Pakistan-Linked Hackers Added New Windows Malware to Its Arsenal

Cybercriminals with suspected ties to Pakistan continue to rely on social engineering as a crucial component of their operations as part of an evolving espionage campaign against Indian targets, according to new research.

RevengeRAT and AysncRAT target aerospace and travel sectors

Microsoft Security Intelligence earlier this week tweeted out that it has been tracking a campaign of remote access trojans (RATs) targeting the aerospace and travel industries with spear-phishing emails.

Darkside Hacking Group Linked to Colonial Pipeline Attack Says it is Closing Down

DarkSide has told associates it has lost access to the infrastructure it uses to run its operation and would be shutting down, citing pressure from law enforcement and from the U.S., FireEye said.

Magecart Hackers Now Hide PHP-Based Backdoor in Website Favicons

Magecart groups are distributing malicious PHP web shells disguised as a favicon to maintain remote access to the compromised servers and inject JavaScript skimmers into online shopping platforms.

Popular Russian hacking forum XSS bans all ransomware topics

Ransomware-as-a-Service (RaaS) gangs, such as REvil, LockBit, DarkSide, Netwalker, Nefilim, have increasingly been using the forum to enlist new affiliates/partners to their operation.

Transparent Tribe APT Expands its Windows Malware Arsenal with ObliqueRAT

Transparent Tribe, also known as APT36 and Mythic Leopard, continues to create fake domains mimicking legitimate military and defense organizations as a core component of their operations.

Ransomware Attackers Now Using Triple Extortion Tactics Against Victims’ Customers, Partners, and Other Third-Parties

In this tactic, the criminals send ransom demands not only to the attacked organization but to any customers, users, or other third parties that would be hurt by the leaked data.

Beyond Lazarus: North Korean cyber-threat groups become top-tier, ‘reckless’ adversaries

Over recent years, North Korea has evolved from a nuisance to its neighbor South Korea and purveyor of ransomware and DDoS attacks to become the scourge of banks and cryptocurrency exchanges.

SVR Cyber Operators are Taking Intelligence Advisories Seriously

SVR Cyber Operators are Taking Intelligence Advisories Seriously - Cybersecurity news - Threat Actors
The U.S. security agencies have issued advisories against highly dangerous cyber threats from Russian Foreign Intelligence Service (SVR) operators (APT29, Cozy Bear, and Dukes), and the threat actors are adapting accordingly.

Ghostwriter: A Russia-Linked Influence Campaign

Ghostwriter: A Russia-Linked Influence Campaign - Cybersecurity news - Threat Actors
In July 2020, a cyber-enabled influence campaign, dubbed Ghostwriter, was spotted. It mainly targeted Poland, Lithuania, and Latvia. However, based on some developments reported by researchers, the campaign has been attributed to an uncategorized threat actor.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags