Threat Intelligence

Threat Intelligence Page 1

Ransomware Hacker Groups Unique Source Codes Cyberattacks

Ransomware groups used unique source codes in their attacks

New research showed that ransomware groups had increased the usage of their own or stolen computer code. These groups are believed to be moving away from a leasing model type of attack that is easier to detect by threat analysts. Most of the notorious hacking groups in the previous years have orchestrated their attacks by...
Continue Reading
Conti Ransomware Gang Affiliates Dark Web

Conti ransomware gang allegedly exists within its affiliates

The threat ecosystem of Conti ransomware gang grows stronger each day, retaining its status as one of the most productive malware strains in the cybercriminal landscape worldwide. Based on a recent study, the Conti operators are slowly moving away from the United States and concentrating on NATO-affiliated countries, especially in Europe. Conti’s alleged shutdown is...
Continue Reading
Asia Ukraine Earth Longzhi APT Hacker Group

Asian countries targeted by the Earth Longzhi APT group

A newly emerged advanced persistent threat (APT) group, Earth Longzhi, has targeted numerous organisations using the Cobalt Strike loader, especially in Asia and Ukraine. Researchers noted that these actors are classified as a subgroup of the APT41 nation-backed hacking group. Based on reports, Earth Longzhi deployed two malicious campaigns between May 2022 and February 2021,...
Continue Reading
Chinese Ethnic Groups Uyghurs BadBazaar Spyware Malware

Chinese ethnic groups targeted by the new BadBazaar spyware

The ethnic and religious minority groups in China, including the Uyghurs from Xinjiang, have reportedly been targeted by a threat group deploying an Android spyware tool dubbed ‘BadBazaar.’ The discovery of this campaign has led to experts associating it with a 2020 cyberattack campaign against Uyghurs, performed by the APT15 or the Pitty Tiger. Since...
Continue Reading
Somnia Ransomware Russian Hacktivists

The new Somnia ransomware attributed to Russian hacktivists

The new ‘Somnia’ ransomware infects numerous Ukrainian organisations that the threat operators used for encrypting systems, subsequently leading to operational disruptions. Ukraine’s CERT-UA has announced the incident, stating that the attacks are attributed to a threat group dubbed ‘From Russia with Love’ (FRwL) or the ‘Z-Team’. The agency also tracked the threat group as UAC-0118....
Continue Reading
DDoS Cyberattacks Killnet Hacker Group Russian Hackers Eastern Block Europe

Attempted DDoS attacks of the Killnet group on Eastern Block fails

The Killnet hacking group has attempted several distributed denial-of-service (DDoS) attacks on the former Eastern Bloc government but has been unsuccessful. The pro-Kremlin group completely botched the attempted attacks as they failed to keep their target’s websites shut down with their operation. According to researchers, the threat group has targeted government agencies and companies that...
Continue Reading
Malicious Code apicolor PyPI Hidden Code Steganography Obfuscation Threat Intelligence

A malicious PyPI package hides code through steganography

Security researchers have recently found a new malicious package inside the Python Package Index or PyPI, which hides code in images using a steganographic technique that can infect users of GitHub’s open-source projects. Based on a released advisory, the malicious package dubbed ‘apicolor’ seemed to be one of the many in-development packages on PyPI. However,...
Continue Reading
ShadowPad Malware C2 Infrastructure PlugX Cybersecurity

ShadowPad malware supports numerous C2 infrastructure

Cybersecurity research revealed information about the C2 server infrastructure backed by the ShadowPad malware for its attacks. This malware is a notorious entity that succeeds the PlugX malware strain. According to the investigation, there are three ShadowPad strains called Variant1, Variant2, and Variant3. The first variant was named ScatterBee, collected and examined by researchers last...
Continue Reading
Cybercriminal RomCom RAT Ukraine Army Military Cyberthreat

Cybercriminals deploy the RomCom RAT against Ukraine’s armies

Military institutions in Ukraine have recently been targeted by a new campaign launched by the RomCom RAT operators, involving the use of spoofed domains that host trojanised Advanced IP Scanner packages. First observed in July, the campaign was said to carry the trojanised application’s packages, which also contained numerous files and malicious droppers that would...
Continue Reading
Cybersecurity Experts Fodcha Botnet Malware DDoS

Experts detail new capabilities brought by the Fodcha botnet

The Fodcha DDoS botnet resurfaces on the cybercriminal landscape with new capabilities that pose threats to all its targets. According to reports, the botnet has upgraded its communication protocol and includes a new ability to extort cryptocurrency payments from victims. Researchers spotted the Fodcha botnet for the first time last April, spreading through known Android...
Continue Reading
1 2 3 18