Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks

Cybercriminals and Advanced Persistent Threat (APT) actors share a common interest in proxy anonymization layers and Virtual Private Network (VPN) nodes to hide traces of their presence and make detection of malicious activities more difficult. This shared interest results in Read More …

Positive Technologies detects a series of attacks via Microsoft Exchange Server

While responding to an incident, the Incident Response team of Positive Technologies Expert Security Center (PT ESC) discovered an unknown keylogger embedded in the main Microsoft Exchange Server page of one of our customers. This keylogger was collecting account credentials Read More …

Springtail: New Linux Backdoor Added to Toolkit

Symantec’s Threat Hunter Team has uncovered a new Linux backdoor developed by the North Korean Springtail espionage group (aka Kimsuky) that is linked to malware used in a recent campaign against organizations in South Korea. The backdoor (Linux.Gomir) appears to Read More …

Tracking the Progression of Earth Hundun’s Cyberespionage Campaign in 2024

In their previous report, Trend Micro researchers introduced the sophisticated cyberespionage campaign orchestrated by Earth Hundun, a threat actor known for targeting the Asia-Pacific region using the Waterbear malware and its latest iteration, Deuterbear. We first observed Deuterbear being used Read More …

SugarGh0st RAT Used to Target American Artificial Intelligence Experts

Proofpoint recently identified a SugarGh0st RAT campaign targeting organizations in the United States involved in artificial intelligence efforts, including those in academia, private industry, and government service. Proofpoint tracks the cluster responsible for this activity as UNK_SweetSpecter. SugarGh0st RAT is Read More …

FBI Leak Exposes Alleged Order for Warrantless Spying on Americans by Agency Personnel

There is a new leak from the Federal Bureau of Investigation (FBI) centering on an official who allegedly sent out an email that asks for warrantless spying on Americans, urging employees to find ways to do so. It was allegedly Read More …

Germany recalls envoy to Russia over cyberattack

The German ambassador to Russia was recalled for consultations on Monday after Berlin accused Moscow of carrying out cyberattacks. A newly concluded government investigation found the cyberattack had been carried out by a group — linked to Moscow’s GRU military Read More …

Scaly Wolf’s new loader: the right tool for the wrong job

The BI.ZONE Threat Intelligence team has uncovered a fresh campaign by the group targeting Russian and Belarusian organizations. The threat actors are distributing phishing emails under the guise of a federal agency. The emails have a legitimate document as an Read More …

Governments issue alerts after ‘sophisticated’ state-backed actor found exploiting flaws in Cisco security boxes

A previously unknown and “sophisticated” nation-state group compromised Cisco firewalls as early as November 2023 for espionage purposes — and possibly attacked network devices made by other vendors including Microsoft, according to warnings from the networking giant and three Western Read More …

Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

Microsoft Threat Intelligence is publishing results of our longstanding investigation into activity by the Russian-based threat actor Forest Blizzard (STRONTIUM) using a custom tool to elevate privileges and steal credentials in compromised networks. Since at least June 2020 and possibly Read More …