MysterySnail attacks IT companies, defence contractors and diplomatic entities with Windows zero-day

In late August and early September 2021, Kaspersky technologies detected attacks with the use of an elevation of privilege exploit on multiple Microsoft Windows servers. The exploit had numerous debug strings from an older, publicly known exploit for vulnerability CVE-2016-3309, Read More …

Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors

DEV-0343 is a new activity cluster that the Microsoft Threat Intelligence Center (MSTIC) first observed and began tracking in late July 2021. MSTIC has observed DEV-0343 conducting extensive password spraying against more than 250 Office 365 tenants, with a focus Read More …

Microsoft: Russian state hackers behind 53% of attacks on US govt agencies

Microsoft says that Russian-sponsored hacking groups are increasingly targeting US government agencies, with roughly 58% of all nation-state attacks observed by Microsoft between July 2020 and June 2021 coming from Russia. “Russian nation-state actors are increasingly targeting government agencies for Read More …

BlackBerry ties malware campaign targeting victims in India to Chinese cyberespionage group

The BlackBerry Research & Intelligence team released a new report on Tuesday linking disparate malware campaigns to Chinese cyberespionage group APT41, noting that the group has been taking advantage of Cobalt Strike activity using a bespoke Malleable C2 Profile that Read More …

New APT ChamelGang Targets Russian Energy, Aviation Orgs

A new APT group has emerged that’s specifically targeting the fuel and energy complex and aviation industry in Russia, exploiting known vulnerabilities like Microsoft Exchange Server’s ProxyShell and leveraging both new and existing malware to compromise networks. Researchers at security Read More …

GhostEmperor: From ProxyLogon to kernel mode

While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. This cluster stood out for its usage of a formerly unknown Windows kernel mode rootkit that Read More …

Fake Amnesty International Pegasus scanner used to infect Windows

Threat actors are trying to capitalize on the recent revelations on Pegasus spyware from Amnesty International to drop a less-known remote access tool called Sarwent. The malware looks and acts the part of a legitimate antivirus solution specially created to Read More …

New advanced hacking group targets governments, engineers worldwide

A new hacking group targeting entities worldwide to spy on them has been unmasked by researchers. Dubbed FamousSparrow by ESET, on Thursday, the team said that the advanced persistent threat (APT) group — many of whom are state-sponsored — is Read More …