Communication Barrier from KillNet
Active since at least January 2022, KillNet has evolved from initially a leased DDoS service to a full-fledged threat group. Group distributed denial of service (DDoS) attacks birth website servers to get hit. While KillNet's ties to official Russian government agencies, such as the Russian Federal Security Service (FSB) or the Russian Foreign Intelligence Service, have not been confirmed, the group is involved in the group, including the health services. should be viewed as a threat to government and critical infrastructure organizations.
ESXiArgs: The Consequences of Infection
ESXiArgs is a ransomware strain that has been reported to have infected over 3000 hosts in several countries, including France, Germany, the Netherlands, the U.K., and Ukraine. The ransomware is suspected to be based on the leaked Babuk ransomware code and is believed to be targeting end-of-life ESXi servers or ESXi servers that do not have the available ESXi software patches applied.
From Lazarus''No Pineapple''
The North Korean hacker group Lazarus APT 38 ,has been active since 2009. They were a group of criminals with an indeterminate number of criminals. However, due to their intended nature, methods, and threats on the web, they were classified as an Advanced Persistent Threat. The cybersecurity community gathers these under other names such as Zinc and Hidden Cobra.
The Face of Disaster: Turkey and Syria Earthquake
February 6, 2023, Turkey and Syria woke up to the morning of a major natural disaster. Two devastating earthquakes, 7.7 and 7.6 magnitudes, struck southeastern Turkey and Syria, with millions of people in dozens of different cities affected, and the death toll exceeded thousands. The Turkish government declared a Level 4 alert, the highest level, and requested international assistance for the disaster area.
Messy Adventures of Cozy Bear
Cozy Bear, also known as APT29, is a sophisticated advanced persistent threat (APT) group believed to be associated with the Russian government. The group has been active since at least 2008. It has been linked to several high-profile cyber espionage operations, including the 2016 hack of the Democratic National Committee (DNC) in the United States. Cozy Bear is known for its sophisticated techniques and ability to remain undetected for long periods of time within compromised networks.
Aoqin Dragon
Aoqin Dragon is a known threat actor that has been active since 2013 and primarily targets government, education, and telecommunication organizations in Southeast Asia and Australia.
Red Menshen: A Look into the Chinese Cyber Espionage Threat
Red Menshen, a China based threat actor, which has been observed targeting telecommunications providers across the U.S, Turkey, Middle East and Asia, as well as entities in the government, education, and logistics sectors using a custom backdoor referred as BPFDoor.
Glupteba: The Blockchain-Enabled Modular Malware
Glupteba is a complex and advanced form of malware that has been affecting Windows devices globally since 2019. It utilizes blockchain technology and has multiple modules that can be used for various malicious activities,
Exploit of Romcom RAT's
The RomCom RAT is a malicious software program used by a threat actor to remotely control compromised systems, often by impersonating well-known brands and deploying fake versions of legitimate software through phishing campaigns.
Bronze President
Bronze President is a likely Chinese government-sponsored threat group that has been active since at least 2012. It is known for conducting cyber-espionage campaigns targeting organizations and individuals in the Asia-Pacific region and beyond.
Who will be Earth Bogle's Victims in North Africa and the Middle East?
The campaign is active, and currently, threat actors are targeting victims with NjRAT (also known as Bladabindi) in the Middle East and North Africa.
StrongPity Expand It's Target
StrongPity, also known as APT-C-41 and Promethium, is a cyber espionage group that has been active since at least 2012. The group's initial focus was on targeting individuals and organizations in Syria and Turkey, but their campaigns have since expanded to encompass a wider range of targets across Africa, Asia, Europe, and North America. The group uses various methods such as watering hole attacks and phishing messages to infiltrate targeted systems and steal sensitive information. These attacks are designed to activate the killchain, which is the sequence of actions taken by the attackers to gain access, establish control, and exfiltrate data from the targeted systems.
World Cup Qatar
The 2022 FIFA World Cup is scheduled to be the 22nd running of the FIFA World Cup competition, the quadrennial international men's football championship contested by the senior national teams of the member associations of FIFA. It is scheduled to take place in Qatar from 20 November to 18 December 2022. This will be the first World Cup ever to be held in the Arab world, and the second World Cup held entirely in Asia after the 2002 tournament in South Korea and Japan.[a] In addition, the tournament will be the last to involve 32 teams, with an increase to 48 teams scheduled for the 2026 tournament in the United States, Mexico, and Canada.
Cyber Risk to the Oil and Gas Industry
There has been significant interest within the offshore oil and gas industry to utilise Industrial Internet of Things (IIoT) and Industrial Cyber-Physical Systems (ICPS). There has also been a corresponding increase in cyberattacks targeted at oil and gas companies.
