In the spring of 2024, posts with real people’s personal data began appearing on the -=TWELVE=- Telegram channel. Soon it was blocked for falling foul of the Telegram terms of service.
The group stayed off the radar for several months, but as Kaspersky researchers investigated a late June 2024 attack, they found that it employed techniques identical to those of Twelve and relied on C2 servers linked to the threat actor. Kaspersky researchers are therefore confident that the group is still active and will probably soon resurface. This article uses the Unified Kill Chain methodology to analyze the attackers’ actions.
Read more…
Source: Kaspersky
Related:
- India arrests man accused of running $96 billion crypto exchange at request of US
March 12, 2025
Indian authorities have arrested a Lithuanian man wanted by the US for allegedly running a $96 billion cryptocurrency exchange that allowed terrorist organizations, drug traffickers and cybercriminals to launder money. The arrest caps an intense US-led manhunt for Aleksej Besciokov, that escalated last week with the seizure of the crypto exchange, the freezing of $26 million ...
- Bank Of America Alerts Customers To Data Breach, Offers Identity Theft Protection For Affected Accounts
March 11, 2025
The Bank of America has alerted a small group of its customers about a data breach that may have exposed confidential information. The breach, which took place on December 30, was a result of improper handling of confidential documents by a third-party document destruction service provider. The breach could have potentially exposed sensitive data, including personal ...
- Thousands of TP-Link routers have been infected by a botnet to spread malware
March 11, 2025
According to a new report from the Cato CTRL team, the Ballista botnet exploits a remote code execution vulnerability that directly impacts the TP-Link Archer AX-21 router. The botnet can lead to command injection which then makes remote code execution (RCE) possible so that the malware can spread itself across the internet automatically. This high severity ...
- New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects
March 11, 2025
Microsoft Threat Intelligence has uncovered a new variant of XCSSET, a sophisticated modular macOS malware that infects Xcode projects, in the wild during routine threat hunting. Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies. These enhanced features help this malware family steal and ...
- DCRat backdoor returns
March 11, 2025
Since the beginning of the year, Kaspersky researchers have been tracking in their telemetry a new wave of DCRat distribution, with paid access to the backdoor provided under the Malware-as-a-Service (MaaS) model. The cybercriminal group behind it also offers support for the malware and infrastructure setup for hosting the C2 servers. Distribution The DCRat backdoor is ...
- Cybersecurity Meets DUI Defense: Protecting Personal Data During Legal Battles
March 11, 2025
In today’s digital age, the intersection of cybersecurity and legal defense has never been more critical. Individuals facing DUI charges often find themselves not only defending against legal penalties but also safeguarding their personal data. Protecting personal data during legal battles is essential, as it can significantly impact the outcome of a case and one’s ...