Tag: group
-
AI-assisted Slopoly malware powers Hive0163’s ransomware campaigns
The Hive0163 group used AI-assisted malware called Slopoly to maintain persistent access in ransomware attacks. IBM X-Force researchers report that the financially motivated group Hive0163 is using AI-assisted malware named Slopoly to maintain persistent access during ransomware attacks, showing how threat actors can quickly build new malware frameworks using AI. Hive0163 is a threat actor…
-
Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients
vpn-fortinet[.]com and ivanti-vpn[.]org, hosting malicious ZIP files on GitHub, the advisory said.The malware itself arrives as a ZIP file containing a Windows Installer package. When a user launches the downloaded installer, it drops a fake Pulse Secure application into a directory that closely mimics a legitimate Pulse Secure installation path, Microsoft said.”This installation path blends…
-
Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients
vpn-fortinet[.]com and ivanti-vpn[.]org, hosting malicious ZIP files on GitHub, the advisory said.The malware itself arrives as a ZIP file containing a Windows Installer package. When a user launches the downloaded installer, it drops a fake Pulse Secure application into a directory that closely mimics a legitimate Pulse Secure installation path, Microsoft said.”This installation path blends…
-
Hybrid resilience: Designing incident response across on-prem, cloud and SaaS without losing your mind
Tags: access, authentication, business, cloud, communications, data, data-breach, group, identity, incident response, metric, mitigation, network, radius, resilience, saas, service, strategy, technology, updateSeverity is driven by customer impact, not by who is pagedWe maintain one current hypothesis, even if it is wrongWe keep one shared timeline that captures decisions, not just symptomsWe communicate on a predictable cadence, even when answers are incompleteEvery action has a named owner and an explicit “time we expect to learn”The biggest behavior…
-
Hybrid resilience: Designing incident response across on-prem, cloud and SaaS without losing your mind
Tags: access, authentication, business, cloud, communications, data, data-breach, group, identity, incident response, metric, mitigation, network, radius, resilience, saas, service, strategy, technology, updateSeverity is driven by customer impact, not by who is pagedWe maintain one current hypothesis, even if it is wrongWe keep one shared timeline that captures decisions, not just symptomsWe communicate on a predictable cadence, even when answers are incompleteEvery action has a named owner and an explicit “time we expect to learn”The biggest behavior…
-
Medical giant Stryker crippled after Iranian hackers remotely wipe computers
Tags: access, attack, authentication, best-practice, ceo, computer, credentials, cyber, cyberattack, data, flaw, group, hacker, identity, infrastructure, intelligence, iran, jobs, mobile, phone, service, software, supply-chain, theft, threat, updateHandala claims credit: The Handala threat group quickly claimed responsibility for the attack. While the group’s involvement is just a claim for now, Stryker employees reportedly saw a version of the Handala logo a cartoon of a Palestinian boy with his back turned and hands crossed behind him on affected devices.Handala’s identity is hard to…
-
Inside the Tehran-Linked ‘Faketivist’ Hacking Group Handala
Healthcare Hit Shows Symbols Matter as Iran Shifts Focus to Economic Damage. Cybersecurity experts say that the Handala hacktivist group that claimed credit for attacks against two American firms on Wednesday is run by the Iranian government. The shift to destructive cyberattacks parallels Iran’s attempt to inflict greater economic damage on the United States and…
-
Inside the Tehran-Linked ‘Faketivist’ Hacking Group Handala
Healthcare Hit Shows Symbols Matter as Iran Shifts Focus to Economic Damage. Cybersecurity experts say that the Handala hacktivist group that claimed credit for attacks against two American firms on Wednesday is run by the Iranian government. The shift to destructive cyberattacks parallels Iran’s attempt to inflict greater economic damage on the United States and…
-
“Handala Hack” Unveiling Group’s Modus Operandi
ey Findings Introduction Handala Hack, also tracked by Check Point Research as Void Manticore, is an Iranian threat actor that is known for multiple destructive wiping attacks combined with “hack and leak” operations. The threat actor operates several online personas, with the most prominent among them beingHomeland Justice, maintained from mid-2022 specifically for multiple attacks…
-
Payment Giant Verifone Disputes Iranian Hacking Group Hit
Tehran-Linked Handala Hackers Disrupt Medtech Giant Stryker, Claim Verifone Breach. As the United States and Israel continue their war with Iran, Tehran-linked hacking group Handala has entered the fray, claiming credit for wiping systems at medical technology firm Stryker, which confirmed the attack, as well as breaching payment device maker Verifone, which denied being breached.…
-
How ‘Handala’ Became the Face of Iran’s Hacker Counterattacks
Amid a paralyzing breach of medical tech firm Stryker, the group has come to represent Iran’s use of “hacktivism” as cover for chaotic, retaliatory state-sponsored cyberattacks. First seen on wired.com Jump to article: www.wired.com/story/handala-hacker-group-iran-us-israel-war/
-
Coalition of information-sharing groups warns of cyber, physical attacks
A joint advisory says Iran-linked groups are targeting U.S. critical infrastructure using DDoS, phishing and other retaliatory techniques. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/information-sharing-groups-warns-cyber-physical-attacks/814539/
-
