Sapphire Werewolf polishes Amethyst stealer to attack over 300 companies

Since March 2024, the BI.ZONE Threat Intelligence team has been tracking the cluster of activity dubbed Sapphire Werewolf. The threat actor targets Russia’s industries, such as education, manufacturing, IT, defense, and aerospace engineering. Over 300 attacks were carried out using Read More …

Pakistani hackers target ‘Make in India’ defence programs

As per a report, three public sector defence equipment manufacturers as well as India’s security forces have been on the target of an espionage campaign run by a notorious Pakistani hacking group with suspected links to its military. Transparent Tribe, Read More …

Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks

Cybercriminals and Advanced Persistent Threat (APT) actors share a common interest in proxy anonymization layers and Virtual Private Network (VPN) nodes to hide traces of their presence and make detection of malicious activities more difficult. This shared interest results in Read More …

Positive Technologies detects a series of attacks via Microsoft Exchange Server

While responding to an incident, the Incident Response team of Positive Technologies Expert Security Center (PT ESC) discovered an unknown keylogger embedded in the main Microsoft Exchange Server page of one of our customers. This keylogger was collecting account credentials Read More …

Springtail: New Linux Backdoor Added to Toolkit

Symantec’s Threat Hunter Team has uncovered a new Linux backdoor developed by the North Korean Springtail espionage group (aka Kimsuky) that is linked to malware used in a recent campaign against organizations in South Korea. The backdoor (Linux.Gomir) appears to Read More …

Tracking the Progression of Earth Hundun’s Cyberespionage Campaign in 2024

In their previous report, Trend Micro researchers introduced the sophisticated cyberespionage campaign orchestrated by Earth Hundun, a threat actor known for targeting the Asia-Pacific region using the Waterbear malware and its latest iteration, Deuterbear. We first observed Deuterbear being used Read More …

SugarGh0st RAT Used to Target American Artificial Intelligence Experts

Proofpoint recently identified a SugarGh0st RAT campaign targeting organizations in the United States involved in artificial intelligence efforts, including those in academia, private industry, and government service. Proofpoint tracks the cluster responsible for this activity as UNK_SweetSpecter. SugarGh0st RAT is Read More …

FBI Leak Exposes Alleged Order for Warrantless Spying on Americans by Agency Personnel

There is a new leak from the Federal Bureau of Investigation (FBI) centering on an official who allegedly sent out an email that asks for warrantless spying on Americans, urging employees to find ways to do so. It was allegedly Read More …

Germany recalls envoy to Russia over cyberattack

The German ambassador to Russia was recalled for consultations on Monday after Berlin accused Moscow of carrying out cyberattacks. A newly concluded government investigation found the cyberattack had been carried out by a group — linked to Moscow’s GRU military Read More …

Scaly Wolf’s new loader: the right tool for the wrong job

The BI.ZONE Threat Intelligence team has uncovered a fresh campaign by the group targeting Russian and Belarusian organizations. The threat actors are distributing phishing emails under the guise of a federal agency. The emails have a legitimate document as an Read More …