Tropic Trooper (also known as KeyBoy and Pirate Panda) is an APT group active since 2011. This group has traditionally targeted sectors such as government, healthcare, transportation and high-tech industries in Taiwan, the Philippines and Hong Kong.
Kaspersky recent investigation has revealed that in 2024 they conducted persistent campaigns targeting a government entity in the Middle East, starting in June 2023. Sighting this group’s TTPs in critical governmental entities in the Middle East, particularly those related to human rights studies, marks a new strategic move for them. This can help the threat intelligence community better understand the motives of this threat actor.
Read more…
Source: Kaspersky
Related:
- Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal
March 24, 2022
A 16-year-old from Oxford has been accused of being one of the leaders of cyber-crime gang Lapsus$. The teenager, who is alleged to have amassed a $14m (£10.6m) fortune from hacking, has been named by rival hackers and researchers. City of London Police say they have arrested seven teenagers in relation to the gang but will not ...
- Lockbit wins ransomware speed test, encrypts 25,000 files per minute
March 23, 2022
Ransomware moves more quickly than most organizations can respond. Though knowing they have a specific limited window should help inform where to put their defenses, according to security data shop Splunk. The vendor’s research team Surge today published research on how long it takes 10 of the big ransomware families including Lockbit, Conti, and REvil to ...
- Italy’s state railway may have been target of cyber attack
March 23, 2022
Italian railway company Ferrovie dello Stato Italiane (FS) said on Wednesday it had temporarily halted some ticket sale services as it feared they had been targeted by a cyber attack. “Since this morning, elements that could be linked to a cryptolocker infection have been detected on the computer network of Trenitalia and RFI,” the company said ...
- Microsoft confirms it was breached by hacker group
March 23, 2022
Microsoft has confirmed it was breached by the hacker group Lapsus$, adding to the cyber gang’s growing list of victims. In a blog post late Tuesday, Microsoft said Lapsus$ had compromised one of its accounts, resulting in “limited access” to company systems but not the data of any Microsoft customers.” Our cybersecurity response teams quickly engaged to ...
- Corrupted open-source software enters the Russian battlefield
March 22, 2022
It started as an innocent protest. Npm, JavaScript’s package manager maintainer RIAEvangelist, Brandon Nozaki Miller, wrote and published an open-code npm source-code package called peacenotwar. It did little except add a protest message against Russia’s invasion of Ukraine. But then, it took a darker turn: It began destroying computers’ file systems. To be exact, Miller added ...
- Authentication oufit Okta investigating Lapsus$ breach report
March 22, 2022
The Lapsus$ extortion crew has turned its attention to identity platform Okta and published screenshots purportedly showing the group gaining access to the company’s internals. The incident follows the group’s claim over the weekend that it had made off with chunks of Microsoft’s code. However, a compromise at Okta could be altogether more serious since the ...