Officials worry Salt Typhoon apathy is killing momentum for tougher telecom security rules
Cyber officials lamented Wednesday that its a challenge to make the wider population appreciate the gravity of the threat the hacking group presents. First seen on cyberscoop.com Jump to article: cyberscoop.com/salt-typhoon-china-telecom-hack-impact-new-jersey/
-
US-Medizintechnikunternehmen als Cyberwarfare-Opfer
Handala, eine pro-palästinensische Hackitivisten-Gruppe, hat über soziale Kanäle bekanntgegeben das US-Medizintechnikunternehmen Stryker gehackt zu haben. Das Unternehmen selbst hat die Attacke gegenüber Medien wie Reuters bestätigt. Sergey Shykevich, Threat Intelligence Group Manager bei Check Point Research, erklärt: ‘Wenn die Angaben zutreffen, stellt der Angriff von Handala auf Stryker eine erhebliche Eskalation dar es ist das […]…
-
Euro1 million online fraud scheme uncovered, three suspects arrested
A criminal group suspected of running an online fraud scheme in Germany, which defrauded victims of around Euro1 million, has been dismantled through judicial cooperation … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/12/eurojust-online-fraud-scheme-phishing-germany/
-
ESET Expands Threat Intelligence Offering For MSSPs With New eCrime Reports
ESET announced a major addition to its threat intelligence portfolio Thursday with the debut of enhanced reports covering cybercriminal groups and affiliates, in a move to better empower MSSPs and their end customers to defend against financially motivated attacks. First seen on crn.com Jump to article: www.crn.com/news/security/2026/eset-expands-threat-intelligence-offering-for-mssps-with-new-ecrime-reports
-
WhatsApp is giving parents peace of mind over their kids’ privacy
WhatsApp has introduced parent-managed accounts designed for pre-teens, giving parents and guardians new controls over contacts, group participation, and how the app is used. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/12/whatsapp-parent-managed-accounts-contacts-controls/
-
Iran-linked group says it hacked US company in retaliation for Minab school bombing
Hacker group Handala claimed responsibility for attack that caused ‘global disruption’ to Stryker Corporation’s systemsAn Iran-linked group said it hacked a US medical company, causing “global disruption” to its systems, in retaliation for the bombing of the Minab school in Iran, in an attack seen as widening the Middle East into the cyber realm.Handala, a…
-
War spreads into cyberspace after Iran-linked hackers hit medtech giant Stryker
An Iran-linked hacking group has claimed responsibility for a cyberattack on U.S. medical device giant Stryker, marking a potential escalation of cyber activity tied to the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/12/iran-linked-hacking-group-stryker-cyberattack/
-
Iran Claim Massive Cyber-Attack on MedTech Firm Stryker
The pro-Iran Handala group claims to have wiped 200,000 systems in destructive wiper malware attack on US firm Stryker First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iran-massive-wiper-attack-medtech/
-
North Korean fake IT worker tradecraft exposed
Opportunistic and broadly targeted: These suspect code silos were abused in a variety of illicit projects split between targeting job-seeking programmers and fake IT worker operations.”Based on our visibility, malware operations targeting individual developers seeking employment are most common,” Oliver Smith, senior threat intelligence engineer at GitLab, told CSO. “Threat actors appear to have a…
-
North Korean fake IT worker tradecraft exposed
Opportunistic and broadly targeted: These suspect code silos were abused in a variety of illicit projects split between targeting job-seeking programmers and fake IT worker operations.”Based on our visibility, malware operations targeting individual developers seeking employment are most common,” Oliver Smith, senior threat intelligence engineer at GitLab, told CSO. “Threat actors appear to have a…
-
Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
A hacktivist group with links to Iran’s intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker’s largest hub outside of the United States, said the company sent home more than 5,000 workers there today. Meanwhile, a voicemail message at…
-
Medical device giant Stryker confirms cyberattack as employees say devices were wiped
The medical device manufacturer Stryker confirmed reports Wednesday that a cyberattack has disrupted operations after a hacker group claimed to have targeted the company in retaliation for U.S. and Israeli strikes on Iran. First seen on therecord.media Jump to article: therecord.media/stryker-cyberattack-iran-hackers
-
Pro-Iran hacktivist group says it is behind attack on medical tech giant Stryker
The hacktivist group claimed the attack was in retaliation for a U.S. strike on a Tehran school that killed more than 175 people, most of them children. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/11/stryker-hack-pro-iran-hacktivist-group-handala-says-it-is-behind-attack/
-
Medtech Firm Stryker Disrupted by Pro-Iran Hackers
Iran Expands Targeting, Including AWS, Google and Microsoft Infrastructure. Michigan-based medical technology giant Stryker appears to have been hacked by a pro-Iranian group called Handala, leading to global operations being disrupted, IT devices remotely wiped and terabytes of data being stolen. Experts said Handala appears to be a faketivist group run by Tehran. First seen…
-
ShinyHunters claims new campaign targeting Salesforce Experience Cloud sites
Salesforce customers have, once again, been targeted by the ShinyHunters group or, at least, it’s what the group claims. Attackers modified and abused benign … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/11/shinyhunters-salesforce-aura-data-breach/