Intelligence Archives - Page 9 of 170

Pierluigi Paganini January 02, 2025

Lumen reports that it has locked out the Salt Typhoon group from its network

Lumen reports that the Salt Typhoon hacking group, which targeted at least nine U.S. telecom firms, was locked out of its network. This week, a White House official confirmed that China-linked APT group Salt Typhoon has breached a ninth U.S. telecoms company as part of a cyberespionage campaign aimed at telco firms worldwide. China-linked APT group Salt Typhoon (also known as FamousSparrow and GhostEmperor) […]

Pierluigi Paganini January 01, 2025

U.S. Treasury sanctions Russian and Iranian entities for interfering in the presidential election

The U.S. Treasury sanctioned entities for disinformation tied to Russian and Iranian intelligence before the 2024 presidential elections. The U.S. Treasury sanctioned entities for spreading disinformation linked to Russian and Iranian intelligence ahead of the 2024 presidential elections. The U.S. Treasury sanctioned Moscow’s Center for Geopolitical Expertise (CGE), founded by OFAC-designated Aleksandr Dugin, for spreading disinformation and […]

Pierluigi Paganini December 31, 2024

China-linked actors hacked US Treasury Department

China-linked threat actors breached the U.S. Treasury Department by hacking a remote support platform used by the agency. China-linked threat actors breached the U.S. Treasury Department via a compromised remote support platform. The Treasury Department discovered the security breach on December 8th from its vendor BeyondTrust, according to a letter to lawmakers. BeyondTrust provides Privileged […]

Pierluigi Paganini December 29, 2024

China-linked APT Salt Typhoon breached a ninth U.S. telecommunications firm

A White House official confirmed that China-linked threat actor Salt Typhoon breached a ninth U.S. telecommunications company. A White House official confirmed that China-linked APT group Salt Typhoon has breached a ninth U.S. telecoms company as part of a cyberespionage campaign aimed at telco firms worldwide. “A White House official said Friday the US identified […]

Pierluigi Paganini December 25, 2024

BellaCPP, Charming Kitten’s BellaCiao variant written in C++

Iran-linked APT group Charming Kitten has been observed using a new variant of the BellaCiao malware dubbed BellaCPP, Kaspersky researchers warn. The Iran-linked APT group Charming Kitten has been observed using a C++ variant of the BellaCiao malware, dubbed BellaCPP. BellaCiao, a .NET-based malware, combines webshell persistence with covert tunneling. The malicious code was first […]

Pierluigi Paganini December 23, 2024

Lazarus APT targeted employees at an unnamed nuclear-related organization

North Korea-linked Lazarus Group targeted employees of an unnamed nuclear-related organization in January 2024. Kaspersky researchers observed the North Korea-linked Lazarus Group targeting at least two employees associated with the same nuclear-related organization over the course of one month. The experts believe the attacks are part the cyber espionage campaign Operation Dream Job (aka NukeSped), […]

Pierluigi Paganini December 18, 2024

Russia-linked APT29 group used red team tools in rogue RDP attacks

Russia-linked APT29 group uses malicious RDP configuration files, adapting red teaming methods for cyberattacks to compromise systems. In October 2024, the Russia-linked cyber espionage group APT29 (aka Earth Koshchei, SVR group, Cozy Bear, Nobelium, BlueBravo, Midnight Blizzard, and The Dukes) used rogue RDP attacks via phishing emails targeting governments, think tanks, and Ukrainian entities to steal data and install malware. The […]

Pierluigi Paganini December 17, 2024

Russia FSB relies on Ukrainian minors for criminal activities disguised as “quest games”

Ukraine’s SBU uncovered an FSB espionage campaign recruiting minors for criminal activities disguised as “quest games.” The Security Service of Ukraine (SBU or SSU) uncovered a new espionage campaign linked to Russia’s intelligence agency Federal Security Service (FSB), which consists of involving minor Ukrainians in criminal activities under the guise of “quest games”. In Kharkiv, […]

Pierluigi Paganini December 16, 2024

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Researchers warn of previously undetected surveillance spyware, named NoviSpy, that was found infecting a Serbian journalist’s phone. In February 2024, Serbian journalist Slaviša Milanov was summoned to a police station after a routine traffic stop. After the police released him, Milanov noticed suspicious changes to his phone settings, such as disabled data and Wi-Fi. Then […]

Pierluigi Paganini December 12, 2024

Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

Chinese law enforcement uses the mobile surveillance tool EagleMsgSpy to gather data from Android devices, as detailed by Lookout. Researchers at the Lookout Threat Lab discovered a surveillance tool, dubbed EagleMsgSpy, used by Chinese law enforcement to spy on mobile devices. The researchers analyzed multiple samples of the malware and gained access to internal documents obtained from […]

Intelligence

Lumen reports that it has locked out the Salt Typhoon group from its network

U.S. Treasury sanctions Russian and Iranian entities for interfering in the presidential election

China-linked actors hacked US Treasury Department

China-linked APT Salt Typhoon breached a ninth U.S. telecommunications firm

BellaCPP, Charming Kitten’s BellaCiao variant written in C++

Lazarus APT targeted employees at an unnamed nuclear-related organization

Russia-linked APT29 group used red team tools in rogue RDP attacks

Russia FSB relies on Ukrainian minors for criminal activities disguised as “quest games”

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

A flaw in Catwatchful spyware exposed logins of +62,000 users

China-linked group Houken hit French organizations using zero-days

Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach

Europol shuts down Archetyp Market, longest-running dark web drug marketplace

Kelly Benefits data breach has impacted 550,000 people, and the situation continues to worsen as the investigation progresses

QUICK LINKS

Intelligence

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!