Feb 13, 2023Ravie LakshmananCyber Threat Intelligence The advanced persistent threat (APT) actor known as Tonto Team carried out an unsuccessful attack on cybersecurity company Group-IB in June 2022. The Singapore-headquartered firm said that it detected and blocked malicious phishing emails originating from the group targeting its employees. It's also the second attack aimed … [Read more...] about Chinese Tonto Team Hackers’ Second Attempt to Target Cybersecurity Firm Group-IB Fails
Hackers
Hackers Abused Microsoft’s “Verified Publisher” OAuth Apps to Breach Corporate Email Accounts
Feb 01, 2023Ravie LakshmananEnterprise Security / Authentication Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network (MPN) accounts that were used for creating malicious OAuth applications as part of a malicious campaign designed to breach organizations' cloud environments and steal email. "The applications created by these fraudulent actors were … [Read more...] about Hackers Abused Microsoft’s “Verified Publisher” OAuth Apps to Breach Corporate Email Accounts
Chinese Hackers Exploited Recent Fortinet Flaw as 0-Day to Drop Malware
Jan 20, 2023Ravie LakshmananFirewall / Network Security A suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks targeting a European government entity and a managed service provider (MSP) located in Africa. Telemetry evidence gathered by Google-owned Mandiant indicates that the exploitation occurred … [Read more...] about Chinese Hackers Exploited Recent Fortinet Flaw as 0-Day to Drop Malware
Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors
Jan 08, 2023Ravie LakshmananCyberespionage / Threat Analysis The Russian cyberespionage group known as Turla has been observed piggybacking on attack infrastructure used by a decade-old malware to deliver its own reconnaissance and backdoor tools to targets in Ukraine. Google-owned Mandiant, which is tracking the operation under the uncategorized cluster moniker UNC4210, said … [Read more...] about Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors
Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
Jan 06, 2023Ravie LakshmananCryptocurrency / GitHub A South Africa-based threat actor known as Automated Libra has been observed employing CAPTCHA bypass techniques to create GitHub accounts in a programmatic fashion as part of a freejacking campaign dubbed PURPLEURCHIN. The group "primarily targets cloud platforms offering limited-time trials of cloud resources in order to … [Read more...] about Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain
Jan 05, 2023Ravie LakshmananCyber Attack / Malware A financially motivated threat actor tracked as Blind Eagle has resurfaced with a refined toolset and an elaborate infection chain as part of its attacks targeting organizations in Colombia and Ecuador. Check Point's latest research offers new insights into the Spanish-speaking group's tactics and techniques, including the … [Read more...] about Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain
APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector
Dec 28, 2022Ravie LakshmananMalware / Windows Security Microsoft's decision to block Visual Basic for Applications (VBA) macros by default for Office files downloaded from the internet has led many threat actors to improvise their attack chains in recent months. Now according to Cisco Talos, advanced persistent threat (APT) actors and commodity malware families alike are … [Read more...] about APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector
Hackers Breach Okta’s GitHub Repositories, Steal Source Code
Dec 22, 2022Ravie LakshmananSoftware Security / Data Breach Okta, a company that provides identity and access management services, disclosed on Wednesday that some of its source code repositories were accessed in an unauthorized manner earlier this month. "There is no impact to any customers, including any HIPAA, FedRAMP or DoD customers," the company said in a public … [Read more...] about Hackers Breach Okta’s GitHub Repositories, Steal Source Code
Ransomware Hackers Using New Way to Bypass MS Exchange ProxyNotShell Mitigations
Dec 21, 2022Ravie LakshmananEmail Security / Data Security Threat actors affiliated with a ransomware strain known as Play are leveraging a never-before-seen exploit chain that bypasses blocking rules for ProxyNotShell flaws in Microsoft Exchange Server to achieve remote code execution (RCE) through Outlook Web Access (OWA). "The new exploit method bypasses URL rewrite … [Read more...] about Ransomware Hackers Using New Way to Bypass MS Exchange ProxyNotShell Mitigations
MuddyWater Hackers Target Asian and Middle East Countries with Updated Tactics
Dec 09, 2022Ravie LakshmananThreat Intelligence / Cyber Attack The Iran-linked MuddyWater threat actor has been observed targeting several countries in the Middle East as well as Central and West Asia as part of a new spear-phishing activity. "The campaign has been observed targeting Armenia, Azerbaijan, Egypt, Iraq, Israel, Jordan, Oman, Qatar, Tajikistan, and the United … [Read more...] about MuddyWater Hackers Target Asian and Middle East Countries with Updated Tactics