Cybercrime, the Renewable Energy sector targeted by an APT
The cybersecurity researcher Will Bushido discovered a cyber espionage campaign aimed to steal credential from at least 15 companies worldwide.
The Jerusalem Post website defaced for the Soleimani assassination anniversary
Cyber threats and geopolitical events are increasingly connected. Countries that can’t attack kinetically use cyber weapons to hit their enemies and increase pressure.
Cyber Espionage, Iran targets Middle East-Asia TLC Operators
Symantec cybersecurity experts: The MuddyWater APT (MERCURY, SeedWorm and TEMP.Zagros) used legitimate tools, publicly available malware, and living-off-the-land tactics.
Cybercrime, Nobelium exploits a new custom malware: Ceeloader
Mandiant cybersecurity experts: The APT (aka UNC2452) also shows two distinct clusters of activity, UNC3004 and UNC2652.
Cybercrime, APT’s last weapon is the RTF template injection
Proofpoint cybersecurity experts: Groups from India, Russia and China exploit this technique. The files have low detection rate by public antivirus.
Cyber Espionage, new Iranian APT uses MSHTML RCE to steal Google-Instagram credentials
Safe Breach Labs cybersecurity experts: The threat actor infects victims via Farsi phishing emails with a PowerShell stealer malware.
Cyber Espionage, IronHusky targets Defense and IT companies with MysterySnail
Kaspersky cybersecurity experts: The Chinese APT exploits the CVE-2021-40449 zero-day vulnerability in the Win32k kernel driver and the malware to escalate privileges.
Cyber Espionage, Nobelium uses FoggyWeb as a backdoor
Microsoft cybersecurity experts: The APT exploits it to remotely exfiltrate sensitive information from a compromised AD FS server.
Cyber Espionage, new variant of Konni malware has been used to target Russia
Malwarebytes cybersecurity experts: It is been potentially linked to the North Korean’s APT37. The malware is distributed via spear phishing with 2 weaponized documents.
Cyber Espionage, APT28 now exploits the SkinnyBoy backdoor
Cluster 25 cybersecurity experts: The Russia-linked APT spreads the malware via spear phishing campaigns on a international scientific event in Spain.