Facebook on Wednesday said it took steps to dismantle malicious activities perpetrated by two state-sponsored hacking groups operating out of Palestine that abused its platform to distribute malware. The social media giant attributed the attacks to a network connected to the Preventive Security Service (PSS), the security apparatus of the […]
Threat Actors
Japanese law enforcement believes a group of hackers linked to the Chinese military are behind a broad cyber-espionage campaign that has breached more than 200 Japanese companies and organizations since at least 2016. Citing unidentified sources in a police investigation, multiple local media outlets reported today that Tokyo police had […]
A spear-phishing attack operated by a North Korean threat actor targeting its southern counterpart has been found to conceal its malicious code within a bitmap (.BMP) image file to drop a remote access trojan (RAT) capable of stealing sensitive information. Attributing the attack to the Lazarus Group based on similarities […]
In a novel approach to ransom demands, a new ransomware calling itself ‘NitroRansomware’ encrypts victim’s files and then demands a Discord Nitro gift code to decrypt files. While Discord is free, they offer a Nitro subscription add-on for $9.99 per month that provides additional perks, such as larger uploads, HD […]
Ransomware confirms to be one of the most pervasive threats of the last years. We saw during these last years the infamous phenomenon of Double Extorsion, where well-organized cyber-criminal groups perform highly sophisticated red team operations to achieve the highest level of privileges inside the perimeter of victim networks and, before releasing the ransomware, they steal all the […]
This post is also available in: 日本語 (Japanese) Executive Summary The recently discovered and patched Microsoft Exchange vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065) have garnered considerable attention due to their mass exploitation and the severity of impact each exploitation has on the affected organization. On March 6, 2021, an unknown […]
Cryptocurrency Fraud , Cybercrime , Cyberwarfare / Nation-State Attacks Magecart-Style Attacks Included Bitcoin-Grabbing Functionality, Group-IB Reports Mathew J. Schwartz (euroinfosec) • April 15, 2021 Fake payment form, which opens in an iFrame element, discovered in Magecart-style attacks attributed to Lazarus (Source: Group-IB) Hackers with apparent ties to North […]
Many of us who read the news daily encounter a regular drum beat of ransomware stories that are both worrying and heartbreaking. And what many of us don’t realize is that they are often interconnected. Some of the gangs behind the ransomware campaigns that we read about have established a […]
Fake banking apps laced with malware continue to be an effective tool for threat actors. For the Yanbian Gang, a criminal group centered in Yanbian, China, that targets organizations across Asia, it’s a craft they’ve been improving on for over a decade. The Yanbian Gang has targeted South Korean Android […]
Thanks in large part to the global pandemic, collaboration platforms like Discord and Slack have taken up intimate positions in our lives, helping maintain personal ties despite physical isolation. But their increasingly integral role has also made them a powerful avenue for delivering malware to unwitting victims—sometimes in unexpected ways. […]