Tag: espionage
-
North Korean APT28 Expands Cyber Espionage Campaign
A recent report from 360 Threat Intelligence Center has detailed the persistent cyber espionage activities of APT-C-28 (ScarCruft), First seen on securityonline.info Jump to article: securityonline.info/north-korean-apt-c-28-expands-cyber-espionage-campaign/
-
Australian Critical Infrastructure Faces ‘Acute’ Foreign Threats
The continent faces relentless military espionage, and increased cyber sabotage at the hands of authoritarian regimes, according to a high-ranking intelligence director. First seen on darkreading.com Jump to article: www.darkreading.com/ics-ot-security/australian-critical-infrastructure-acute-foreign-threats
-
Russian cyberespionage groups target Signal users with fake group invites
QR codes provide a means of phishing Signal users: These features now work by scanning QR codes that contain the cryptographic information needed to exchange keys between different devices in a group or to authorize a new device to an account. The QR codes are actually representations of special links that the Signal application knows…
-
A Signal Update Fends Off a Phishing Technique Used in Russian Espionage
Google warns that hackers tied to Russia are tricking Ukrainian soldiers with fake QR codes for Signal group invites that let spies steal their messages. Signal has pushed out new safeguards. First seen on wired.com Jump to article: www.wired.com/story/russia-signal-qr-code-phishing-attack/
-
EagerBee Malware Targets Government Agencies ISPs with Stealthy Backdoor Attack
A sophisticated cyber espionage campaign leveraging the EagerBee malware has been targeting government agencies and Internet Service Providers (ISPs) across the Middle East. This advanced backdoor malware, attributed to the Chinese-linked threat group CoughingDown, demonstrates cutting-edge stealth capabilities and persistence mechanisms, posing a significant threat to critical infrastructure in the region. Advanced Capabilities of EagerBee…
-
Mustang Panda Leverages Microsoft Tools to Bypass Anti-Virus Solutions
Trend Micro found that Chinese espionage group Mustang Panda is deploying malware via legitimate Microsoft tools, enabling it to bypass ESET antivirus applications First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/mustang-panda-microsoft-bypass/
-
Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign
The China-linked threat actor known as Winnti has been attributed to a new campaign dubbed RevivalStone that targeted Japanese companies in the manufacturing, materials, and energy sectors in March 2024.The activity, detailed by Japanese cybersecurity company LAC, overlaps with a threat cluster tracked by Trend Micro as Earth Freybug, which has been assessed to be…
-
Chinese Hackers Emperor Dragonfly Use Espionage Tools for Ransomware
Cybersecurity experts at Symantec report that the Chinese threat actor Emperor Dragonfly has employed tools previously associated with First seen on securityonline.info Jump to article: securityonline.info/chinese-hackers-emperor-dragonfly-use-espionage-tools-for-ransomware/
-
CVE-2023-20198 CVE-2023-20273: RedMike Attacks 1,000+ Cisco Devices in Global Espionage Campaign
Cybersecurity researchers at Insikt Group have identified an ongoing cyber espionage campaign by RedMike (also tracked as Salt First seen on securityonline.info Jump to article: securityonline.info/cve-2023-20198-cve-2023-20273-redmike-attacks-1000-cisco-devices-in-global-espionage-campaign/
-
Stealth Attack: EarthKapre Leverages Cloud and DLL Sideloading for Data Exfiltration
Researchers at eSentire Threat Response Unit (TRU) uncovered a sophisticated cyber espionage campaign by RedCurl/EarthKapre, a threat group First seen on securityonline.info Jump to article: securityonline.info/stealth-attack-earthkapre-leverages-cloud-and-dll-sideloading-for-data-exfiltration/
-
New FinalDraft Malware Spotted in Espionage Campaign
A newly identified malware family abuses the Outlook mail service for communication, via the Microsoft Graph API. The post New FinalDraft Malware Spotted in Espionage Campaign appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/new-finaldraft-malware-spotted-in-espionage-campaign/
-
Ransomware gangs extort victims 17 hours after intrusion on average
