Tenable

MARCH 3, 2023

FBI and CISA Release Cybersecurity Advisory on Royal Ransomware Group The FBI and CISA have released a joint Cybersecurity Advisory discussing the Royal ransomware group. The advisory details the tactics, techniques and procedures associated with the group and indicators of compromise associated with infection.

Groups 96

Groups Systems Review Technical Review Software Review 96

Ooda Loop

MAY 24, 2024

The hacking group has remained under the radar since 2018 using new and improved tools, tactics, and techniques (TTPs). A Chinese threat actor, Unfading Sea Haze, has been targeting military and government entities in South China Sea countries for at least six years, Bitdefender reports. The threat actor has been […]

Groups 59

Groups Government Report Tools 59

Symantec

APRIL 20, 2022

Russia-linked group is continually refining its malware and often deploying multiple payloads to maximize chances of maintaining a persistent presence on targeted networks.

Groups 98

Groups Malware Network 98

Ooda Loop

DECEMBER 12, 2023

Cisco researchers recently observed the North Korea-linked Lazarus hacking group deploy three Dlang malware families against various targets in the manufacturing, agriculture, and physical security sectors.

Malware 45

Malware Programming Development Research 45

Tenable

MAY 18, 2023

and Australian Agencies Publish Joint Cybersecurity Advisory on BianLian Ransomware Group The FBI, ACSC and CISA have released a joint cybersecurity advisory discussing the BianLian ransomware group. The group claims to have stolen ~4,200 student records containing phone numbers, email addresses, and social security numbers.

Groups 98

Groups Systems Review Malware Technical Review 98

Ooda Loop

FEBRUARY 15, 2024

Microsoft’s threat intelligence team recently partnered with OpenAI to produce a report on threat actors using LLMs to streamline vulnerability research, targeting, and malware development.

Malware 45

Malware Research ChatGPT Groups 45

Tenable

AUGUST 4, 2022

Analyzing the Vulnerabilities Associated with the Top Malware Strains of 2021. International cybersecurity agencies issue a joint alert outlining the top malware strains of 2021. While malware is used for a variety of purposes, the government agencies point out that ransomware is a primary use case. Background. Description.

Malware 74

Malware Windows SMB Groups 74

Ooda Loop

APRIL 23, 2024

According to a Microsoft report, Russian-linked cybercrime group APT28 has been exploiting Windows Print Spooler vulnerabilities to deploy an exploitation tool against organizations across Western Europe, in Ukraine, and in the US.

Malware 59

Malware Organization Government Windows 59

Tenable

JANUARY 27, 2023

Sandworm APT Deploys New SwiftSlicer Wiper Using Active Directory Group Policy Sandworm, the Russian-backed APT responsible for NotPetya in 2017, has recently attacked an Ukrainian organization using a new wiper, SwiftSlicer. Attackers deployed a new wiper we named #SwiftSlicer using Active Directory Group Policy.

Policies 52

Policies Groups Malware Windows 52

Ooda Loop

FEBRUARY 15, 2024

Group-IB, a cybersecurity company based in Singapore, recently attributed the development of sophisticated banking trojans to Chinese-speaking cyber crime group GoldFactory. The threat group has previously […] The threat group has previously […]

Banking 64

Banking Malware Mobile Groups 64

TechCrunch

JULY 20, 2022

Meanwhile, Carly writes that Google Drive is in the spotlight after it was found that Russian hackers are using the software to hide malware. One story touches on the company’s not-so-good news about losing subscribers , and the other two stories provide an update on its ad-supported tier and an acquisition of Animal Logic.

Groups 223

Groups Technical Review Report Malware 223

Symantec

FEBRUARY 22, 2023

No custom malware deployed in attack campaign that appears to rely exclusively on open-source tools.

Groups 98

Groups Malware Organization Open Source 98

Symantec

OCTOBER 10, 2018

A new attack group is targeting government, military, and defense sectors in what appears to be a classic espionage campaign.

