The financially motivated threat actor FIN7 targeted a large U.S. car maker with spear-phishing emails for employees in the IT department to infect systems with the Anunak backdoor.

In a report today, Mandiant says that Sandworm relied on three main hacktivist-branded Telegram channels named XakNet Team, CyberArmyofRussia_Reborn, and Solntsepek, all operating in parallel and independently of one another.

Since September 2022, anyone has been able to use the LockBit version 3.0 - aka Black - builder thanks to a key developer leaking it after he fell out with group leader LockBitSupp.

The previously unreported backdoor, dubbed ‘Kapeka’, has a high level of stealth and sophistication, designed to both serve as an early-stage toolkit for its operators, and also to provide long-term access to the victim estate.

The domain of the notorious BreachForums data leak and hacking forum has been taken down by rival threat actors. The threat actor group, R00TK1T, along with the Cyber Army of Russia, announced a breach of user data following the takedown.

To craftily pose as its chosen personas, TA427 uses a few tactics including DMARC abuse in concert with free email addresses, typosquatting, and private email account spoofing.

The threat actor known as Muddled Libra has been observed actively targeting software-as-a-service (SaaS) applications and cloud service provider (CSP) environments in a bid to exfiltrate sensitive data.

The first, not entirely new, sub-technique involves manipulation of Transparency, Consent, and Control (TCC), a security protocol that regulates application permissions on Apple's macOS.

The Iranian threat actor known as MuddyWater has been attributed to a new command-and-control (C2) infrastructure called DarkBeatC2, becoming the latest such tool in its arsenal after SimpleHarm, MuddyC3, PhonyC2, and MuddyC2Go.

One of the key findings from the technical write-up, published by Sysdig today, is the group’s use of a script capable of simultaneously deploying multiple cryptocurrency miners.