Tags: access, business, credentials, data, encryption, espionage, exploit, extortion, government, group, healthcare, Intruder, malicious, malware, metric, monitoring, network, ransom, ransomware, service, tactics, technology, theft, threat, tool, vulnerability, zero-dayThe initial point of access for the attackers and the privileges it provided themHow easy it is to reach other network segments and systems from the initially compromised assetWhether access into the environment was resold to a ransomware operator by an initial access brokerWhether the attackers decided to operate only outside the victim’s regular business…
-
North Korea’s IT Worker Scam: How the Regime Infiltrates Global Tech Firms for Cyber Espionage
Cybersecurity researchers at Insikt Group have uncovered a sophisticated North Korean IT worker scam designed to infiltrate global First seen on securityonline.info Jump to article: securityonline.info/north-koreas-it-worker-scam-how-the-regime-infiltrates-global-tech-firms-for-cyber-espionage/
-
CVE-2024-1709 and CVE-2023-48788: Exploits Fueling Russia’s BadPilot Campaign
Microsoft Threat Intelligence has exposed a multiyear cyber espionage campaign conducted by a subgroup of the Russian state-sponsored First seen on securityonline.info Jump to article: securityonline.info/cve-2024-1709-and-cve-2023-48788-exploits-fueling-russias-badpilot-campaign/
-
Chinese Cyber-Spies Use Espionage Tools for Ransomware Side Hustle
A Chinese threat actor who targeted an Asian software company used the same toolset for the ransomware attack that was found in multiple cyberespionage incidents, leaving Symantec analysts to believe the hacker was a Chinese spy who used the malicious tools to earn some money on the side. First seen on securityboulevard.com Jump to article:…
-
Salt Typhoon Exploits Cisco Devices in Telco Infrastructure
The China-sponsored state espionage group has exploited known, older bugs in Cisco gear for successful cyber intrusions on six continents in the past two months. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/salt-typhoon-exploits-cisco-devices-telco-infrastructure
-
Ukraine warns of growing AI use in Russian cyber-espionage operations
Russia is using artificial intelligence to boost its cyber-espionage operations, Ihor Malchenyuk of Ukraine’s State Service of Special Communications and Information Protection (SSCIP), said at the Munich Cyber Security Conference. First seen on therecord.media Jump to article: therecord.media/russia-ukraine-cyber-espionage-artificial-intelligence
-
REF7707 Hackers Target Windows Linux Systems with FINALDRAFT Malware
Elastic Security Labs has uncovered a sophisticated cyber-espionage campaign, tracked as REF7707, targeting entities across South America and Southeast Asia. Central to this operation is the deployment of a novel malware family named FINALDRAFT, which has been engineered to exploit both Windows and Linux systems. The campaign highlights the increasing use of legitimate cloud services,…
-
China-Linked Espionage Tools Used in Recent Ransomware Attack
Symantec found that tools previously only used by Chinese nation-state espionage actors were deployed in a ransomware attack First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-espionage-tools-ransomware/
-
APT Groups Using Ransomware ‘Smokescreen’ for Espionage
Russian, Iranian and Chinese APTs Among Most Active Ransomware Collaborators. Security researchers are increasingly finding it challenging to attribute cyberattacks due to surging cooperation between nation-state hackers and ransomware groups, especially for espionage purposes. They say it reflects the blurring of the lines between state-directed and criminal activities. First seen on govinfosecurity.com Jump to article:…
-
Chinese APT ‘Emperor Dragonfly’ Moonlights With Ransomware
Pivoting from prior cyber espionage, the threat group deployed its backdoor tool set to ultimately push out RA World malware, demanding $2 million from its victim. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/chinese-apt-emperor-dragonfly-ransomware-attack
-
The Rise of Cyber Espionage: UAV and C-UAV Technologies as Targets
Researchers at cybersecurity firm Resecurity detected a rise in cyberattacks targeting UAV and counter-UAV technologies. Resecurity identified an increase in malicious cyber activity targeting UAV and counter-UAV (C-UAV/C-UAS) technologies. That was especially notable during active periods of local conflicts, including the escalation of the Russia-Ukraine war and the Israel-Hamas confrontation. The trend of malicious targeting…
