Budworm: Espionage Group Returns to Targeting U.S. Organizations

The Budworm espionage group has mounted attacks over the past six months against a number of strategically significant targets, including the government of a Middle Eastern country, a multinational electronics manufacturer, and a U.S. state legislature. The latter attack is Read More …

ADATA denies RansomHouse cyberattack, says leaked data from 2021 breach

Taiwanese chip maker ADATA denies claims of a RansomHouse cyberattack after the threat actors began posting stolen files on their data leak site. The RansomHouse gang added ADATA files to their data leak site on Tuesday, claiming they stole 1TB Read More …

Grandoreiro banking malware targets manufacturers in Spain, Mexico

The notorious ‘Grandoreiro’ banking trojan was spotted in recent attacks targeting employees of a chemicals manufacturer in Spain and workers of automotive and machinery makers in Mexico. The malware has been active in the wild since at least 2017 and Read More …

#StopRansomware: Zeppelin Ransomware

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known Zeppelin ransomware IOCs and TTPs associated with ransomware variants identified through FBI investigations as recently as 21 June Read More …

AMD targeted by RansomHouse, cybercrims claim to have ‘450Gb’ in stolen data

If claims hold true, AMD has been targeted by the extortion group RansomHouse, which says it is sitting on a trove of data stolen from the processor designer following an alleged security breach earlier this year. RansomHouse says it obtained Read More …

Microsoft 365 credentials targeted in new fake voicemail campaign

A new phishing campaign has been targeting U.S. organizations in the military, security software, manufacturing supply chain, healthcare and pharmaceutical sectors to steal Microsoft Office 365 and Outlook credentials. The operation is ongoing and the threat actor behind it uses Read More …

Exposing POLONIUM activity and infrastructure targeting Israeli organizations

Microsoft successfully detected and disabled attack activity abusing OneDrive by a previously undocumented Lebanon-based activity group Microsoft Threat Intelligence Center (MSTIC) tracks as POLONIUM. The associated indicators and tactics were used by the OneDrive team to improve detection of attack Read More …