Tag: group
-
Chinese Front Companies Offering Advanced Steganography Tools for APT Groups
The Chinese government’s cyber ecosystem continues to attract significant scrutiny from security researchers worldwide. Following revelations from Intrusion Truth, the i-Soon leaks, tracking of EagleMsgSpy, and exposure of Great Firewall components, a recent analysis has uncovered details about two technology companies allegedly linked to China’s Ministry of State Security (MSS). BIETA and its subsidiary CIII…
-
KimJongRAT Strikes Windows Users via Malicious HTA Files
Security researchers have confirmed that KimJongRAT, a sophisticated remote access Trojan attributed to the Kimsuky group and believed to be backed by North Korea, is being actively distributed via weaponized .hta files targeting Windows users. The discovery reveals a carefully orchestrated attack chain designed to harvest sensitive credentials and system information from compromised machines. The…
-
Hacktivist Group Handala Publishes List of Israeli Tech Workers
A hacktivist group is using scraped public data and false claims to intimidate Israeli tech workers and crowdsource further doxxing. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/news-handala-hackers-dox/
-
APT36 Deploys Python-Based ELF Malware in Targeted Attacks on Indian Government Agencies
Pakistan-linked cyberespionage group APT36 (Transparent Tribe) has escalated its campaign against Indian government institutions with the deployment of sophisticated Python-based ELF malware specifically designed to compromise Linux-based BOSS operating environments, according to research published by CYFIRMA. The threat actor, historically focused on Windows systems, has demonstrated expanded technical maturity through multi-platform tooling that bypasses conventional…
-
APT36 Deploys Python-Based ELF Malware in Targeted Attacks on Indian Government Agencies
Pakistan-linked cyberespionage group APT36 (Transparent Tribe) has escalated its campaign against Indian government institutions with the deployment of sophisticated Python-based ELF malware specifically designed to compromise Linux-based BOSS operating environments, according to research published by CYFIRMA. The threat actor, historically focused on Windows systems, has demonstrated expanded technical maturity through multi-platform tooling that bypasses conventional…
-
Tomiris Hacker Group Unveils New Tools and Techniques for Global Attacks
A new wave of cyberattacks has been discovered targeting government officials and diplomats across Russia and Central Asia. The group, which has been active for several years, is known for focusing on high-value political targets. This latest investigation shows they are now using more advanced methods to hide their tracks, including popular apps like Telegram…
-
Japanese beer giant Asahi says data breach hit 1.5 million people
Asahi Group Holdings, Japan’s largest beer producer, has finished the investigation into the September cyberattack and found that the incident has impacted up to 1.9 million individuals. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/japanese-beer-giant-asahi-says-data-breach-hit-15-million-people/
-
Japanese beer giant Asahi says data breach hit 1.5 million people
Asahi Group Holdings, Japan’s largest beer producer, has finished the investigation into the September cyberattack and found that the incident has impacted up to 1.9 million individuals. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/japanese-beer-giant-asahi-says-data-breach-hit-15-million-people/
-
Scattered Lapsus$ Hunters Tied to Targeting of Zendesk Users
Uncovered: Typosquatted Domains Linked to Suspected Ransomware Group Campaign. Continuing its targeting of customer data, the cybercrime group Scattered Lapsus$ Hunters appears to be gearing up for large-scale attacks involving typosquatted domains that lead to phishing domains designed to steal Zendesk users’ valid credentials, warn security researchers. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/scattered-lapsus-hunters-tied-to-targeting-zendesk-users-a-30166
-
Cybersecurity Coalition to Government: Shutdown is Over, Get to Work
The Cybersecurity Coalition, an industry group of almost a dozen vendors, is urging the Trump Administration and Congress now that the government shutdown is over to take a number of steps to strengthen the country’s cybersecurity posture as China, Russia, and other foreign adversaries accelerate their attacks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/cybersecurity-coalition-to-government-shutdown-is-over-get-to-work/
-
Cybersecurity Coalition to Government: Shutdown is Over, Get to Work
The Cybersecurity Coalition, an industry group of almost a dozen vendors, is urging the Trump Administration and Congress now that the government shutdown is over to take a number of steps to strengthen the country’s cybersecurity posture as China, Russia, and other foreign adversaries accelerate their attacks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/cybersecurity-coalition-to-government-shutdown-is-over-get-to-work/
-
Ransomware Moves: Supply Chain Hits, Credential Harvesting
Innovation Continues, Although Sloppy Coding Can Still Leave Data Unrecoverable. Ransomware groups continue to display more innovation, persistence and planning in their quest to amass ransom-paying victims and maximize profits. This has included repeat supply-chain attacks, harvesting credentials to use in later campaigns, as well as launching their own affiliate programs. First seen on govinfosecurity.com…
-
Ransomware Moves: Supply Chain Hits, Credential Harvesting
Innovation Continues, Although Sloppy Coding Can Still Leave Data Unrecoverable. Ransomware groups continue to display more innovation, persistence and planning in their quest to amass ransom-paying victims and maximize profits. This has included repeat supply-chain attacks, harvesting credentials to use in later campaigns, as well as launching their own affiliate programs. First seen on govinfosecurity.com…
-
ShinyHunters Develop Sophisticated New Ransomware-as-a-Service Tool
In a significant escalation of the global cyber threat landscape, the notorious threat group ShinyHunters appears to be transitioning from data theft to full-scale ransomware operations. Cybersecurity researchers have identified an early build of a new Ransomware-as-a-Service (RaaS) platform dubbed >>ShinySp1d3r,
-
RomCom tries dropping a notromantic payload on Ukraine-linked US firms