Groups 110

Groups Malware Government 110

Tenable

JULY 20, 2022

Having gained the industry’s attention in the first months of 2022, the LAPSUS$ extortion group has largely gone quiet. What can we learn from this extortion group’s story and tactics? In early 2022, the LAPSUS$ group broke onto the scene with flashy and disruptive attacks. Who is the LAPSUS$ group?

Groups 67

Groups Authentication Malware Report 67

Symantec

FEBRUARY 8, 2023

Russia-linked Nodaria group has deployed a new threat designed to steal a wide range of information from infected computers.

Malware 98

Malware Groups 98

Tenable

APRIL 25, 2024

Who is the group behind ArcaneDoor? The group has been labeled UAT4356 by Cisco and STORM-1849 by Microsoft. Cisco attributes this activity with “high confidence” to a state-sponsored actor, though it is unconfirmed which state the group is associated with. Is any malware associated with ArcaneDoor?

Malware 69

Malware Analysis Groups Testing 69

CTOvision

DECEMBER 12, 2018

A cyber espionage group is deploying a new type of trojan malware against telecommunications, information technology, and government organisations.

Malware 73

Malware Telecommunications Government Groups 73

Ooda Loop

APRIL 18, 2024

Mandiant published a new report summarizing the latest activities of Russia’s Sandworm group, also known as APT44. Sandworm is one of the most notorious Russian threat actor groups, conducting espionage, disruption, and disinformation campaigns. Recently, […]

Malware 59

Malware Groups Report 59

Darktrace

NOVEMBER 18, 2020

As the US Treasury announces new sanctions on the Russian institute believed to be behind the TRITON malware, this blog takes a look at the significance of this attack, and extrapolates what’s around the corner for OT cyber-attacks.

Groups 101

Groups Malware Infrastructure 101

CIO

MARCH 13, 2023

By Ram Velaga, Senior Vice President and General Manager, Core Switching Group This article is a continuation of Broadcom’s blog series: 2023 Tech Trends That Transform IT. It’s also been flagged as a risk: cybersecurity companies have identified bad actors using ChatGPT to create malware. But how good can it be?

Artificial Inteligence 360

Artificial Inteligence Technical Review Artificial Intelligence ChatGPT 360

Ooda Loop

APRIL 11, 2024

‘EXotic Visit’, an Android malware campaign has been targeting users located in South Asia from the Google Play Store. No known threat actor group is linked to the campaign. The cybersecurity firm Slovak has been tracking the campaign since November 2021 using the moniker Virtual Invaders. EXotic Visit is also […]

Spyware 59

Spyware Malware Virtualization Groups 59

Tenable

APRIL 12, 2024

1 - CISA to federal agencies: Act now to mitigate threat from Midnight Blizzard’s Microsoft email hack Midnight Blizzard, a nation-state hacking group affiliated with the Russian government, stole email messages exchanged between several unnamed U.S. military have had access to Malware Next-Generation Analysis since November.

Generative AI 116

Generative AI Malware Trends Government 116

Ooda Loop

MARCH 22, 2024

Security researchers at Mandiant have raised concerns after discovering that Russia’s APT29 hacking group, linked to the country’s foreign intelligence service (SVR), has begun targeting political parties in Germany. The attack involves multi-stage malware, including phishing […]

Malware 59

Malware Research Groups 59

CIO

MAY 15, 2024

A model trained on, say, an archive of flat earth conspiracy theories will be bad at answering science questions, or a model fine-tuned by North Korean hackers might be bad at correctly identifying malware. They’re also full of inaccurate and biased information, malware, and other materials that can degrade the quality of output.

Open Source 340

Open Source Weak Development Team Artificial Inteligence Training 340

Tenable

MARCH 1, 2024

Plus, the latest guidance on cyberattack groups APT29 and ALPHV Blackcat. And the most prevalent malware in Q4. government is alerting healthcare companies in particular about the threat from the ALPHV Blackcat ransomware-as-a-service (RaaS) group, which this week claimed responsibility for an attack against Change Healthcare.

