Echoing the stealth and menace of its namesake from "Dune," the Russian Sandworm group has been using its new backdoor, Kapeka, to infiltrate Eastern European entities. Researchers noted a global increase in brute-force attacks targeting various services, such as VPN and SSH. The North Korean Kimsuky is back in the headlines as it has been spotted exploiting DMARC for its phishing campaigns. Here are the top 10 highlights.
01
A little-known Russian backdoor called Kapeka, potentially linked to the Sandworm group, has been used in espionage and sabotage operations in Eastern Europe since at least mid-2022 - found WithSecure.
02
Cisco warned about a global surge in brute-force attacks targeting VPN services, web application authentication interfaces, and SSH services, originating from TOR exit nodes and other anonymizing tunnels and proxies.
03
Cybercriminals are targeting T-Mobile and Verizon employees with text messages offering $300 to perform SIM swaps, which can lead to unauthorized access, identity theft, and financial losses for victims.
04
The North Korean state-aligned group TA427, aka Kimsuky, is actively abusing DMARC to conduct phishing campaigns, particularly targeting experts in U.S. and South Korean foreign policy.
05
Broadcom spotted a new strain of the Xorist ransomware, named L00KUPRU. The firm has identified multiple variants of the ransomware designed to evade detection.
06
Cybersecurity researchers discovered a sophisticated phishing attack that successfully mimics the Outlook login panel, tricking users into revealing their login credentials. The attack has evaded all antivirus detections.
07
Six distinct botnet operations, including Moobot, Miori, and Mirai variants, are actively exploiting a high-severity command injection vulnerability (CVE-2023-1389) in TP-Link Archer AX21 routers.
08
Cado found threat actors exploiting a critical vulnerability (CVE-2023-22518) in Atlassian servers to deploy a Linux variant of Cerber ransomware.
09
The Palo Alto Networks firewall vulnerability (CVE-2024-3400) is being increasingly exploited following the release of a PoC exploit. A state-sponsored group identified as UTA0218 has leveraged this vulnerability.
10
Poland's national prosecutor revealed that around 578 citizens were targeted with the Pegasus spyware between 2017 and 2022, with the highest number of infections (162) occurring in 2021.