-
Unusual attack linked to Chinese APT group combines espionage and ransomware
Tags: apt, attack, breach, china, cloud, country, credentials, crime, crimes, crypto, cyber, cybercrime, cyberespionage, data, encryption, espionage, exploit, finance, firewall, government, group, hacker, infection, insurance, intelligence, korea, microsoft, network, north-korea, ransom, ransomware, russia, software, tactics, technology, threat, veeam, vulnerabilityThe attacker demanded a $2-million ransom: The attack that resulted in the deployment of the RA World ransomware program, as well as data exfiltration, had the same chain: the toshdpdb.exe loading toshdpapi.dll then decrypting toshdp.dat which resulted in the PlugX variant being deployed. The difference is the attacker then chose to deploy the RA World…
-
Unpatched Cisco Devices Still Getting Popped by Salt Typhoon
Telecoms Still Falling to Chinese Nation-State Hacking Group, Researchers Warn. A Chinese cyber espionage group tracked as Salt Typhoon and tied to the mass hacking of telecommunications networks in the U.S. and dozens of other countries has been continuing to seek and hack unpatched equipment, including exploiting two long-patched vulnerabilities in Cisco gear. First seen…
-
Japan Goes on Offense With New ‘Active Cyber Defense’ Bill
Japan is on a mission to catch up to the US standard of national cyber preparedness, and its new legislation is a measure intended to stop escalating Chinese cyber-espionage efforts, experts say. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/japan-offense-new-cyber-defense-bill
-
Chinese espionage tools deployed in RA World ransomware attack
A China-based threat actor, tracked as Emperor Dragonfly and commonly associated with cybercriminal endeavors, has been observed using in a ransomware attack a toolset previously attributed to espionage actors. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-espionage-tools-deployed-in-ra-world-ransomware-attack/
-
Russian hacking group targets critical infrastructure in the US, the UK, and Canada
Tags: access, attack, blizzard, computer, control, cyber, cyberattack, cybersecurity, data, espionage, exploit, fortinet, group, hacker, hacking, infrastructure, intelligence, international, microsoft, military, network, ransomware, russia, software, strategy, supply-chain, threat, tool, ukraine, update, vulnerability, zero-trustWeaponizing IT software against global enterprises: Since early 2024, the hackers have exploited vulnerabilities in widely used IT management tools, including ConnectWise ScreenConnect (CVE-2024-1709) and Fortinet FortiClient EMS (CVE-2023-48788). By compromising these critical enterprise systems, the group has gained undetected access to networks, Microsoft warned.”Seashell Blizzard’s specialized operations have ranged from espionage to information operations…
-
Chinese Cyberspy Possibly Launching Ransomware Attacks as Side Job
A toolset associated with China-linked espionage intrusions was employed in a ransomware attack, likely by a single individual. The post Chinese Cyberspy Possibly Launching Ransomware Attacks as Side Job appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/chinese-cyberspy-possibly-launching-ransomware-attacks-as-side-job/
-
RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset
An RA World ransomware attack in November 2024 targeting an unnamed Asian software and services company involved the use of a malicious tool exclusively used by China-based cyber espionage groups, raising the possibility that the threat actor may be moonlighting as a ransomware player in an individual capacity.”During the attack in late 2024, the attacker…
-
Palo Alto Firewall Flaw Exploited in RA World Ransomware Attacks
Tags: attack, china, cyber, cybersecurity, espionage, exploit, firewall, flaw, network, ransomware, service, software, tool, vulnerabilityA recent ransomware attack leveraging a vulnerability in Palo Alto Networks’ PAN-OS firewall software (CVE-2024-0012) has raised significant concerns within the cybersecurity community. The attack, which targeted a medium-sized software and services company in South Asia in late 2024, is particularly alarming because it employed tools historically associated with China-based espionage groups. This marks a…