Intelligence Archives - Page 15 of 170

Pierluigi Paganini August 13, 2024

CERT-UA warns of a phishing campaign targeting government entities

CERT-UA warned that Russia-linked actor is impersonating the Security Service of Ukraine (SSU) in a new phishing campaign to distribute malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign targeting organizations in the country, including government entities. The campaign, tracked as UAC-0198, has been active since July. Threat actors sent out […]

Pierluigi Paganini August 13, 2024

US DoJ dismantled remote IT worker fraud schemes run by North Korea

The U.S. DoJ arrested a Tennessee man for running a “laptop farm” that enabled North Korea-linked IT workers to obtain remote jobs with American companies. The U.S. Justice Department arrested Matthew Isaac Knoot (38) from Nashville (Tennessee) for operating a “laptop farm” that facilitated North Korea-linked IT workers in obtaining remote jobs with American companies. […]

Pierluigi Paganini August 12, 2024

EastWind campaign targets Russian organizations with sophisticated backdoors

A campaign tracked as EastWind is targeting Russian government and IT organizations with PlugY and GrewApacha Backdoors. In late July 2024, Kaspersky researchers detected a series of targeted cyberattacks against the Russian government and IT organizations. Kaspersky named this campaign has EastWind. Threat actors sent phishing emails with RAR archive attachments containing a Windows shortcut […]

Pierluigi Paganini August 11, 2024

Foreign nation-state actors hacked Donald Trump’s campaign

Donald Trump’s campaign reported that its emails were hacked by “foreign sources hostile to the United States.” Donald Trump’s presidential campaign announced it was hacked, a spokesman attributes the attack to foreign sources hostile to the United States. The presidential campaign believes that Iran-linked threat actors may be involved in the cyber operation that is […]

Pierluigi Paganini August 09, 2024

Russian cyber spies stole data and emails from UK government systems

Earlier this year, Russian cyber spies breached UK government systems and stole sensitive data and emails, reported The Record media. Earlier this year, Russia’s foreign intelligence service stole internal emails and data on individuals from the UK government. The news was first reported by Recorded Future News, which obtained an official description of the incident […]

Pierluigi Paganini August 05, 2024

China-linked APT41 breached Taiwanese research institute

China-linked group APT41 breached a Taiwanese government-affiliated research institute using ShadowPad and Cobalt Strike. Cisco Talos researchers reported that the China-linked group compromised a Taiwanese government-affiliated research institute. The experts attributed the attack with medium confidence to the APT41 group. The campaign started as early as July 2023 and threat actors delivered the ShadowPad malware, Cobalt […]

Pierluigi Paganini August 04, 2024

Chinese StormBamboo APT compromised ISP to deliver malware

A China-linked APT, tracked as StormBamboo, compromised an internet service provider (ISP) to poison software update mechanisms with malware. Volexity researchers reported that a China-linked APT group, tracked as StormBamboo (aka Evasive Panda, Daggerfly, and StormCloud), successfully compromised an undisclosed internet service provider (ISP) in order to poison DNS responses for target organizations. The threat actors targeted […]

Pierluigi Paganini August 03, 2024

Russia-linked APT used a car for sale as a phishing lure to target diplomats with HeadLace malware

A Russia-linked APT used a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace. Palo Alto researchers reported that a Russia-linked threat actor known as Fighting Ursa (also identified as APT28, Fancy Bear, or Sofacy) used a fake car advertisement to distribute HeadLace backdoor malware, targeting diplomats. The campaign began […]

Pierluigi Paganini July 30, 2024

SideWinder phishing campaign targets maritime facilities in multiple countries

The APT group SideWinder launched a new espionage campaign targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea. SideWinder (also known as Razor Tiger, Rattlesnake, and T-APT-04) has been active since at least 2012, the group mainly targeted Police, Military, Maritime, and the Naval forces of Central Asian countries. In the 2022 […]

Pierluigi Paganini July 29, 2024

Belarus-linked APT Ghostwriter targeted Ukraine with PicassoLoader malware

Belarus-linked APT group GhostWriter targeted Ukrainian organizations with a malware family known as PicassoLoader, used to deliver various malicious payloads. The Ukrainian Government’s Computer Emergency Response Team (CERT-UA) reported a surge in activity associated with the APT group UAC-0057 (aka GhostWriter) group between July 12 and 18, 2024. Threat actors distributed documents containing macros designed […]

Intelligence

CERT-UA warns of a phishing campaign targeting government entities

US DoJ dismantled remote IT worker fraud schemes run by North Korea

EastWind campaign targets Russian organizations with sophisticated backdoors

Foreign nation-state actors hacked Donald Trump’s campaign

Russian cyber spies stole data and emails from UK government systems

China-linked APT41 breached Taiwanese research institute

Chinese StormBamboo APT compromised ISP to deliver malware

Russia-linked APT used a car for sale as a phishing lure to target diplomats with HeadLace malware

SideWinder phishing campaign targets maritime facilities in multiple countries

Belarus-linked APT Ghostwriter targeted Ukraine with PicassoLoader malware

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Google fined $314M for misusing idle Android users' data

A flaw in Catwatchful spyware exposed logins of +62,000 users

China-linked group Houken hit French organizations using zero-days

Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach

Europol shuts down Archetyp Market, longest-running dark web drug marketplace

QUICK LINKS

Intelligence

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!