Intelligence

Pierluigi Paganini December 23, 2024
Lazarus APT targeted employees at an unnamed nuclear-related organization

North Korea-linked Lazarus Group targeted employees of an unnamed nuclear-related organization in January 2024. Kaspersky researchers observed the North Korea-linked Lazarus Group targeting at least two employees associated with the same nuclear-related organization over the course of one month. The experts believe the attacks are part the cyber espionage campaign Operation Dream Job (aka NukeSped), […]

Pierluigi Paganini December 18, 2024
Russia-linked APT29 group used red team tools in rogue RDP attacks

Russia-linked APT29 group uses malicious RDP configuration files, adapting red teaming methods for cyberattacks to compromise systems. In October 2024, the Russia-linked cyber espionage group APT29 (aka Earth Koshchei, SVR group, Cozy Bear, Nobelium, BlueBravo, Midnight Blizzard, and The Dukes) used rogue RDP attacks via phishing emails targeting governments, think tanks, and Ukrainian entities to steal data and install malware. The […]

Pierluigi Paganini December 17, 2024
Russia FSB relies on Ukrainian minors for criminal activities disguised as “quest games”

Ukraine’s SBU uncovered an FSB espionage campaign recruiting minors for criminal activities disguised as “quest games.” The Security Service of Ukraine (SBU or SSU) uncovered a new espionage campaign linked to Russia’s intelligence agency Federal Security Service (FSB), which consists of involving minor Ukrainians in criminal activities under the guise of “quest games”. In Kharkiv, […]

Pierluigi Paganini December 16, 2024
Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Researchers warn of previously undetected surveillance spyware, named NoviSpy, that was found infecting a Serbian journalist’s phone. In February 2024, Serbian journalist SlaviĆĄa Milanov was summoned to a police station after a routine traffic stop. After the police released him, Milanov noticed suspicious changes to his phone settings, such as disabled data and Wi-Fi. Then […]

Pierluigi Paganini December 12, 2024
Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

Chinese law enforcement uses the mobile surveillance tool EagleMsgSpy to gather data from Android devices, as detailed by Lookout. Researchers at the Lookout Threat Lab discovered a surveillance tool, dubbed EagleMsgSpy, used by Chinese law enforcement to spy on mobile devices. The researchers analyzed multiple samples of the malware and gained access to internal documents obtained from […]

Pierluigi Paganini December 12, 2024
Russia’s Secret Blizzard APT targets Ukraine with Kazuar backdoor

Russia-linked APT group Secret Blizzard is using Amadey Malware-as-a-Service to infect systems in Ukraine with the Kazuar backdoor. The Russia-linked APT group Secret Blizzard (aka Turla, Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) was spotted using the Amadey malware to deploy the KazuarV2 backdoor on devices in Ukraine. The experts observed threat actors using the Amadey bot malware between March and April 2024. Microsoft highlights […]

Pierluigi Paganini December 11, 2024
Operation Digital Eye: China-linked relies on Visual Studio Code Remote Tunnels to spy on Europen entities

An alleged China-linked APT group targeted large business-to-business IT service providers in Southern Europe as part of Operation Digital Eye campaign. Between late June and mid-July 2024, a China-linked threat actor targeted major IT service providers in Southern Europe in a campaign codenamed ‘Operation Digital Eye.’ Cyberspies aimed to establish footholds and compromise downstream entities […]

Pierluigi Paganini December 07, 2024
Russia’s FSB used spyware against a Russian programmer

Russia’s FSB used spyware against a Russian programmer after detaining him for allegedly donating to Ukraine earlier this year. The Federal Security Service (FSB) used spyware to monitor a Russian programmer, Kirill Parubets, after he was detained earlier this year for allegedly donating to Ukraine. Researchers from the First Department and the Citizen Lab discovered that the […]

Pierluigi Paganini December 07, 2024
Romania ’s election systems hit by 85,000 attacks ahead of presidential vote

Romania ‘s election systems suffered over 85,000 attacks, with leaked credentials posted on a Russian hacker forum before the presidential election. Romania ‘s Intelligence Service revealed that over 85,000 cyberattacks targeted the country’s election systems. Threat actors gained access to credentials for election-related websites, and then leaked them on Russian cybercrime forums a few days […]

Pierluigi Paganini December 05, 2024
Russia-linked APT Secret Blizzard spotted using infrastructure of other threat actors

Russia-linked APT group Secret Blizzard has used the tools and infrastructure of at least 6 other threat actors during the past 7 years. Researchers from Microsoft Threat Intelligence collected evidence that the Russia-linked ATP group Secret Blizzard (aka Turla, Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) has used the tools and infrastructure of at least 6 other threat actors during the […]