Tag: group
-
Stryker: Cyber Incident ‘Contained,’ Restoration Continues
March 11 Attack Claimed by Iranian Hacktivist Group Handala. Medtech maker Stryker on Monday told regulators that it has contained a March 11 cyber incident and is working around the clock to prioritize quickly restoring IT systems that directly support customers, ordering and shipping. Iranian hacktivist group Handala has claimed credit for the attack. First…
-
TeamPCP deploys Iran-targeted wiper in Kubernetes attacks
The TeamPCP hacking group is targeting Kubernetes clusters with a malicious script that wipes all machines when it detects systems configured for Iran. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/teampcp-deploys-iran-targeted-wiper-in-kubernetes-attacks/
-
Nike’s 1.4TB IP Theft: When Ransomware Targets Trade Secrets Instead of Files
Ransomware groups now steal trade secrets before encryption. Nike’s 1.4TB theft included shoe designs, patents, supplier lists”, IP worth billions. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/nikes-1-4tb-ip-theft-when-ransomware-targets-trade-secrets-instead-of-files/
-
Lockheed Martin targeted in alleged breach by pro-Iran hacktivist
The group is demanding millions of dollars to not sell the information to U.S. adversaries. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/lockheed-martin-breach-pro-iran-hacktivist/815430/
-
FBI says Iranian hackers are using Telegram to steal data in malware attacks
Hackers working for Iran’s government are using Telegram in hacking operations that use malware to target dissidents, opposition groups, and journalists who oppose its regime, according to the FBI. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/23/fbi-says-iranian-hackers-are-using-telegram-to-steal-data-in-malware-attacks/
-
Pro-Iranian Nasir Security is targeting energy companies in the Gulf
Resecurity tracks Iran-linked Nasir Security targeting Middle East energy firms amid ongoing regional cyber and military threats. Resecurity (USA) is tracking a relatively new cybercriminal group called Nasir Security, presumably associated with Iran, that is targeting energy organizations in the Middle East. The energy sector is one of the most impacted areas because of the…
-
Iran-linked actors use Telegram as C2 in malware attacks on dissidents
Iran-linked actors use Telegram as C2 to spread malware targeting dissidents and journalists, enabling surveillance and data theft. The FBI warns that Iran’s Ministry of Intelligence and Security (MOIS) runs cyber campaigns using Telegram as a command-and-control infrastructure to deliver malware. Threat actors target Iranian dissidents, journalists, and opposition groups worldwide. Once deployed, the malware…
-
Kritische Lücke zwischen Erkennung und Eindämmung von Cyberangriffen
98 % der deutschen Organisationen sind überzeugt, Angriffe erkennen zu können doch fast 40 % haben Schwierigkeiten, sie zu stoppen, während die Anzahl KI-gestützter Angriffe weiter zunimmt. Die Studie »The Containment Gap Exploring the Distance Between Detection and Resilience« hat CyberEdge Group im Auftrag von Illumio durchgeführt (Bildquelle: Illumio) Eine neue… First seen on ap-verlag.de…
-
CanisterWorm Hijacks npm Publisher Accounts, Steals Tokens
A highly automated npm supply chain campaign, dubbed “CanisterWorm,” in which threat actors steal npm access tokens and weaponize legitimate publisher accounts at scale. The group, tracked as “TeamPCP,” has compromised trusted namespaces including @emilgroup and @teale.io, pushing new SDK versions that silently deploy a persistent backdoor and then self-spread across every package the victim…
-
When Data Mining Conti Leaks Leads to Actual Binaries and to a Hardcoded C2 With an Encryption Key on Tripod.com Part Three
Dear blog readers, Continuing the “When Data Mining Conti Leaks Leads to Actual Binaries and to a Hardcoded C2 With an Encryption Key on Tripod.com – Part Two” blog post series in this post I’ll continue analyzing the next malicious software binary which I obtained by data mining Conti Leaks with a lot of success. …
-
Security Affairs newsletter Round 568 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. WorldLeaks ransomware group breached the City of Los Angels PolyShell flaw exposes Magento and Adobe Commerce…
-
Hacker Group LAPSUS$ Claims Alleged AstraZeneca Data Breach
LAPSUS$ claims it breached AstraZeneca, offering alleged source code, credentials, cloud configs, and employee data for sale in leaked samples. First seen on hackread.com Jump to article: hackread.com/hacker-group-lapsus-astrazeneca-data-breach/
-
Cyber OpSec Fail: Beast Gang Exposes Ransomware Server
Files on a central cloud server used by the ransomware group highlight a systematic, aggressive attack on network backups as a key TTP. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/opsec-beast-gang-exposes-ransomware-server
-
US accuses Iran’s government of operating hacktivist group that hacked Stryker
The U.S. Justice Department said an Iranian security ministry operates the fake activist persona known as Handala, which claimed responsibility for the destructive hack targeting medical tech giant Stryker. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/20/u-s-accuses-irans-government-of-operating-hacktivist-group-that-hacked-stryker/
-
U.S. accuses Iran’s government of operating hacktivist group that hacked Stryker
