On July 25, 2024, the United States Department of Justice (DOJ) indicted an individual linked to the North Korean threat actor that Microsoft tracks as Onyx Sleet.
Microsoft Threat Intelligence collaborated with the Federal Bureau of Investigation (FBI) in tracking activity associated with Onyx Sleet. Microsoft will continue to closely monitor Onyx Sleet’s activity to assess changes following the indictment. First observed by Microsoft in 2014, Onyx Sleet has conducted cyber espionage through numerous campaigns aimed at global targets with the goal of intelligence gathering. More recently, it has expanded its goals to include financial gain.
Read more…
Source: Microsoft
Related:
- Critical Security Incident involving GitHub Action tj-action/changed-files
March 17, 2025
A critical security incident involving the tj-actions/changed-files GitHub Action has been reported. The changed-files action, which allows GitHub repositories to track file changes, has been tampered with to allow the exposure through GitHub Actions build logs of CI/CD secrets, including passwords, tokens, API keys, PII and other sensitive data that have been embedded within software code. ...
- Infamous ransomware hackers reveal new tool to brute-force VPNs
March 17, 2025
The “BRUTED” tool has apparently been in use for years now, according to cybersecurity researchers EclecticIQ, who have been sifting through the recently-leaked Black Basta chat logs, which were leaked and subsequently uploaded to a GPT for easier analysis. Besides being used to analyze the group’s structure, organization, and activities, researchers used it to identify the ...
- StilachiRAT analysis: From system reconnaissance to cryptocurrency theft
March 17, 2025
In November 2024, Microsoft Incident Response researchers uncovered a novel remote access trojan (RAT) they named StilachiRAT that demonstrates sophisticated techniques to evade detection, persist in the target environment, and exfiltrate sensitive data. Analysis of the StilachiRAT’s WWStartupCtrl64.dll module that contains the RAT capabilities revealed the use of various methods to steal information from the target ...
- Exploitation of Apache Tomcat Vulnerability CVE-2025-24813
March 17, 2025
The Apache Software Foundation has released security updates addressing a vulnerability in Apache Tomcat. Tomcat is an open-source web server and servlet container that is used to deploy and serve Java-based web applications. CVE-2025-24813 is ‘deserialisation of untrusted data’ and ‘path equivalence: file.name (Internal dot)’ vulnerability that an attacker could exploit to achieve remote code execution ...
- Research on iOS apps shows widespread exposure of secrets
March 14, 2025
Researchers found that most of the apps available on Apple’s App Store leak at least one hard-coded secret. The researchers looked at 156,000 iOS apps and discovered more than 815,000 hardcoded secrets, including very sensitive secrets like keys to cloud storage, various Application Programming Interfaces (APIs), and even payment processors. The researchers noted how: “The average ...
- UK National Crime Agency officer charged following alleged Bitcoin theft
March 13, 2025
An officer from the National Crime Agency (NCA) has been charged after the alleged theft of Bitcoin. Paul Chowles, 42, from Bristol, is charged with 15 offences relating to the alleged theft of 50 Bitcoin during an investigation into online organised crime, a spokeswoman for Merseyside Police said. According to the force, the cryptocurrency was worth ...