The New Target: Immigrations
Financial and investment entities, including those involved in the decentralized finance (DeFi) and cryptocurrency markets, are being actively targeted by a group of hackers identified as TA4563, who are leveraging Evilnum malware.
Cyber Security in Elections
In recent years, the effect of cyber operations on the elections of countries has been increasing rapidly and it has been observed that interstate operations are carried out with cyber espionage campaigns.
The Return of Emotet
The notorious Emotet malware is staging a comeback of sorts, months after a coordinated law enforcement operation dismantled its command-and-control infrastructure in late January 2021. While the malware maintainers remain unknown, this campaign suspiciously coincides with the Russian invasion of Ukraine.
Prestige Ransomware: Targeting Ukraine & Poland
A new ransomware campaign targeted the transportation and logistics sectors in Ukraine and Poland on October 11 with a previously unknown payload dubbed Prestige. "The activity shares victimology with recent Russian state-aligned activity, specifically on affected geographies and countries, and overlaps with previous victims of the FoxBlade malware (also known as HermeticWiper)," the Microsoft Threat Intelligence Center (MSTIC) said.
Russia - Ukraine Cyberwar
The day before the invasion of Ukraine by Russian forces, a new wiper malware sample spreading across Ukrainian companies is observed. An hour before the invasion, an IssacWiper attack against government websites was recorded. Moreover, cyber-attacks continued in March, as well, with the CaddyWiper malware which infiltrated the systems of several Ukrainian organizations, from both the government and the financial sectors.
Hafnium
Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.
Attacks on industrial control systems using ShadowPad
Researchers uncovered an active ShadowPad backdoor infection on industrial control systems (ICS) in Pakistan. These infected machines includes engineering hardware systems related to automation systems Infected machines includes engineering computers used in building automation systems.
Operation AppleJeus: North Korea’s Cryptocurrency Malware
After releasing Operation AppleJeus, the Lazarus group continued to use a similar modus operandi in order to compromise cryptocurrency businesses.
SolarWinds
Austin, Texas-based SolarWinds sells software that lets an organization see what's happening on its computer networks. Hackers inserted malicious code into an update of that software, which is called Orion. Around 18,000 SolarWinds customers installed the tainted update onto their systems
Operation Quicksand: MuddyWater's Attacks to Israeli Organizations
During September 2020, identified a new campaign targeting many prominent Israeli organizations was identified. The campaign was attributed to the Iranian threat actor ‘MuddyWater’ (also known as TEMP.Zagros, Static Kitten and Seedworm).
Hackers Behind the Iran
The asymmetric nature of the cyberwarfare domain has enabled Iran to carry out the most sophisticated and costly cyber attacks in the history of the internet age
Covid-19
Many threat actors are leveraging the high level of global anxiety around the spread of the Coronavirus and are using it to gain initial access to their victim ictim’s network and launch their campaigns. The common factor among these campaigns is the use of social engineering techniques to manipulate their victims into trusting their malicious scams.
Energy War
BlackEnergy is a malware toolkit that has been used by both criminal and APT actors. It dates back to at least 2007 and was originally designed to create botnets for use in conducting Distributed Denial of Service (DDoS) attacks, but its use has evolved to support various plug-ins
The Pegasus Project
The Pegasus Project is a collaborative investigation into NSO Group, an Israeli “cyber intelligence” company that sells sophisticated spyware to governments around the world.
The Cyber Face of Economic Development
Like other Chinese espionage operators, hacker groups, espionage targeting has generally aligned with China's Five-Year economic development plans. The group has established and maintained strategic access to organizations in the healthcare, high-tech, and telecommunications sectors. Activity traces back to 2012 when individual members of APT41 conducted primarily financially motivated operations focused on the video game industry before expanding into likely statesponsored activity.
Red Children of Censorship
North Korean state-sponsored cyber espionage groups. Focuses on targeting the public and private sectors primarily in South Korea. In 2017, APT37 group expanded its targeting beyond the Korean peninsula to include Japan, Vietnam and the Middle East, and to a wider range of industry verticals, including chemicals, electronics, manufacturing, aerospace, automotive and healthcare entities. APT37 has also been linked to the following campaigns between 2016-2018: Operation Daybreak, Operation Erebus, Golden Time, Evil New Year, Are you Happy?, FreeMilk, North Korean Human Rights, and Evil New Year 2018.
From Altai To The Red Square
The Russian government engages in malicious cyber activities to enable broad-scope cyber espionage, to suppress certain social and political activity, to steal intellectual property, and to harm regional and international adversaries.
Trusted by world's leading organizations
Copyright © 2023 SOCRadar Cyber Intelligence Inc.
All rights
reserved.