The U.S. Justice Department said an Iranian security ministry operates the fake activist persona known as Handala, which claimed responsibility for the destructive hack targeting medical tech giant Stryker. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/20/u-s-accuses-irans-government-of-operating-hacktivist-group-that-hacked-stryker/
-
DOJ confirms seizure of domains linked to Iran-backed threat actor
A group connected to Iranian intelligence used the same infrastructure to claim credit for the hack of medical technology firm Stryker.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/doj-seizure-domains-iran-threat-actor/815306/
-
LeakNet ransomware: what you need to know
A ransomware gang that claims to be a group of “investigative journalists”? Meet LeakNet – the group using fake CAPTCHA pages to trick employees into hacking themselves. First seen on fortra.com Jump to article: www.fortra.com/blog/leaknet-ransomware-what-you-need-know
-
The espionage reality: Your infrastructure is already in the collection path
Tags: access, apt, attack, authentication, breach, ciso, cloud, country, cyber, data, detection, espionage, exploit, governance, government, group, identity, infrastructure, injection, insurance, intelligence, network, risk, risk-assessment, service, spyware, theft, threat, toolCommercial spyware as an intelligence channel: Criminal operators deploying Predator, a spyware suite sold by the sanctioned Intellexa consortium, have been documented across more than a dozen countries. US sanctions haven’t slowed them down an iota. Their targets are not random: journalists, activists, politicians, human”‘rights defenders, government employees and contractors, and other high”‘value individuals. Why?…
-
The espionage reality: Your infrastructure is already in the collection path
Tags: access, apt, attack, authentication, breach, ciso, cloud, country, cyber, data, detection, espionage, exploit, governance, government, group, identity, infrastructure, injection, insurance, intelligence, network, risk, risk-assessment, service, spyware, theft, threat, toolCommercial spyware as an intelligence channel: Criminal operators deploying Predator, a spyware suite sold by the sanctioned Intellexa consortium, have been documented across more than a dozen countries. US sanctions haven’t slowed them down an iota. Their targets are not random: journalists, activists, politicians, human”‘rights defenders, government employees and contractors, and other high”‘value individuals. Why?…
-
FBI Seizes Two Websites Linked to Pro-Iranian Group Handala
The FBI has seized two websites, including the leak site, of Handala, a highly active pro-Iranian threat group responsible for the high-profile wiping attack on U.S.-based medical tech company Stryker in which it erased the data from about 80,000 corporate and personal devices. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/fbi-seizes-two-websites-linked-to-pro-iranian-group-handala/
-
Microsoft Intune MDM Gains Notoriety After Stryker Hack
Properly Configured Mobile Development Management Tools Can’t Wipe Personal Data. Mobile device management software is having a moment of notoriety after Iran-aligned hacking group Handala used Microsoft Intune to wipe the mobile devices of employees at medical device manufacture Stryker. Tens of thousands of personal devices were likely affected. First seen on govinfosecurity.com Jump to…
-
Microsoft Intune MDM Gains Notoriety After Stryker Hack
Properly Configured Mobile Development Management Tools Can’t Wipe Personal Data. Mobile device management software is having a moment of notoriety after Iran-aligned hacking group Handala used Microsoft Intune to wipe the mobile devices of employees at medical device manufacture Stryker. Tens of thousands of personal devices were likely affected. First seen on govinfosecurity.com Jump to…
-
Ransomware group exploited Cisco firewall vulnerability as a zero day, weeks before a patch appeared
Tags: attack, cisco, cve, defense, exploit, firewall, government, group, healthcare, infrastructure, malicious, malware, ransom, ransomware, service, software, tool, update, vulnerability, zero-dayCSO that the “week’s head start” he referred to was the gap between the date of the first exploit that Amazon’s later analysis had unearthed and Cisco’s discovery of the bug.Amazon gained insight into the attacker’s infrastructure by using the honeypot to mimic a vulnerable firewall system. This resulted in an attack on the honeypot,…
-
Bitrefill blames North Korean Lazarus group for cyberattack
Crypto-powered gift card store Bitrefill says that the attack it suffered at the beginning of the month was likely perpetrated by North Korean hackers of the Bluenoroff group. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/bitrefill-blames-north-korean-lazarus-group-for-cyberattack/
-
FBI seizes Handala data leak site after Stryker cyberattack
The FBI has seized two websites used by the Handala hacktivist group after the threat actors conducted a destructive cyberattack on medical technology giant Stryker that wiped approximately 80,000 devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-seizes-handala-data-leak-site-after-stryker-cyberattack/
-
FBI seizes pro-Iranian hacking group’s websites after destructive Stryker hack
The FBI and the Justice Department took down two websites linked to the pro-Iranian hacktivist group Handala, which last week hacked medical tech giant Stryker. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/19/fbi-seizes-pro-iranian-hacking-groups-websites-after-destructive-stryker-hack/