iSoon Leak Shows Links to Chinese APT Groups

Chinese hacking contractor iSoon supported three separate cyberespionage operations on behalf of Beijing, said security researchers who analyzed a leaked data trove belonging to the firm.
March 25, 2024

Updated APT Playbook of North Korean Kimsuky Threat Group

The North Korea-linked threat actor known as Kimsuky (aka Black Banshee, Emerald Sleet, or Springtail) has been observed shifting its tactics, leveraging Compiled HTML Help (CHM) files as vectors to deliver malware for harvesting sensitive data.

Iranian TA450 Group Tries Out New Tactics on Israelis

Iran-aligned threat actor TA450 is using fake salary, compensation and financial incentive emails to trick Israeli employees at multi-national organizations into clicking malicious links, according to researchers at security firm Proofpoint.

Chinese Government Hacker Exploiting Screenconnect, F5 Bugs To Attack Defense and Government Entities

A hacker allegedly connected to the People's Republic of China has been exploiting two popular vulnerabilities to attack U.S. defense contractors, U.K. government entities, and institutions in Asia.

'Fluffy Wolf' Spreads Meta Stealer in Corporate Phishing Campaign

Meta Stealer is launched via Remote Utilities, a legitimate remote access tool, allowing threat actors to gain complete control over compromised devices and steal sensitive data.

Hackers Posing as Law Firms Phish Global Organizations

Earlier this month, cybercriminals from the "Narwhal Spider" (aka TA544, Storm-0302) group masquerading as law firms tricked multiple companies into downloading initial access malware that may precede greater attacks down the line.

Earth Krahang APT Exploits Intergovernmental Trust to Launch Cross-Government Attacks

The APT campaign targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa. It exploits public-facing servers and sends spear-phishing emails to deliver backdoors.

Lazarus Group Hackers Appear to Return to Tornado Cash for Money Laundering

North Korea’s Lazarus hacking group has reportedly used the Tornado Cash mixing service to launder $23 million stolen during a November 2023 cyberattack on the HTX cryptocurrency exchange.

RedCurl Group Leverages Windows Component for Cyber Espionage

The attack chain involves phishing emails with malicious attachments, the use of curl and Program Compatibility Assistant (PCA) in Windows to deliver and execute malicious payloads, and unauthorized command execution using Impacket.

Ransomware Talent Surges to Akira After LockBit's Demise

These skilled cybercriminals, referred to as "pentesters," specialize in exploiting vulnerabilities in Cisco devices, outdated VMware ESXi virtual machines, and tricking victims into installing remote monitoring and management software.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags