May 16, 2023Ravie LakshmananEndpoint Security / Cyber Threat A Golang implementation of Cobalt Strike called Geacon is likely to garner the attention of threat actors looking to target Apple macOS systems. The findings come from SentinelOne, which observed an uptick in the number of Geacon payloads appearing on VirusTotal in recent months. "While some of these are likely … [Read more...] about Hackers Using Golang Variant of Cobalt Strike to Target Apple macOS Systems
Hackers
U.S. and U.K. Warn of Russian Hackers Exploiting Cisco Router Flaws for Espionage
Apr 19, 2023Ravie LakshmananNetwork Security / Cyber Espionage U.K. and U.S. cybersecurity and intelligence agencies have warned of Russian nation-state actors exploiting now-patched flaws in networking equipment from Cisco to conduct reconnaissance and deploy malware against targets. The intrusions, per the authorities, took place in 2021 and targeted a small number of … [Read more...] about U.S. and U.K. Warn of Russian Hackers Exploiting Cisco Router Flaws for Espionage
Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access
Apr 18, 2023Ravie LakshmananCyber Threat / Malware The Iranian threat actor known as MuddyWater is continuing its time-tested tradition of relying on legitimate remote administration tools to commandeer targeted systems. While the nation-state group has previously employed ScreenConnect, RemoteUtilities, and Syncro, a new analysis from Group-IB has revealed the adversary's … [Read more...] about Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access
Russia-Linked Hackers Launches Espionage Attacks on Foreign Diplomatic Entities
Apr 14, 2023Ravie LakshmananUnited States The Russia-linked APT29 (aka Cozy Bear) threat actor has been attributed to an ongoing cyber espionage campaign targeting foreign ministries and diplomatic entities located in NATO member states, the European Union, and Africa. According to Poland's Military Counterintelligence Service and the CERT Polska team, the observed activity … [Read more...] about Russia-Linked Hackers Launches Espionage Attacks on Foreign Diplomatic Entities
Pakistan-based Transparent Tribe Hackers Targeting Indian Educational Institutions
Apr 13, 2023Ravie LakshmananMalware / Cyber Attack The Transparent Tribe threat actor has been linked to a set of weaponized Microsoft Office documents in attacks targeting the Indian education sector using a continuously maintained piece of malware called Crimson RAT. While the suspected Pakistan-based threat group is known to target military and government entities in the … [Read more...] about Pakistan-based Transparent Tribe Hackers Targeting Indian Educational Institutions
Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise
Apr 08, 2023Ravie LakshmananCyber War / Cyber Threat The Iranian nation-state group known as MuddyWater has been observed carrying out destructive attacks on hybrid environments under the guise of a ransomware operation. That's according to new findings from the Microsoft Threat Intelligence team, which discovered the threat actor targeting both on-premises and cloud … [Read more...] about Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise
Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers
Mar 25, 2023Ravie LakshmananEnterprise Security / Microsoft Microsoft on Friday shared guidance to help customers discover indicators of compromise (IoCs) associated with a recently patched Outlook vulnerability. Tracked as CVE-2023-23397 (CVSS score: 9.8), the critical flaw relates to a case of privilege escalation that could be exploited to steal NT Lan Manager (NTLM) … [Read more...] about Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers
Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack
Mar 18, 2023Ravie LakshmananNetwork Security / Cyber Espionage The zero-day exploitation of a now-patched medium-severity security flaw in the Fortinet FortiOS operating system has been linked to a suspected Chinese hacking group. Threat intelligence firm Mandiant, which made the attribution, said the activity cluster is part of a broader campaign designed to deploy backdoors … [Read more...] about Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack
North Korean UNC2970 Hackers Expands Operations with New Malware Families
Mar 10, 2023Ravie LakshmananCyber Attack / Malware A North Korean espionage group tracked as UNC2970 has been observed employing previously undocumented malware families as part of a spear-phishing campaign targeting U.S. and European media and technology organizations since June 2022. Google-owned Mandiant said the threat cluster shares "multiple overlaps" with a … [Read more...] about North Korean UNC2970 Hackers Expands Operations with New Malware Families
Dutch Police Arrest 3 Hackers Involved in Massive Data Theft and Extortion Scheme
Feb 27, 2023Ravie Lakshmanan The Dutch police announced the arrest of three individuals in connection with a "large-scale" criminal operation involving data theft, extortion, and money laundering. The suspects include two 21-year-old men from Zandvoort and Rotterdam and an 18-year-old man without a permanent residence. The arrests were made on January 23, 2023. It's estimated … [Read more...] about Dutch Police Arrest 3 Hackers Involved in Massive Data Theft and Extortion Scheme