24 Oct 2022

US Healthcare Organizations Warned of ‘Daixin Team’ Ransomware Attacks

The US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) have issued a joint alert. The alert pertains to a new cybercrime group called Daixin Team that targets organizations in the healthcare sector. The threat actor has

Read More
06 Oct 2022

CISA Advisory Details How Hackers Targeted Defense Industrial Base Organization

On Tuesday, the Cybersecurity and Infrastructure Security Agency (CSA) released an advisory highlighting a threat targeting the Defense Industrial Base sector organization’s enterprise network. The advanced persistent threat group is leveraging the open-source toolkit Impakcet to gain initial access into target systems. After Impacket is successfully deployed, it launches the

Read More
26 Sep 2022

Cyber Mercenary Group Void Balaur Continues Hack-For-Hire Campaigns

Cyber mercenary group Void Balaur has continued to expand its offerings, including hack-for-hire campaigns. The group has allegedly suffered from disruptions to its online advertising personas but is powering through the setbacks. SentinelLabs recently published an advisory that was unveiled at LABScon last Thursday. The report was written by senior

Read More
08 Sep 2022

New Iranian hacking group APT42 deploys custom Android spyware

Cybersecurity firm Mandiant has released information regarding what is believed to be a new Iranian state-sponsored hacking group referred to as APT42. The group is allegedly using a custom Android malware to spy on targets that fit its interests. Mandiant has reportedly collecting enough evidence to prove that the group

Read More
18 Aug 2022

Threat Group Ramps-Up Attacks on Travel Sector in 2022

Researchers have identified new details regarding a prolific threat group that has deployed 15 malware families over the past four years. The group, TA558, is financially motivated and mainly targets organizations in Latin and North America. The group switches between English, Spanish, and Portuguese when it conducts its attacks, according

Read More
22 Jun 2022

New Toddycat APT Targets MS Exchange Servers in Europe and Asia

Researchers at Kaspersky have identified a new advanced persistent threat dubbed ToddyCat that is actively targeting Microsoft exchange servers in Europe and Asia. The threat actor is leveraging two tools that were formerly unknown to the security researchers who discovered the threat actor, referred to as Samurai backdoor and Ninja

Read More
09 Jun 2022

Black Basta Ransomware Teams Up with Malware Stalwart Qbot

Cybercriminal group Black Basta has reportedly teamed up with the evolving information stealing trojan known as Qbot. The cyber threat group utilized the trojan to move laterally on a network in a recent attack, according to researchers. Qbot has been around for 14 years, but has undergone many significant developments

Read More
28 Mar 2022

Estonian Tied to 13 Ransomware Attacks Gets 66 Months in Prison

An Estonian man named Maksim Berezan was sentenced to more than five years in US prison for his participation in at least 13 serious ransomware attacks that resulted in approximately $53 million in losses. US prosecutors stated that Berezan enjoyed a lengthy career of being able to access hacked bank

Read More
28 Feb 2022

Ukraine security agencies warn of Ghostwriter threat activity, phishing campaigns

Ukraine’s Computer Emergency Response Team (CERT-UA) has warned of continuing phishing and Ghostwriter activities targeting Ukrainian organizations. According to the team, Ghostwriter is primarily focusing on targets in Belarus, Russia, Poland, and Ukraine and is believed to be of Belarusian origin. According to CERT-UA, Ghostwriter’s members are officers of the

Read More
02 Dec 2021

Stealthy ‘WIRTE’ Gang Targets Middle Eastern Governments

On Monday, Kaspersky released a report detailing its latest findings pertaining to a threat actor tracked as WIRTE. Kaspersky stated that the group has been attacking Middle Eastern governments since at least 2019, leveraging malicious Excel 4.0 macros and other tactics.  Kaspersky found that the group planted Microsoft Excel droppers

Read More