New ransomware attacks in Ukraine linked to Russian Sandworm hackers

New ransomware attacks targeting organizations in Ukraine first detected this Monday have been linked to the notorious Russian military threat group Sandworm. Slovak software company ESET who first spotted this wave of attacks, says the ransomware they named RansomBoggs has Read More …

Earth Preta Spear-Phishing Governments Worldwide

Trend Micro researchers have been monitoring a wave of spear-phishing attacks targeting the government, academic, foundations, and research sectors around the world. Based on the lure documents researchers observed in the wild, this is a large-scale cyberespionage campaign that began Read More …

CISA and FBI Release Advisory on Iranian Government-Sponsored APT Actors Compromising Federal Network

Today, CISA and the Federal Bureau of Investigation (FBI) published a joint Cybersecurity Advisory (CSA), Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester. The CSA provides information on an incident at a Federal Civilian Executive Branch Read More …

Pro-Russian hackers claim cyber attack on FBI website

A group of pro-Russian hackers claimed to hack into the FBI website this week, the latest in a string of supposed attacks on U.S. government websites. The group Killnet took responsibility for infiltrating the website on its Telegram page Monday. Read More …

Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries

State-sponsored actors compromised a digital certificate authority in an Asian country during a campaign in which multiple government agencies were also targeted. Symantec, by Broadcom Software, was able to link this activity to a group we track as Billbug due Read More …

DTrack activity targeting Europe and Latin America

DTrack is a backdoor used by the Lazarus group. Initially discovered in 2019, the backdoor remains in use three years later. It is used by the Lazarus group against a wide variety of targets. For example, Kaspersky researchers seen it Read More …

Hack the Real Box: APT41’s New Subgroup Earth Longzhi

In early 2022, Trend Micro investigated an incident that compromised a company in Taiwan. The malware used in the incident was a simple but custom Cobalt Strike loader. After further investigation, however, we found incidents targeting multiple regions using a Read More …

SolarWinds says it’s facing SEC ‘enforcement action’ over 2020 hack

The long hangover from a 2020 state-sponsored compromise still isn’t over for SolarWinds, as the software giant targeted by Russian government hackers has to pony up $26 million to shareholders and face possible enforcement action from the federal government. In Read More …

OPERA1ER APT in Africa

In 2019, Group-IB Threat Intelligence team detected a series of targeted attacks on financial organizations in Africa. Later in 2020, our professionals in collaboration with Orange, managed to piece together the seemingly disparate attacks into a single timeline and successfully Read More …