In the spring of 2024, posts with real people’s personal data began appearing on the -=TWELVE=- Telegram channel. Soon it was blocked for falling foul of the Telegram terms of service.
The group stayed off the radar for several months, but as Kaspersky researchers investigated a late June 2024 attack, they found that it employed techniques identical to those of Twelve and relied on C2 servers linked to the threat actor. Kaspersky researchers are therefore confident that the group is still active and will probably soon resurface. This article uses the Unified Kill Chain methodology to analyze the attackers’ actions.
Read more…
Source: Kaspersky
Related:
- U.S. Payment Processing Services Targeted by BGP Hijacking Attacks
August 6, 2018
According to a new report, three United States payment processing companies were targeted by BGP hijacking attacks on their DNS servers. These Internet routing attacks were designed to redirect traffic directed at the payment processors to servers controlled by malicious actors who would then attempt to steal the data. On three separate dates in July, Oracle ...
- Google Project Zero: ‘Here’s the secret to flagging up bugs before hackers find them’
August 3, 2018
Samsung’s utterly confusing vulnerability reporting website has prompted one of Google’s top security researchers to explain how companies should help researchers report bugs and eliminate hackable flaws in products quickly. Google’s Project Zero bug hunter, Natalie Silvanovich, who Microsoft has recognized as a top 10 researcher in the world, has a few tips for vendors of all types ...
- Poor cybersecurity could destabilise increasingly complex energy grids
July 26, 2018
The future of smart energy grids, with automatic management of both supply and demand, is “looking really interesting”, says Phil Kernick, chief technology officer at security firm CQR Consulting. But the current state of the technology and its security is a problem. “The distribution systems and the generation systems were deployed a decade and a half ...
- NetSpectre — New Remote Spectre Attack Steals Data Over the Network
July 26, 2018
A team of security researchers has discovered a new Spectre attack that can be launched over the network, unlike all other Spectre variants that require some form of local code execution on the target system. Dubbed “NetSpectre,” the new remote side-channel attack, which is related to Spectre variant 1, abuses speculative execution to perform bounds-check bypass ...
- Massive Malspam Campaign Finds a New Vector for FlawedAmmyy RAT
July 20, 2018
A widespread spam campaign from the well-known financial criminal group TA505 is spreading the FlawedAmmyy RAT using a brand-new vector: Weaponized PDFs containing malicious SettingContent-ms files. The SettingContent-ms file format was introduced in Windows 10; it allows a user to create “shortcuts” to various Windows 10 setting pages. “All this file does is open the Control Panel ...
- DDoS Attacks Get Bigger, Smarter and More Diverse
July 17, 2018
DDoS attacks are relentless. New techniques, new targets and a new class of attackers continue to reinvigorate one of the internet’s oldest nemeses. Distributed denial of service attacks, bent on taking websites offline by overwhelming domains or specific application infrastructure with massive traffic flows, continue to pose a major challenge to businesses of all stripes. Being ...