Tag: group
-
Lapsus$ Hunters Register 40+ Domains Impersonating Zendesk Environments
ReliaQuest’s Threat Research team has uncovered a significant new campaign from the notorious threat collective >>Scattered Lapsus$ Hunters,
-
Handala Hacker Group Targets Israeli High-Tech and Aerospace Professionals
A sophisticated cyber intimidation campaign by the Handala hacker group has targeted Israeli high-tech and aerospace professionals, publishing their personal information alongside aggressive, misleading descriptions that falsely label them as criminals. Security researchers monitoring dark web activity discovered the publication, which appears to rely primarily on data scraped from LinkedIn professional profiles. During ongoing dark…
-
State-backed spyware attacks are targeting Signal and WhatsApp users, CISA warns
CISA, the US Cybersecurity and Infrastructure Security Agency, has issued a new warning that cybercriminals and state-backed hacking groups are using spyware to compromise smartphones belonging to users of popular encrypted messaging apps such as Signal, WhatsApp, and Telegram. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/state-backed-spyware-attacks-are-targeting-signal-and-whatsapp-users-cisa-warns
-
Criminal networks industrialize payment fraud operations
Fraud operations are expanding faster than payment defenses can adjust. Criminal groups function like coordinated businesses that develop tools, automate tasks, and scale … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/27/visa-payment-fraud-trends-report/
-
Akira’s SonicWall Hacks Are Taking Down Large Enterprises
Businesses That Inherit SSL VPNs Through M&A Activity Falling Victim, Warn Experts. Multiple large enterprises that inherited SonicWall SSL VPN devices when they acquired a smaller entity have fallen victim to the Akira ransomware group, security researchers warn. Investigations of multiple intrusions found they began when attackers used unmonitored and unrotated credentials. First seen on…
-
Russian-Backed Threat Group Uses SocGholish to Target U.S. Company
The Russian state-sponsored group behind the RomCom malware family used the SocGholish loader for the first time to launch an attack on a U.S.-based civil engineering firm, continuing its targeting of organizations that offer support to Ukraine in its ongoing war with its larger neighbor. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/russian-backed-threat-group-uses-socgholish-to-target-u-s-company/
-
Russian-Backed Threat Group Uses SocGholish to Target U.S. Company
The Russian state-sponsored group behind the RomCom malware family used the SocGholish loader for the first time to launch an attack on a U.S.-based civil engineering firm, continuing its targeting of organizations that offer support to Ukraine in its ongoing war with its larger neighbor. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/russian-backed-threat-group-uses-socgholish-to-target-u-s-company/
-
Cyber-Attack Disrupts OnSolve CodeRED Emergency Notification System
A cyber-attack claimed to be the resposibility of INC Ransom group and targeting the OnSolve CodeRED platform has disrupted emergency notification and exposed user data across the US First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cyberattack-disrupts-onsolve/
-
Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim ‘Korean Leaks’ Data Heist
Tags: attack, breach, data, finance, group, korea, leak, msp, north-korea, ransomware, service, supply-chainSouth Korea’s financial sector has been targeted by what has been described as a sophisticated supply chain attack that led to the deployment of Qilin ransomware.”This operation combined the capabilities of a major Ransomware-as-a-Service (RaaS) group, Qilin, with potential involvement from North Korean state-affiliated actors (Moonstone Sleet), leveraging Managed Service Provider (MSP) First seen on…
-
Threat Actors Use Fake Update Lures to Deploy SocGholish Malware
In a significant escalation of cyber threats, Arctic Wolf Labs has identified a coordinated campaign in which the Russian-aligned RomCom threat group leverages the SocGholish malware to target a U.S.-based engineering firm with suspected ties to Ukraine. This marks the first documented instance of RomCom payloads being distributed through SocGholish’s infrastructure, signaling a dangerous convergence…
-
Threat Actors Use Fake Update Lures to Deploy SocGholish Malware
In a significant escalation of cyber threats, Arctic Wolf Labs has identified a coordinated campaign in which the Russian-aligned RomCom threat group leverages the SocGholish malware to target a U.S.-based engineering firm with suspected ties to Ukraine. This marks the first documented instance of RomCom payloads being distributed through SocGholish’s infrastructure, signaling a dangerous convergence…
-
ToddyCat APT evolves to target Outlook archives and Microsoft 365 tokens
Outlook in the Crosshairs: Another evolution involves accessing actual mail data. ToddyCat deployed a tool named TCSectorCopya C++ utility that opens the disk as a read-only device and copies Outlook’s offline storage files (OST) sector by sector, bypassing any file-lock mechanisms that Outlook may enforce.Once OST files are extracted, they are fed into XstReader, an…
-
ToddyCat APT evolves to target Outlook archives and Microsoft 365 tokens
Outlook in the Crosshairs: Another evolution involves accessing actual mail data. ToddyCat deployed a tool named TCSectorCopya C++ utility that opens the disk as a read-only device and copies Outlook’s offline storage files (OST) sector by sector, bypassing any file-lock mechanisms that Outlook may enforce.Once OST files are extracted, they are fed into XstReader, an…
-
Unifying Cloud Strategy to Unlock AI Potential
Talcott Financial Group’s Dalavi on Oracle to Azure Migration and AI Innovation. Talcott Financial Group’s move from a dual-cloud setup to a unified Azure environment is reshaping performance, efficiency and AI readiness, says Sudhakar Dalavi, head of software engineering. He explains how data unification and continuous learning drive the next phase of innovation. First seen…
-
Alliances between ransomware groups tied to recent surge in cybercrime
