Telecommunications and IT service providers in the Middle East and Asia are being targeted by a previously undocumented Chinese-speaking threat group dubbed WIP19. The espionage-related attacks are characterized by the use of a stolen digital certificate issued by a Korean company called DEEPSoft to sign malicious artifacts deployed during the infection chain to evade … [Read more...] about New Chinese Cyberespionage Group Targeting IT Service Providers and Telcos
Group
Researchers Detail Malicious Tools Used by Cyberespionage Group Earth Aughisky
A new piece of research has detailed the increasingly sophisticated nature of the malware toolset employed by an advanced persistent threat (APT) group named Earth Aughisky. "Over the last decade, the group has continued to make adjustments in the tools and malware deployments on specific targets located in Taiwan and, more recently, Japan," Trend Micro disclosed in a technical … [Read more...] about Researchers Detail Malicious Tools Used by Cyberespionage Group Earth Aughisky
Eternity Group Hackers Offering New LilithBot Malware as a Service to Cybercriminals
The threat actor behind the malware-as-a-service (MaaS) called Eternity has been linked to new piece of malware called LilithBot. "It has advanced capabilities to be used as a miner, stealer, and a clipper along with its persistence mechanisms," Zscaler ThreatLabz researchers Shatak Jain and Aditya Sharma said in a Wednesday report. "The group has been continuously enhancing … [Read more...] about Eternity Group Hackers Offering New LilithBot Malware as a Service to Cybercriminals
Some Members of Conti Group Targeting Ukraine in Financially Motivated Attacks
Former members of the Conti cybercrime cartel have been implicated in five different campaigns targeting Ukraine from April to August 2022. The findings, which come from Google's Threat Analysis Group (TAG), builds upon a prior report published in July 2022, detailing the continued cyber activity aimed at the Eastern European nation amid the ongoing Russo-Ukrainian … [Read more...] about Some Members of Conti Group Targeting Ukraine in Financially Motivated Attacks
KNOTWEED Activity Group Assessment | Elastic Blog
Key TakeawaysKNOTWEED is an activity group sponsored by the PSOA entity DSIRFKNOTWEED uses 0-day exploits to load custom malware and frameworks onto victim systemsElastic Endpoint Security prevents the execution chain of the VBA from infecting the host with spyware associated with KNOTWEEDSummaryOn July 27, 2022, Microsoft Threat Intelligence Center (MSTIC) disclosed a … [Read more...] about KNOTWEED Activity Group Assessment | Elastic Blog
New ToddyCat Hacker Group on Experts’ Radar After Targeting MS Exchange Servers
An advanced persistent threat (APT) actor codenamed ToddyCat has been linked to a string of attacks aimed at high-profile entities in Europe and Asia since at least December 2020. The relatively new adversarial collective is said to have commenced its operations by targeting Microsoft Exchange servers in Taiwan and Vietnam using an unknown exploit to deploy the China Chopper … [Read more...] about New ToddyCat Hacker Group on Experts’ Radar After Targeting MS Exchange Servers
Network Footprints of Gamaredon Group
Below research is reflecting our observations during month of March 2022. We also would like to thank Maria Jose Erquiaga for her contribution in introduction and support during the process of writing. Overview As the Russian-Ukrainian war continues over conventional warfare, cybersecurity professionals witnessed their domain turning into a real frontier. Threat actors picking … [Read more...] about Network Footprints of Gamaredon Group
Researchers Share In-Depth Analysis of PYSA Ransomware Group
An 18-month-long analysis of the PYSA ransomware operation has revealed that the cybercrime cartel followed a five-stage software development cycle from August 2020, with the malware authors prioritizing features to improve the efficiency of its workflows. This included a user-friendly tool like a full-text search engine to facilitate the extraction of metadata and enable the … [Read more...] about Researchers Share In-Depth Analysis of PYSA Ransomware Group
Lazarus Group Behind $540 Million Axie Infinity Crypto Hack and Attacks on Chemical Sector
The U.S. Treasury Department has implicated the North Korea-backed Lazarus Group (aka Hidden Cobra) in the theft of $540 million from video game Axie Infinity's Ronin Network last month. On Thursday, the Treasury tied the Ethereum wallet address that received the stolen funds to the threat actor and sanctioned the funds by adding the address to the Office of Foreign Assets … [Read more...] about Lazarus Group Behind $540 Million Axie Infinity Crypto Hack and Attacks on Chemical Sector
British Police Charge Two Teenagers Linked to LAPSUS$ Hacker Group
The City of London Police on Friday disclosed that it has charged two of the seven teenagers, a 16-year-old and a 17-year-old, who were arrested last week for their alleged connections to the LAPSUS$ data extortion gang. "Both teenagers have been charged with: three counts of unauthorized access to a computer with intent to impair the reliability of data; one count of fraud by … [Read more...] about British Police Charge Two Teenagers Linked to LAPSUS$ Hacker Group