-Final.pdf)
OneNote Embedded file abuse
In recent weeks OneNote has gotten a lot of media attention as threat actors are abusing the embedded files feature in OneNote in their phishing campaigns. I first observed this OneNote abuse in the media via Didier’s post. This was later also mentioned in Xavier’s ISC diary and on the podcast. Later, in the beginning of February, the hacker news covered this as well.
Activision's Data Breach Contains Employee Information, Call of Duty and More, Report
Insider Gaming has been able to obtain the entirety of the gaming giant Activision’s data breach initially reported by vx-underground and confirmed the data contains plans for Modern Warfare 2’s upcoming DLCs, Call of Duty 2023 (Codenamed Jupiter) and Call of Duty 2024 (Codenamed Cerberus), as well as sensitive employee information.
Fog of war: how the Ukraine conflict transformed the cyber threat landscape
One year after the Russian invasion of Ukraine, we’re sharing insights into changes in the cyber threat landscape triggered by the war.