Tags: access, attack, awareness, backup, business, cloud, cybercrime, cybersecurity, data, encryption, exploit, extortion, group, healthcare, incident response, intelligence, law, leak, monitoring, ransom, ransomware, saas, service, software, tactics, theft, threat, vpn, vulnerability, zero-dayRansomware groups change tactics to evade law enforcement: The latest quarterly study from Rapid7 also found that newly forged alliances are leading to a spike in ransomware activity while adding that tactical innovations, from refined extortion to double extortion and use of zero day, are also playing a part in increased malfeasance.The quarter also saw…
-
New ClickFix attacks use fake Windows Update screens to fool employees
Run dialog box, Windows Terminal, or Windows PowerShell. This leads to the downloading of scripts that launch malware.Two new tactics are used in the latest ClickFix campaign, says Huntress:the use since early October of a fake blue Windows Update splash page in full-screen, displaying realistic “Working on updates” animations that eventually conclude by prompting the user to…
-
Spyware Abuse of Signal and WhatsApp Targeting US Officials
Cyber Advisory Cites Abuse of Linked Devices to Monitor Sensitive Communications. The U.S cyber defense agency issued an alert outlining how commercial spyware and state-aligned groups are abusing messaging-app features through malicious QR-based linking and zero-click exploitation to monitor U.S. government, military and other high-profile figures. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/spyware-abuse-signal-whatsapp-targeting-us-officials-a-30133
-
Spyware Abuse of Signal and WhatsApp Targeting US Officials
Cyber Advisory Cites Abuse of Linked Devices to Monitor Sensitive Communications. The U.S cyber defense agency issued an alert outlining how commercial spyware and state-aligned groups are abusing messaging-app features through malicious QR-based linking and zero-click exploitation to monitor U.S. government, military and other high-profile figures. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/spyware-abuse-signal-whatsapp-targeting-us-officials-a-30133
-
Russia-aligned hackers target US company in attack linked to Ukraine war effort
A threat group called RomCom has a history of cyberattacks against entities connected to the conflict. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/russia-hackers-us-company-attack-ukraine-war/806423/
-
Telecom security reboot: Why zero trust is the only way forward
Tags: access, attack, authentication, breach, china, compliance, control, credentials, cybersecurity, data, defense, detection, endpoint, framework, governance, group, hacker, Hardware, infrastructure, ISO-27001, network, nis-2, nist, ransomware, regulation, risk, service, threat, tool, update, zero-trustIT and OT: Impact is linked: Most OT attacks start in IT environments these days. Once attackers get hold of admin credentials or find a weak interface, they can jump straight into the network gear or base-station controllers.Bridging this isn’t about shuffling org charts. It’s about seeing everything at once and building a single rulebook.…
-
Telecom security reboot: Why zero trust is the only way forward
Tags: access, attack, authentication, breach, china, compliance, control, credentials, cybersecurity, data, defense, detection, endpoint, framework, governance, group, hacker, Hardware, infrastructure, ISO-27001, network, nis-2, nist, ransomware, regulation, risk, service, threat, tool, update, zero-trustIT and OT: Impact is linked: Most OT attacks start in IT environments these days. Once attackers get hold of admin credentials or find a weak interface, they can jump straight into the network gear or base-station controllers.Bridging this isn’t about shuffling org charts. It’s about seeing everything at once and building a single rulebook.…
-
Constant-time support lands in LLVM: Protecting cryptographic code at the compiler level
Tags: access, apple, attack, crypto, cryptography, data, exploit, government, group, infrastructure, open-source, rust, vulnerabilityTrail of Bits has developed constant-time coding support for LLVM 21, providing developers with compiler-level guarantees that their cryptographic implementations remain secure against branching-related timing attacks. This work introduces the __builtin_ct_select family of intrinsics and supporting infrastructure that prevents the Clang compiler, and potentially other compilers built with LLVM, from inadvertently breaking carefully crafted constant-time…
-
Constant-time support lands in LLVM: Protecting cryptographic code at the compiler level
Tags: access, apple, attack, crypto, cryptography, data, exploit, government, group, infrastructure, open-source, rust, vulnerabilityTrail of Bits has developed constant-time coding support for LLVM 21, providing developers with compiler-level guarantees that their cryptographic implementations remain secure against branching-related timing attacks. This work introduces the __builtin_ct_select family of intrinsics and supporting infrastructure that prevents the Clang compiler, and potentially other compilers built with LLVM, from inadvertently breaking carefully crafted constant-time…
-
Russian and North Korean Hackers Forge Global Cyberattack Alliance
Tags: cyber, cyberattack, group, hacker, infrastructure, korea, lazarus, north-korea, russia, threat, warfareState-sponsored hackers from Russia and North Korea are collaborating on shared infrastructure, marking a significant shift in cyber geopolitics. Security researchers have uncovered evidence suggesting that Gamaredon, a Russia-aligned advanced persistent threat (APT) group, and Lazarus, North Korea’s primary cyber warfare unit, may be operating jointly a development with profound implications for global security. Russia…
-
Elephant Group Launches Defense Sector Attacks Using MSBuild-Delivered Python Backdoor
An India-aligned advanced persistent threat group known as Dropping Elephant has launched sophisticated cyberattacks against Pakistan’s defense sector using a newly developed Python-based backdoor delivered through an MSBuild dropper. The campaign demonstrates significant evolution in the threat actor’s tactics, techniques, and procedures, combining living-off-the-land binaries with custom malware to evade detection and establish persistent access…