Cyber warfare

Pierluigi Paganini February 10, 2023
DPRK fund malicious cyber activities with ransomware attacks on critical Infrastructure

North Korea-linked APT groups conduct ransomware attacks against healthcare and critical infrastructure facilities to fund its activities. Ransomware attacks on critical infrastructure conducted by North Korea-linked hacker groups are used by the government of Pyongyang to fund its malicious cyber operations, U.S. and South Korean agencies warn. US CISA published a Cybersecurity Advisory (CSA) to […]

Pierluigi Paganini February 09, 2023
Experts published a list of proxy IPs used by the pro-Russia group Killnet

SecurityScorecard’s researchers released a list of proxy IPs used by the pro-Russia group Killnet to neutralize its attacks. SecurityScorecard’s researchers published a list of proxy IPs used by the pro-Russia group Killnet with the intent to interfere with its operation and block its attacks. “To help organizations better protect themselves, SecurityScorecard has published a list of […]

Pierluigi Paganini February 08, 2023
New Graphiron info-stealer used in attacks against Ukraine

A Russia-linked threat actor has been observed deploying a new information stealer dubbed Graphiron in attacks against Ukraine. Researchers from Broadcom Symantec spotted a Russia-linked ATP group, tracked as Nodaria (aka UAC-0056), deploying new info-stealing malware, dubbed Graphiron, in attacks against Ukraine. The Nodaria APT group has been active since at least March 2021, it […]

Pierluigi Paganini February 08, 2023
Ukraine CERT-UA warns of phishing attacks employing Remcos software

The Computer Emergency Response Team of Ukraine (CERT-UA) warns of a new wave of attacks against state authorities to deploy the Remcos software. The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a phishing campaign aimed at state authorities that involves the use of the legitimate remote access software Remcos. The phishing emails, […]

Pierluigi Paganini February 03, 2023
Russia-linked Gamaredon APT targets Ukrainian authorities with new malware

Russia-linked threat actor Gamaredon employed new spyware in cyber attacks aimed at public authorities and critical information infrastructure in Ukraine. The State Cyber Protection Centre (SCPC) of Ukraine warns of a new wave of targeted attacks conducted by the Russia-linked APT group Gamaredon (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa). The attacks aimed at public authorities and critical information […]

Pierluigi Paganini February 01, 2023
Pro-Russia Killnet group hit Dutch and European hospitals

The Dutch National Cyber Security Centre (NCSC) confirmed that Pro-Russia group Killnet hit websites of national and European hospitals. The Dutch National Cyber Security Centre (NCSC) reported that the websites of several hospital in the Netherlands and Europe were hit by DDoS attacks carried out by pro-Russia hacking group Killnet. The group of hackers launched […]

Pierluigi Paganini January 31, 2023
Pro-Palestine hackers threaten Israeli chemical companies

Threat actors are targeting Israeli chemical companies operating in the occupied territories, security experts warn. Threat actors have launched a massive hacking campaign aimed at Israeli chemical companies operating in the occupied territories. A group, named Electronic Quds Force, is threatening companies’ engineers and workers and are inviting them to resign from their positions. The […]

Pierluigi Paganini January 31, 2023
Pro-Russia group Killnet targets US healthcare with DDoS attacks

The Pro-Russia group Killnet is launching a series of DDoS attacks against the websites of US healthcare organizations and hospitals. The Pro-Russia group Killnet launched a series of DDoS attacks against US healthcare organizations and hospitals. The group announced the attacks on its Telegram channel, calling for action against the US government healthcare. The list of targets […]

Pierluigi Paganini January 30, 2023
Sandworm APT group hit Ukrainian news agency with five data wipers

The Ukrainian (CERT-UA) discovered five different wipers deployed on the network of the country’s national news agency, Ukrinform. On January 17, 2023, the Telegram channel “CyberArmyofRussia_Reborn” reported the compromise of the systems at the Ukrainian National Information Agency “Ukrinform”. The Ukrainian Computer Emergency Response Team (CERT-UA) immediately investigated the claims and as of January 27, […]

Pierluigi Paganini January 20, 2023
Chinese hackers used recently patched FortiOS SSL-VPN flaw as a zero-day in October

An alleged Chinese threat actor was observed exploiting the recently patched CVE-2022-42475 vulnerability in FortiOS SSL-VPN. Researchers from Mandiant reported that suspected Chinese threat actors exploited the recently patched CVE-2022-42475 vulnerability in FortiOS SSL-VPN as a zero-day. According to the security firm, the vulnerability was exploited in attacks against a series of targets, including a […]