Apple alerts users in 92 nations to mercenary spyware attacks

Apple sent threat notifications to iPhone users in 92 countries on Wednesday, warning them that may have been targeted by mercenary spyware attacks. The company sent the alerts to individuals in 92 nations at 12pm Pacific Time Wednesday. It did Read More …

LazyStealer: Sophisticated does not mean better

In the first quarter of 2024, researchers from Positive Technologies Expert Security Center (PT ESC) detected a series of attacks targeting government organizations in Russia, Belarus, Kazakhstan, Uzbekistan, Kyrgyzstan, Tajikistan, and Armenia. The research team could not find any links Read More …

Why the threat of a ‘nightmare’ Chinese supercomputer just got a step closer

A cyber security official at the US State Department had noticed something unusual. An internal IT security system, nicknamed “Big Yellow Taxi”, had flagged unusual activity on its corporate Microsoft account. The tech team quickly raised its concerns to Microsoft, Read More …

Cloud Werewolf spearphishes Russian and Belarus government employees with fake spa vouchers and federal decrees

The BI.ZONE Threat Intelligence team has revealed another campaign by Cloud Werewolf aiming at Russian and Belarusian government organizations. According to the researchers, the group ran at least five attacks in February and March. The adversaries continue to rely on Read More …

Chinese hackers targeted UK’s Electoral Commission and politicians, say security services

Chinese state-backed hackers were responsible for two “malicious” digital campaigns targeting the UK’s democratic institutions and politicians, the security services have found. The UK holds China responsible for a prolonged cyber-attack on the Electoral Commission during which Beijing allegedly accessed Read More …

APT29 Uses WINELOADER to Target German Political Parties

In late February 2024, Mandiant identified APT29 — a Russian Federation backed threat group linked by multiple governments to Russia’s Foreign Intelligence Service (SVR) — conducting a phishing campaign targeting German political parties. Consistent with APT29 operations extending back to Read More …

Bringing Access Back — Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect

During the course of an intrusion investigation in late October 2023, Mandiant observed novel N-day exploitation of CVE-2023-46747 affecting F5 BIG-IP Traffic Management User Interface. Additionally, in February 2024, Mandiant researchers observed exploitation of Connectwise ScreenConnect CVE-2024-1709 by the same Read More …

Mysterious Werewolf hits defense industry with new RingSpy backdoor

The criminal group gains initial access through phishing emails with a compressed executable that unleashes RingSpy, an original remote access backdoor The BI.ZONE Threat Intelligence team has detected a new campaign by Mysterious Werewolf, a cluster that has been active Read More …

Microsoft admits Russian state hack still not contained

Microsoft said Friday it’s still trying to evict the elite Russian government hackers who broke into the email accounts of senior company executives in November and who it said have been trying to breach customer networks with stolen access data. Read More …

European diplomats targeted by SPIKEDWINE with WINELOADER

Zscaler’s ThreatLabz discovered a suspicious PDF file uploaded to VirusTotal from Latvia on January 30th, 2024. This PDF file is masqueraded as an invitation letter from the Ambassador of India, inviting diplomats to a wine-tasting event in February 2024. The Read More …