Target profile focused on Ukraine support: The second major insight from the report concerns victim selection. The targeted firm was not a defense contractor or a government body but a civil engineering company in the US. Its only notable link was past work involving a Ukraine-affiliated city.According to Arctic Wolf, the incident fits RomCom’s broader…
-
RomCom tries dropping a notromantic payload on Ukraine-linked US firms
Target profile focused on Ukraine support: The second major insight from the report concerns victim selection. The targeted firm was not a defense contractor or a government body but a civil engineering company in the US. Its only notable link was past work involving a Ukraine-affiliated city.According to Arctic Wolf, the incident fits RomCom’s broader…
-
Scattered Lapsus$ Hunters target Zendesk users with fake domains
Tags: access, attack, breach, credentials, data, data-breach, email, government, group, infrastructure, law, service, supply-chainDiscord breach may be connected: The Zendesk campaign may not be an isolated incident. Discord said on October 9 that attackers breached its customer service provider, 5CA, exposing data from about 70,000 users who had submitted government IDs for age verification. The breach also exposed support ticket data for users who had contacted Discord’s customer…
-
Empathetic policy engineering: The secret to better security behavior and awareness
Tags: awareness, business, ciso, cyberattack, cybersecurity, data, framework, group, phishing, regulation, risk, risk-assessment, strategy, threat, trainingIn many companies, IT security guidelines encounter resistance because employees perceive them as obstructive or impractical. This makes implementation difficult, undermines effectiveness, and strains collaboration between the security department and business units.As a result, instead of being seen as a partner, cybersecurity is often perceived as a hindrance, a fatal security risk. For CISOs, this…
-
Empathetic policy engineering: The secret to better security behavior and awareness
Tags: awareness, business, ciso, cyberattack, cybersecurity, data, framework, group, phishing, regulation, risk, risk-assessment, strategy, threat, trainingIn many companies, IT security guidelines encounter resistance because employees perceive them as obstructive or impractical. This makes implementation difficult, undermines effectiveness, and strains collaboration between the security department and business units.As a result, instead of being seen as a partner, cybersecurity is often perceived as a hindrance, a fatal security risk. For CISOs, this…
-
Asahi says crooks stole data of approximately 2M customers and employees
Asahi says hackers stole data of approximately 2M customers and employees before a ransomware attack crippled its Japan operations. Threat actors hit Asahi with a ransomware attack in September, stealing personal data on about 2 million customers and employees and severely disrupting the company’s operations in Japan. Asahi Group Holdings, Ltd (commonly called Asahi) is…
-
What your firewall sees that your EDR doesn’t
The group known as Librarian Ghouls has infiltrated networks of technical universities and industrial organisations across Russia, Belarus and Kazakhstan, all without raising immediate alarms. They achieved this by leveraging legitimate logins to move laterally through internal networks, utilising valid credentials and avoiding alert triggers. Unlike many other APT groups, Librarian Ghouls does not rely…
-
Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan
The threat actor known as Bloody Wolf has been attributed to a cyber attack campaign that has targeted Kyrgyzstan since at least June 2025 with the goal of delivering NetSupport RAT.As of October 2025, the activity has expanded to also single out Uzbekistan, Group-IB researchers Amirbek Kurbanov and Volen Kayo said in a report published…
-
Report Names Teen in Scattered LAPSUS$ Hunters, Group Denies
Tags: groupScattered LAPSUS$ Hunters admin “Rey,” allegedly a 15-year-old named Saif Khader from Jordan, has been named in a report linking him to the group. He denies the claim. First seen on hackread.com Jump to article: hackread.com/report-names-teen-scattered-lapsus-hunters-group/
-
Lapsus$ Hunters Register 40+ Domains Impersonating Zendesk Environments
ReliaQuest’s Threat Research team has uncovered a significant new campaign from the notorious threat collective >>Scattered Lapsus$ Hunters,
-
Handala Hacker Group Targets Israeli High-Tech and Aerospace Professionals
A sophisticated cyber intimidation campaign by the Handala hacker group has targeted Israeli high-tech and aerospace professionals, publishing their personal information alongside aggressive, misleading descriptions that falsely label them as criminals. Security researchers monitoring dark web activity discovered the publication, which appears to rely primarily on data scraped from LinkedIn professional profiles. During ongoing dark…
-
State-backed spyware attacks are targeting Signal and WhatsApp users, CISA warns
CISA, the US Cybersecurity and Infrastructure Security Agency, has issued a new warning that cybercriminals and state-backed hacking groups are using spyware to compromise smartphones belonging to users of popular encrypted messaging apps such as Signal, WhatsApp, and Telegram. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/state-backed-spyware-attacks-are-targeting-signal-and-whatsapp-users-cisa-warns
-
Criminal networks industrialize payment fraud operations
Fraud operations are expanding faster than payment defenses can adjust. Criminal groups function like coordinated businesses that develop tools, automate tasks, and scale … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/27/visa-payment-fraud-trends-report/
-
Akira’s SonicWall Hacks Are Taking Down Large Enterprises
Businesses That Inherit SSL VPNs Through M&A Activity Falling Victim, Warn Experts. Multiple large enterprises that inherited SonicWall SSL VPN devices when they acquired a smaller entity have fallen victim to the Akira ransomware group, security researchers warn. Investigations of multiple intrusions found they began when attackers used unmonitored and unrotated credentials. First seen on…
-
Russian-Backed Threat Group Uses SocGholish to Target U.S. Company
The Russian state-sponsored group behind the RomCom malware family used the SocGholish loader for the first time to launch an attack on a U.S.-based civil engineering firm, continuing its targeting of organizations that offer support to Ukraine in its ongoing war with its larger neighbor. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/russian-backed-threat-group-uses-socgholish-to-target-u-s-company/