Intelligence

Pierluigi Paganini March 31, 2022
Google TAG details cyber activity with regard to the invasion of Ukraine

The Google TAG uses uncovered phishing attacks targeting Eastern European and NATO countries, including Ukraine. The Google Threat Analysis Group (TAG) provided an update about nation-state attacks related ongoing Russian invasion of Ukraine, the experts spotted phishing and malware attacks targeting Eastern European and NATO countries, including Ukraine The researchers uncovered a phishing campaign conducted by a […]

Pierluigi Paganini March 28, 2022
GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon 

Ukraine CERT-UA warns that the Belarus-linked GhostWriter APT group is targeting state entities of Ukraine with Cobalt Strike Beacon. Ukraine CERT-UA uncovered a spear-phishing campaign conducted by Belarus-linked GhostWriter APT group targeting Ukrainian state entities with Cobalt Strike Beacon. The phishing messages use a RAR-archive named “Saboteurs.rar”, which contains RAR-archive “Saboteurs 21.03.rar.” This second archive […]

Pierluigi Paganini March 18, 2022
China-linked threat actors are targeting the government of Ukraine

Google’s TAG team revealed that China-linked APT groups are targeting Ukraine ’s government for intelligence purposes. Google’s Threat Analysis Group (TAG) researchers uncovered cyberespionage operations conducted by the Chinese People’s Liberation Army (PLA) and other China-linked APT groups and that targeted Ukraine ‘s government to gather info on the ongoing conflict. Below is the tweet […]

Pierluigi Paganini March 16, 2022
Russia’s disinformation uses deepfake video of Zelenskyy telling people to lay down arms

Russian disinformation continues, this time it used a deepfake video of Zelenskyy inviting Ukrainians to ‘lay down arms.’ A deepfake video of the Ukrainian president Volodymyr Zelenskyy telling its citizens to lay down arms is the last example of disinformation conducted by Russia-linked threat actors. The fake video shows President Zelenskyy saying ‘It turned out […]

Pierluigi Paganini March 15, 2022
The German BSI agency recommends replacing Kaspersky antivirus software

German Federal Office for Information Security agency, also known as BSI, recommends consumers not to use Kaspersky anti-virus software. The German Federal Office for Information Security agency, aka BSI, recommends consumers uninstall Kaspersky anti-virus software. The Agency warns the cybersecurity firm could be implicated in hacking attacks during the ongoing Russian invasion of Ukraine. According […]

Pierluigi Paganini March 09, 2022
Google blocked China-linked APT31’s attacks targeting U.S. Government

Google has blocked a phishing campaign conducted by China-linked group APT31 aimed at Gmail users associated with the U.S. government. Google announced to have blocked a phishing campaign originating conducted by China-linked cybereaspionage group APT31 (aka Zirconium, Judgment Panda, and Red Keres) and aimed at Gmail users associated with the U.S. government. The campaign took […]

Pierluigi Paganini March 08, 2022
Google TAG: Russia, Belarus-linked APTs targeted Ukraine

Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukraine and European government and military orgs. Google Threat Analysis Group (TAG), which focuses on the analysis of nation-state threat actors, revealed to have blocked attacks against hundreds of Ukrainians conducted by Belarus and Russian state-sponsored hackers. The attacks have been attributed to the Russia-linked […]

Pierluigi Paganini February 25, 2022
Ukraine calls on independent hackers to defend against Russia, Russian underground responds

While Ukraine calls for hacker underground to defend against Russia, ransomware gangs make their moves. Ukraine’s government is asking for volunteers from the hacker underground to provide their support in protecting critical infrastructure and carry out offensive operations against Russian state-sponsored hackers, reported Reuters which cited two e experts involved in the project. The call […]

Pierluigi Paganini February 25, 2022
US and UK details a new Python backdoor used by MuddyWater APT group

US and UK cybersecurity agencies provided details of a new malware used by Iran-linked MuddyWater APT. CISA, the FBI, the US Cyber Command’s Cyber National Mission Force (CNMF), UK’s National Cyber Security Centre (NCSC-UK), and the NSA, and law enforcement agencies have published a joint advisory on new malware used by Iran-linked MuddyWater APT group […]

Pierluigi Paganini February 24, 2022
US and UK link new Cyclops Blink malware to Russian state hackers

UK and US cybersecurity agencies linked Cyclops Blink malware to Russia’s Sandworm APT US and UK cybersecurity and law enforcement agencies published a joint security advisory about a new malware, dubbed Cyclops Blink, that has been linked to the Russian-backed Sandworm APT group. Sandworm (aka BlackEnergy and TeleBots) has been active since 2000, it operates under the […]