New research showed that ransomware groups had increased the usage of their own or stolen computer code. These groups are believed to be moving away from a leasing model type of attack that is easier to detect by threat analysts. Most of the notorious hacking groups in the previous years have orchestrated their attacks by...Continue Reading
The threat ecosystem of Conti ransomware gang grows stronger each day, retaining its status as one of the most productive malware strains in the cybercriminal landscape worldwide. Based on a recent study, the Conti operators are slowly moving away from the United States and concentrating on NATO-affiliated countries, especially in Europe. Conti’s alleged shutdown is...Continue Reading
A newly emerged advanced persistent threat (APT) group, Earth Longzhi, has targeted numerous organisations using the Cobalt Strike loader, especially in Asia and Ukraine. Researchers noted that these actors are classified as a subgroup of the APT41 nation-backed hacking group. Based on reports, Earth Longzhi deployed two malicious campaigns between May 2022 and February 2021,...Continue Reading
The ethnic and religious minority groups in China, including the Uyghurs from Xinjiang, have reportedly been targeted by a threat group deploying an Android spyware tool dubbed ‘BadBazaar.’ The discovery of this campaign has led to experts associating it with a 2020 cyberattack campaign against Uyghurs, performed by the APT15 or the Pitty Tiger. Since...Continue Reading
The new ‘Somnia’ ransomware infects numerous Ukrainian organisations that the threat operators used for encrypting systems, subsequently leading to operational disruptions. Ukraine’s CERT-UA has announced the incident, stating that the attacks are attributed to a threat group dubbed ‘From Russia with Love’ (FRwL) or the ‘Z-Team’. The agency also tracked the threat group as UAC-0118....Continue Reading
The Killnet hacking group has attempted several distributed denial-of-service (DDoS) attacks on the former Eastern Bloc government but has been unsuccessful. The pro-Kremlin group completely botched the attempted attacks as they failed to keep their target’s websites shut down with their operation. According to researchers, the threat group has targeted government agencies and companies that...Continue Reading
Security researchers have recently found a new malicious package inside the Python Package Index or PyPI, which hides code in images using a steganographic technique that can infect users of GitHub’s open-source projects. Based on a released advisory, the malicious package dubbed ‘apicolor’ seemed to be one of the many in-development packages on PyPI. However,...Continue Reading
Cybersecurity research revealed information about the C2 server infrastructure backed by the ShadowPad malware for its attacks. This malware is a notorious entity that succeeds the PlugX malware strain. According to the investigation, there are three ShadowPad strains called Variant1, Variant2, and Variant3. The first variant was named ScatterBee, collected and examined by researchers last...Continue Reading
Military institutions in Ukraine have recently been targeted by a new campaign launched by the RomCom RAT operators, involving the use of spoofed domains that host trojanised Advanced IP Scanner packages. First observed in July, the campaign was said to carry the trojanised application’s packages, which also contained numerous files and malicious droppers that would...Continue Reading
The Fodcha DDoS botnet resurfaces on the cybercriminal landscape with new capabilities that pose threats to all its targets. According to reports, the botnet has upgraded its communication protocol and includes a new ability to extort cryptocurrency payments from victims. Researchers spotted the Fodcha botnet for the first time last April, spreading through known Android...Continue Reading
