Inside Water Barghest’s Rapid Exploit-to-Market Strategy for IoT Devices

There is a big incentive for both espionage motivated actors and financially motivated actors to set up proxy botnets. These can serve as an anonymization layer, which can provide plausibly geolocated IP addresses to scrape contents of websites, access stolen Read More …

Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology

In late 2022, Mandiant responded to a disruptive cyber physical incident in which the Russia-linked threat actor Sandworm targeted a Ukrainian critical infrastructure organization. This incident was a multi-event cyber attack that leveraged a novel technique for impacting industrial control Read More …

CISA and International Partners Release Malware Analysis Report on Infamous Chisel Mobile Malware

Today, the United Kingdom’s National Cyber Security Centre (NCSC-UK), the United States’ Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI), New Zealand’s National Cyber Security Centre (NCSC-NZ), the Canadian Centre for Cyber Read More …

Detecting BPFDoor Backdoor Variants Abusing BPF Filters

Advanced persistent threat (APT) groups have broadened their focus to include Linux and cloud servers in the past few years. Noticeable examples include ransomware groups targeting VMware ESXi servers, Mirai botnet variants, and groups targeting the cloud with stealers and Read More …

Ukraine: Sandworm hackers hit news agency with 5 data wipers

The Ukrainian Computer Emergency Response Team (CERT-UA) found a cocktail of five different data-wiping malware strains deployed on the network of the country’s national news agency (Ukrinform) on January 17th. “As of January 27, 2023, 5 samples of malicious programs Read More …

New ransomware attacks in Ukraine linked to Russian Sandworm hackers

New ransomware attacks targeting organizations in Ukraine first detected this Monday have been linked to the notorious Russian military threat group Sandworm. Slovak software company ESET who first spotted this wave of attacks, says the ransomware they named RansomBoggs has Read More …

Russian Sandworm hackers pose as Ukrainian telcos to drop malware

The Russian state-sponsored hacking group known as Sandworm has been observed masquerading as telecommunication providers to target Ukrainian entities with malware. Sandworm is a state-backed threat actor attributed by the US government as part of the Russian GRU foreign military Read More …

Ukraine says it thwarted Russian cyberattack on electricity grid

Ukraine said on Tuesday it had thwarted an attempt by Russian hackers last week to damage its electricity grid with a cyberattack. “This is a military hacking team,” said government spokesman Victor Zhora. “Their aim was to disable a number Read More …

DoJ takes down Russian botnet that targeted WatchGuard and Asus routers

The US Justice Department in March carried out an operation that successfully removed malware known as “Cyclops Blink” from vulnerable internet-connected firewall devices, the department announced Wednesday. The operation disrupted the control the Russian Federation’s Main Intelligence Directorate (GRU) had Read More …

France links Russian Sandworm hackers to hosting provider attacks

The French national cyber-security agency has linked a series of attacks that resulted in the breach of multiple French IT providers over a span of four years to the Russian-backed Sandworm hacking group. ANSSI (short for Agence Nationale de la Read More …