News • Insights • Analysis
The use of legitimate Windows tools as part of malicious actors’ malware arsenal has become a common observation in cyber incursions in recent years. We’ve discussed such use in a previous article where PsExec, Windows Management Instrumentation (WMI), simple batch Read More …
The Minister for Foreign Affairs of Belgium says multiple Chinese state-backed threat groups targeted the country’s defense and interior ministries. “Belgium exposes malicious cyber activities that significantly affected our sovereignty, democracy, security and society at large by targeting the FPS Read More …
Researchers following the activities of advanced persistent (APT) threat groups originating from China, North Korea, Iran, and Turkey say that journalists and media organizations have remained a constant target for state-aligned actors. The adversaries are either masquerading or attacking these Read More …
Cisco Talos recently discovered an ongoing campaign conducted by the Transparent Tribe APT group against students at various educational institutions in India. This campaign was partially covered by another security firm, but our findings reveal more details regarding the adversary’s Read More …
RaHDIt hackers have made public the data of one thousand employees of the Main Intelligence Directorate (GUR) of the military department of Ukraine. According to RIA Novosti, problems in protecting the networks of the Central Directorate of the Main Intelligence Read More …
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury (Treasury) are releasing this joint Cybersecurity Advisory (CSA) to provide information on Maui ransomware, which has been used by North Korean state-sponsored Read More …
Investigators at a blockchain analysis outfit have linked the theft of $100 million in crypto assets last week to the notorious North Korean-based cybercrime group Lazarus. The company said it had tracked the movement of some of the stolen cryptocurrency Read More …
The Evilnum hacking group is showing renewed signs of malicious activity, targeting European organizations that are involved in international migration. Evilnum is an APT (advanced persistent threat) that has been active since at least 2018 and had its campaign and Read More …
ToddyCat is a relatively new APT actor that we have not been able to relate to other known actors, responsible for multiple sets of attacks detected since December 2020 against high-profile entities in Europe and Asia. We still have little Read More …
The Ukrainian Computer Emergency Response Team (CERT) is warning that Russian hacking groups are exploiting the Follina code execution vulnerability in new phishing campaigns to install the CredoMap malware and Cobalt Strike beacons. The APT28 hacking group is believed to Read More …
