In the spring of 2024, posts with real people’s personal data began appearing on the -=TWELVE=- Telegram channel. Soon it was blocked for falling foul of the Telegram terms of service.
The group stayed off the radar for several months, but as Kaspersky researchers investigated a late June 2024 attack, they found that it employed techniques identical to those of Twelve and relied on C2 servers linked to the threat actor. Kaspersky researchers are therefore confident that the group is still active and will probably soon resurface. This article uses the Unified Kill Chain methodology to analyze the attackers’ actions.
Read more…
Source: Kaspersky
Related:
- FBI Warns of Scammers Impersonating the IC3
April 18, 2025
The Federal Bureau of Investigation (FBI) warns the public about an ongoing fraud scheme where criminal scammers are impersonating FBI Internet Crime Complaint Center (IC3) employees to deceive and defraud individuals. Between December 2023 and February 2025, the FBI received more than 100 reports of IC3 impersonation scams. How It Works Complainants report initial contact from the ...
- IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia
April 17, 2025
Day after day, threat actors create new malware to use in cyberattacks. Each of these new implants is developed in its own way, and as a result gets its own destiny – while the use of some malware families is reported for decades, information about others disappears after days, months or several years. Kaspersky researchers observed ...
- Cisco Releases Security Advisory for Webex App
April 17, 2025
Cisco has released a security advisory to address a high severity vulnerability affecting Webex App, regardless of configuration or operating system. Cisco Webex is a web conferencing software solution. CVE-2025-20236 is an ‘insufficient input validation’ vulnerability with a CVSSv3 score of 8.8. If exploited, a remote, unauthenticated attacker could achieve remote code execution (RCE) by persuading ...
- Hi, robot: Half of all internet traffic now automated
April 16, 2025
Traffic from “bad bots”—those created with malicious intent—first surpassed good bot traffic in 2016, Imperva’s research said, and it’s been getting worse. Bad bots comprised 37% of internet traffic in 2024, up from 32% the year prior. Good bots accounted for just 14% of the internet’s traffic. Bad bots do all kinds of unpleasant things. An ...
- Apple says zero-day bugs exploited against ‘specific targeted individuals’ using iOS
April 16, 2025
Apple has released new software updates across its product line to fix two security vulnerabilities, which the company said may have been actively used to hack customers running its mobile software, iOS. In security advisories posted on its website, Apple confirmed it fixed the two zero-day vulnerabilities, which “may have been exploited in an extremely sophisticated ...
- Chinese police put 3 U.S. operatives on wanted list over cyberattacks
April 15, 2025
Police authorities in Harbin, in northeast China’s Heilongjiang Province, said on Tuesday that they are pursuing three operatives affiliated with the U.S. National Security Agency (NSA) over suspected cyberattacks against China. The Harbin public security bureau said that the three operatives — Katheryn A. Wilson, Robert J. Snelling, and Stephen W. Johnson — had been ...