News – May 2024


  • Guidance on the 911 S5 Residential Proxy Service

    May 29, 2024

    The Federal Bureau of Investigation (FBI), Defense Criminal Investigative Services (DCIS), and Department of Commerce (DOC) are publishing this announcement to notify the public of the dismantlement of the 911 S5 residential proxy service and to help individuals and businesses better understand and guard against 911 S5 proxy service and botnet. 911 S5 began operating in ...

  • Pakistani hackers target ‘Make in India’ defence programs

    May 28, 2024

    As per a report, three public sector defence equipment manufacturers as well as India’s security forces have been on the target of an espionage campaign run by a notorious Pakistani hacking group with suspected links to its military. Transparent Tribe, known as Advanced Persistent Threat (APT) 36 among cybersecurity professionals, has been targeting employees in defence ...

  • Static Unpacking For The Widespread NSIS-Based Malicious Packer Family

    May 28, 2024

    Packers or crypters are widely used to protect malicious software from detection and static analysis. These auxiliary tools, through the use of compression and encryption algorithms, enable cybercriminals to prepare unique samples of malicious software for each campaign or even per victim, which complicates the work of antivirus software. In the case of certain packers, classifying ...

  • Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks

    May 28, 2024

    Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet (formerly Storm-1789), that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for its financial and cyberespionage objectives. Moonstone Sleet is observed to set up fake companies and job ...

  • pcTattleTale spyware leaks database containing victim screenshots, gets website defaced

    May 28, 2024

    The idea behind the software is simple. When the spying party installs the stalkerware, they grant permission to record what happens on the targeted Android or Windows device. The observer can then log in on an online portal and activate recording, at which point a screen capture is taken on the target’s device. What goes around ...

  • ABN Amro on alert as supplier hit by ransomware attack

    May 28, 2024

    ABN Amro is warning customers that their personal details may be at risk after a ransomware attack at one its supplier. The ransomware attack was inflicted on AddComm, which distributes documents and tokens physically and digitally to ABN Amro clients and employees. External cybersecurity experts are currently investigating exactly what data has been stolen at AddComm. Read ...

  • Spying, hacking and intimidation: Israel’s nine-year ‘war’ on the ICC exposed

    May 28, 2024

    When the chief prosecutor of the International criminal court (ICC) announced he was seeking arrest warrants against Israeli and Hamas leaders, he issued a cryptic warning: “I insist that all attempts to impede, intimidate or improperly influence the officials of this court must cease immediately.” Now, an investigation by the Guardian and the Israeli-based magazines +972 ...

  • Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks

    May 27, 2024

    Cybercriminals and Advanced Persistent Threat (APT) actors share a common interest in proxy anonymization layers and Virtual Private Network (VPN) nodes to hide traces of their presence and make detection of malicious activities more difficult. This shared interest results in malicious internet traffic blending financial and espionage motives. A prominent example of this includes a cybercriminal ...

  • Threat landscape for industrial automation systems, Q1 2024

    May 27, 2024

    In the first quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.3 pp from the previous quarter to 24.4%. Compared to the first quarter of 2023, the percentage decreased by 1.3 pp. Building automation has historically led the surveyed industries in terms of the percentage of ICS computers ...

  • Data breach at medical giant Cencora exposes info from multiple drug companies

    May 27, 2024

    Almost a dozen pharmaceutical companies, including several major players, have lost sensitive customer data due to a supply chain cyberattack that trickled down from pharma giant Cencora. In late February 2024, drug wholesale company Cencora (previously known as AmerisourceBergen) filed a Form 8-K with the Securities and Exchange Commission (SEC), reporting a data breach incident, without ...