An Iranian state-sponsored hacking group successfully infiltrated hundreds of thousands of employee accounts at US companies and government agencies, including the US Treasury and State Department, as part of a five-year cyber espionage campaign.

A new ongoing malware campaign has been observed distributing three different stealers, such as CryptBot, LummaC2, and Rhadamanthys hosted on Content Delivery Network (CDN) cache domains since at least February 2024.

Microsoft specifically highlighted a group named Emerald Sleet (aka Kimusky or TA427), which has been observed using LLMs to bolster spear-phishing efforts aimed at Korean Peninsula experts.

Security experts say Western teenagers comprise a number of active affiliate groups, many with ties to the cybercrime community that calls itself "The Community," aka the Com or Comm.

The financially motivated threat actor FIN7 targeted a large U.S. car maker with spear-phishing emails for employees in the IT department to infect systems with the Anunak backdoor.

In a report today, Mandiant says that Sandworm relied on three main hacktivist-branded Telegram channels named XakNet Team, CyberArmyofRussia_Reborn, and Solntsepek, all operating in parallel and independently of one another.

Since September 2022, anyone has been able to use the LockBit version 3.0 - aka Black - builder thanks to a key developer leaking it after he fell out with group leader LockBitSupp.

The previously unreported backdoor, dubbed ‘Kapeka’, has a high level of stealth and sophistication, designed to both serve as an early-stage toolkit for its operators, and also to provide long-term access to the victim estate.

The domain of the notorious BreachForums data leak and hacking forum has been taken down by rival threat actors. The threat actor group, R00TK1T, along with the Cyber Army of Russia, announced a breach of user data following the takedown.

To craftily pose as its chosen personas, TA427 uses a few tactics including DMARC abuse in concert with free email addresses, typosquatting, and private email account spoofing.