Iranian Cyber Group Emennet Pasargad Conducting Hack-and-Leak Operations Using False-Flag Personas

The FBI is providing information concerning ongoing hack-and-leak cyber operations conducted by Iranian cyber group Emennet Pasargad. According to FBI information, since at least 2020, Emennet targeted entities primarily in Israel with cyber-enabled information operations that included an initial intrusion, Read More …

Budworm: Espionage Group Returns to Targeting U.S. Organizations

The Budworm espionage group has mounted attacks over the past six months against a number of strategically significant targets, including the government of a Middle Eastern country, a multinational electronics manufacturer, and a U.S. state legislature. The latter attack is Read More …

Hacking group POLONIUM uses ‘Creepy’ malware against Israel

Security researchers reveal previously unknown malware used by the cyber espionage hacking group ‘POLONIUM,’ threat actors who appear to target Israeli organizations exclusively. According to ESET, POLONIUM uses a broad range of custom malware against engineering, IT, law, communications, marketing, Read More …

Criminal multitool LilithBot arrives on malware-as-a-service scene

A Russia based threat group that set up a malware distribution shop earlier this year is behind a Swiss Army knife-like botnet that comes with a range of other malicious capabilities, from stealing information to mining cryptocurrency. That’s according to Read More …

Initial access broker repurposing techniques in targeted attacks against Ukraine

As the war in Ukraine continues, TAG is tracking an increasing number of financially motivated threat actors targeting Ukraine whose activities seem closely aligned with Russian government-backed attackers. This post provides details on five different campaigns conducted from April to Read More …

Russian Hackers Reveal List of American Targets for Attack

A pro-Russian computer hacking cell announced it will be launching a series of cyber attacks on a number of United States government websites in an apparent response to escalating tensions between the country and the North Atlantic Treaty Organization (NATO). Read More …

Prilex: the pricey prickle credit card complex

Prilex is a Brazilian threat actor that has evolved out of ATM-focused malware into modular point-of-sale malware. The group was behind one of the largest attacks on ATMs in the country, infecting and jackpotting more than 1,000 machines, while also Read More …

New hacking group ‘Metador’ lurking in ISP networks for months

A previously unknown threat actor that researchers have named ‘Metador’ has been breaching telecommunications, internet services providers (ISPs), and universities for about two years. Metador targets organizations in the Middle East and Africa and their purpose appears to be long-term Read More …