News – January 2024

  • TA866 returns with a large Email campaign

    January 18, 2024

    Proofpoint researchers identified the return of TA866 to email threat campaign data, after a nine-month absence. On January 11, 2024, Proofpoint blocked a large volume campaign consisting of several thousand emails targeting North America. Invoice-themed emails had attached PDFs with names such as “Document_.pdf” and various subjects such as “Project achievements”. The PDFs contained OneDrive ...

  • Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware

    January 18, 2024

    Over the years, TAG has analyzed a range of persistent threats including COLDRIVER (also known as UNC4057, Star Blizzard and Callisto), a Russian threat group focused on credential phishing activities against high profile individuals in NGOs, former intelligence and military officers, and NATO governments. In order to gain the trust of targets, COLDRIVER often utilizes impersonation ...

  • Thousands of Android TV boxes hit by dangerous new malware-dropping botnet

    January 18, 2024

    A group of hackers has been secretly building a botnet of Android TV and eCos set-top boxes, and then monetizing the access to earn masses of wealth, researchers have warned. Cybersecurity experts from Qianxin Xlabs dubbed the operation “Bigpanzi”, and claim there are some 170,000 daily active bots. Given that not all endpoints are active at ...

  • 7777-Botnet Infection Vectors

    January 18, 2024

    In October 2023, the 7777-Botnet was first discussed in a writeup titled, The Curious Case of the 7777-Botnet. The author, supported by other researchers, describes a ~10,000 node botnet that’s purpose is to brute-force Microsoft Azure user credentials. It employs targeted, low-volume methods that are so effective that they were only discovered due to a geolocation ...

  • The dangers of quadruple blow ransomware attacks

    January 18, 2024

    For the first time, a ransomware gang has reported one of its victims to the authorities. This has never happened before and shows the continuing evolution of their business models to maintain pressure on the victim organisations. With this new mechanism, criminal actors are using the threat of potential regulatory fines as an additional incentive for ...

  • JPMorgan spends $15 billion a year on technology, given the risk of a data breach

    January 17, 2024

    JPMorgan Chase’s banking systems are attacked by hackers 45 billion a day, double what it saw a year earlier. The nation’s largest bank spends $15 billion a year on technology, given the risk of a data breach and the potentially devastating consequences of a successful cyber attack, Mary Callahan Erdoes, chief executive of the bank’s Asset ...

  • Ivanti vulnerabilities now actively exploited in massive numbers

    January 17, 2024

    The researchers that discovered the active exploitation are warning that these attacks are now very widespread. The fact that there are no patches available and users were asked to apply a workaround and monitor their network traffic for suspicious activity, may have contributed to the slow response to the sounded alarms. Almost 7000 devices remain vulnerable ...

  • PSA: Anyone can tell if you are using WhatsApp on your computer

    January 17, 2024

    Anyone who knows your WhatsApp number can figure out if you are only using the mobile app, or its companion web or desktop apps, a security researcher found. Tal Be’ery, the co-founder and CTO of crypto wallet maker ZenGo, found that it’s possible to determine whether a user on WhatsApp is using more than just the ...

  • New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs

    January 17, 2024

    Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm (PHOSPHORUS) targeting high-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom, and the United States. In this campaign, Mint Sandstorm used bespoke phishing lures in an attempt to socially engineer targets into downloading ...

  • NATO releases first ever quantum strategy

    January 17, 2024

    Quantum technologies are getting closer to revolutionizing the world of innovation and can be game-changers for security, including modern warfare. Ensuring that the Alliance is ”quantum-ready” is the aim of NATO’s first-ever quantum strategy that was approved by NATO Foreign Ministers on 28 November. On Wednesday 17 January 2024, NATO releases a summary of the strategy. ...