Believed to be a Chinese-based nation-backed group, the cyberespionage actors under the group name ‘Billbug’ has been seen launching a targeted campaign against government agencies, certificate authorities, and defence organisations in many Asian countries. The researchers said that the most recent campaigns launched by the threat group were since at least last March, but records...Continue Reading
Japanese organisations, including media and government, have recently been targeted by a China-backed APT group known as Stone Panda that employed a new stealthy infection chain against its targets. Stone Panda, which also goes by APT10, Cicada, Potassium, and Bronze Riverside, is a China-backed state group that was first found active as far back as...Continue Reading
The Insurance Regulatory and Development Authority of India, or IRDAI, has allegedly suffered from a cyberattack from a still unknown threat group. These findings are from our dark web team in iZOOlogic’s discoveries during a routine investigation within the cybercrime landscape. Though the incident is still under investigation, it shows that numerous life and non-life...Continue Reading
The website of the National Electric Power Regulatory Authority (NEPRA) in Pakistan has recently been compromised by the SideWinder APT, delivering the new WarHawk backdoor malware. Based on a report, the new WarHawk malware contains different malicious modules for Cobalt Strike attacks, has new TTPs, and has applied the Pakistan Standard Time zone to ensure...Continue Reading
The Indian police have advised all Gurugram City residents about potential cybercriminal threats against them following the rollout of 5G SIM services in the city. This advisory came after several people have reported complaints about scammers stealing their money from their bank accounts after they clicked some links sent on their phones. According to the...Continue Reading
Our dark web researchers from iZOOlogic have recently discovered a new data breach post from a threat actor under the username “NetSecOfficial,” which involved stealing alleged data from Flipkart, an Indian-based e-commerce giant that Walmart also owns. Based on the post in a cybercriminal forum, the hacker claimed that they hold Flipkart’s data worth about...Continue Reading
Indian Android users are warned after reports revealed that the SOVA banking trojan had begun targeting the region, especially those using mobile banking apps. Written in Kotlin, this malware was first detected last September targeting East Europe. However, CERT-In announced that India was added to SOVA’s list of targeted countries in July 2022. As a...Continue Reading
The Worok threat group targets high-profile companies and government offices in Asia. The identified malicious threat actors are part of an espionage group that started two years ago. Worok shares similarities in tools and interests with another threat group called TA428. It is reported that both groups have targeted important sectors around Asia, such as...Continue Reading
Another discovery was unveiled after our dark web researchers found a threat actor selling a massive database in a hacking forum that contained confidential documents owned by local and foreign companies in Indonesia. With a username of ‘toshikana,’ this threat actor posted and advertised the stolen database on a hacking forum, adding that the involved...Continue Reading
Several sectors in South Korea, including industrial, healthcare, and pharmaceutical institutions, are the recent targets of a new ransomware strain dubbed GwisinLocker. Reports explain that the new ransomware attacks those under these sectors’ Windows and Linux OS computers. Security analysts are convinced that the threat operators behind the ransomware are Korean entities, given their strong...Continue Reading
