Pierluigi Paganini
September 09, 2022
Iran-linked APT group DEV-0270 (aka Nemesis Kitten) is abusing the BitLocker Windows feature to encrypt victims’ devices. Microsoft Security Threat Intelligence researchers reported that Iran-linked APT group DEV-0270 (Nemesis Kitten) has been abusing the BitLocker Windows feature to encrypt victims’ devices. The researchers tracked multiple ransomware attacks conducted by the DEV-0270 group, which is a […]
Pierluigi Paganini
September 08, 2022
North Korea-linked Lazarus APT group is targeting energy providers around the world, including organizations in the US, Canada, and Japan. Talos researchers tracked a campaign, orchestrated by North Korea-linked Lazarus APT group, aimed at energy providers around the world, including organizations in the US, Canada, and Japan. The campaign was observed between February and July 2022. The attacks […]
Pierluigi Paganini
September 06, 2022
Researchers discovered a previously undocumented software control panel, named TeslaGun, used by a cybercrime gang known as TA505. Researchers from cybersecurity firm PRODAFT have discovered a previously undocumented software control panel, tracked as TeslaGun, used by a cybercrime group known as TA505. Russian TA505 hacking group, aka Evil Corp, has been active since 2014 focusing on Retail and banking […]
Pierluigi Paganini
August 31, 2022
Experts uncovered a cyber espionage campaign conducted by a China-linked APT group and aimed at several entities in the South China Sea. Proofpoint’s Threat Research Team uncovered a cyber espionage campaign targeting entities across the world that was orchestrated by a China-linked threat actor. The campaign aimed at entities in Australia, Malaysia, and Europe, as […]
Pierluigi Paganini
August 26, 2022
An Iran-linked Mercury APT group exploited the Log4Shell vulnerability in SysAid applications for initial access to the targeted organizations. The Log4Shell flaw (CVE-2021-44228) made the headlines in December after Chinese security researcher p0rz9 publicly disclosed a Proof-of-concept exploit for the critical remote code execution zero-day vulnerability (aka Log4Shell) that affects the Apache Log4j Java-based logging library. The flaw can be exploited […]
Pierluigi Paganini
August 26, 2022
The North Korea-linked Kimsuky APT is behind a new campaign, tracked as GoldDragon, targeting political and diplomatic entities in South Korea in early 2022. Researchers from Kaspersky attribute a series of attacks, tracked as GoldDragon, against political and diplomatic entities located in South Korea in early 2022 to the North Korea-linked group Kimsuky. Kimsuky cyberespiona group […]
Pierluigi Paganini
August 25, 2022
Russia-linked APT group Nobelium is behind a new sophisticated post-exploitation malware tracked by Microsoft as MagicWeb. Microsoft security researchers discovered a post-compromise malware, tracked as MagicWeb, which is used by the Russia-linked NOBELIUM APT group to maintain persistent access to compromised environments. The NOBELIUM APT (APT29, Cozy Bear, and The Dukes) is the threat actor that […]
Pierluigi Paganini
August 22, 2022
The Donot Team threat actor, aka APT-C-35, has added new capabilities to its Jaca Windows malware framework. The Donot Team has been active since 2016, it focuses on government and military organizations, ministries of foreign affairs, and embassies in India, Pakistan, Sri Lanka, Bangladesh, and other South Asian countries. In October 2021, a report released by Amnesty International revealed that the Donot […]
Pierluigi Paganini
August 19, 2022
Russia-linked APT group Cozy Bear continues to target Microsoft 365 accounts in NATO countries for cyberespionage purposes. Mandiant researchers reported that the Russia-linked Cozy Bear cyberespionage group (aka APT29, CozyDuke, and Nobelium), has targeted Microsoft 365 accounts in espionage campaigns. The experts pointed out that APT29 devised new advanced tactics, techniques, and procedures to evade detection. […]
Pierluigi Paganini
August 17, 2022
A China-linked APT group named RedAlpha is behind a long-running mass credential theft campaign aimed at organizations worldwide. Recorded Future researchers attributed a long-running mass credential theft campaign to a Chinese nation-state actor tracked RedAlpha. The campaign targeted global humanitarian, think tank, and government organizations. Experts believe RedAlpha is a group of contractors conducting cyber-espionage activity on behalf of […]
