Researchers discovered a new attack campaign attributed to the Chinese-sponsored advanced persistent threat group known as Winnti. Based on reports, the recently discovered campaign remained undetected for several years. The researchers called the campaign ‘Operation CuckooBees’, which leveraged a past undocumented malware and stole confidential trade data from several organisations worldwide. An incident response team...Continue Reading
Cybersecurity researchers have published a new advisory regarding the notorious BlackByte ransomware group. The advisory includes information and assessment regarding the newly discovered BlackByte samples from the group’s recent attacks. Based on reports, the analysts responsible for examining the group’s behaviour discovered several variants of BlackByte ransomware circulating in the wild. The variants are coded...Continue Reading
An advanced persistent threat (APT) group known as Cicada or APT10 has widened its targets, which first started by attacking only Japanese enterprises, to now a wide range of new countries so that they could conduct more widespread espionage attacks. The Chinese-speaking Cicada APT group is also known for its other titles, such as Stone...Continue Reading
Mars Stealer, one of the newest info stealers in 2022, is now rising to the spotlight upon cybersecurity researchers noticing its recent launches of large-scale attack campaigns. From its past name, Oski malware, which has shut down in 2020, Mars Stealer presents its improved and extensive information-stealing features that target a wide range of software...Continue Reading
Cybercriminals are trying to maximize their monetary profits, especially through mobile malware, as their attacks surface expands. Each year, the rise of the mobile malware rate has made cybercriminals more eager to abuse the opportunity. The malicious codes used for mobile attacks offer powerful features adopted by threat actors worldwide. Based on the latest statistic...Continue Reading
A malicious threat group called UNC2596 has leveraged the Microsoft Exchange flaw to distribute the Cuba ransomware. Researchers explained that the group uses ransomware to target several corporate networks and encrypt their devices. UNC2596 has been spreading the same campaigns since the start of August last year. The group has eyed multiple organisations, utility providers,...Continue Reading
The Medusa threat group has been spotted by researchers making a partnership with another threat group called Flubot. Researchers said that the two cybercriminal entities are deployed simultaneously in recent campaigns and share a common infrastructure. Researchers found the Medusa being propagated through the smishing infrastructure utilised by the Flubot trojan. Both threat groups have...Continue Reading
A new threat strain called Sugar ransomware has been found being traded as a ransomware-as-a-service (RaaS) on the dark web. The ransomware landscape, as of now, is an ever-growing community that is always ready to be deployed by threat actors to inflict damage among entities worldwide. The new malware strain dubbed Sugar is now being...Continue Reading
Researchers have uncovered a new malware campaign called Zloader abusing a remote monitoring tool and a decade-old vulnerability in Microsoft’s signature verification system to gather user credentials and sensitive data. Based on recent findings, the Zloader infection chain is associated to a cybercriminal gang known as Malsmoke since it is similar to their past campaigns....Continue Reading
A recently discovered malicious threat group called Karakurt has been elusively operating for some time now. Researchers have exposed and uncovered the new threat group’s strategies and procedures by tracking them. The Karakurt threat group can be classified as financially motivated hackers. Researchers saw the first sightings of the group back in June, with the...Continue Reading