Artificial Inteligence 73

Artificial Inteligence Malware Generative AI Government 73

SecureWorks

SEPTEMBER 8, 2022

Type: Blogs BRONZE PRESIDENT Targets Government Officials The likely Chinese government-sponsored threat group uses decoy documents and PlugX malware to compromise targets. The likely Chinese government-sponsored threat group uses decoy documents and PlugX malware to compromise targets.

Government 87

Government Malware Groups Research 87

Tenable

AUGUST 25, 2023

That’s according to the study “The State of Cybersecurity Today” from Information Services Group (ISG), for which 204 executives from the world’s 2,000 largest companies were polled. Among respondents, 24% were C-level executives, such as CISOs and CIOs. on average in 2023 compared with 2022. “We

Malware 98

Malware Artificial Inteligence Open Source Artificial Intelligence 98

Symantec

SEPTEMBER 9, 2021

Group has heavy focus on telecoms sector. Recent campaigns involved exploits against Exchange and MySQL servers.

Malware 98

Malware Groups 98

The Parallax

FEBRUARY 18, 2020

SAN FRANCISCO—The greatest trick stalkerware, one of the most dangerous forms of malware , ever played was convincing the world that it didn’t exist. Until recently, cybersecurity experts could overlook stalkerware because of the personal nature of how it spreads, its muddled legal status—and how it is detected.

Spyware 230

Spyware Malware Conference Groups 230

AlienVault

DECEMBER 17, 2018

In part 1 of this blog series, we analyzed malware behaviour, and, in part 2 , we learned how to detect persistence tricks used in malware attacks. We can add a group condition with an OR operator inside to match the case. Still, there are more types of events that we can observe with Osquery when malicious activity happens.

Malware 40

Malware Analysis Systems Review Software Review 40

Palo Alto Networks

DECEMBER 29, 2022

23, a new variant of wiper malware, named HermeticWiper, was discovered in Ukraine. Russia’s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine. The Gamaredon group (aka Trident Ursa, Primitive Bear) is one of the most active, advanced and persistent threats (APT) targeting Ukraine. Top Malware.

Malware 70

Malware Linux Telecommunications Government 70

Darktrace

NOVEMBER 17, 2020

As the US Treasury announces new sanctions on the Russian institute believed to be behind the TRITON malware, this blog takes a look at the significance of this attack, and extrapolates what’s around the corner for OT cyber-attacks.

Groups 59

Groups Malware Infrastructure 59

Lacework

JUNE 7, 2022

As of this writing we have observed active exploitation by known Cloud threat malware families such as Kinsing, “Hezb”, and the Dark.IoT botnet. One interesting development was the use of a new malware host – 195.2.79.26 Several malware components were observed, the first of which was an XMRig miner installed as “Hezb”.

Malware 144

Malware Infrastructure IoT Azure 144

The Parallax

JANUARY 22, 2018

Its success was predicated not on “zero-day” vulnerabilities or new forms of malicious software, but rather on older, known malware delivered via an all-too-familiar method: phishing. The malware included hacked versions of end-to-end encrypted communication apps Signal and WhatsApp.

Malware 170

Malware Spyware Mobile Government 170

CIO

SEPTEMBER 29, 2022

As a result, the potential for malware to become resident on home computers is increasing.”. We regularly educate our employees about the potential of malware through scam emails, often alerting staff to current market scams as well as regular phishing exercises. In addition, most home computers are used by various family members.

Malware 284

Malware Exercises Hotels Education 284

Tenable

FEBRUARY 9, 2024

On February 7, researchers at Fortinet published a blog post highlighting the exploitation of CVE-2022-42475 and CVE-2023-27997 by Chinese threat groups including Volt Typhoon , APT15 (also known as Ke3chang) and APT31 (also known as ZIRCONIUM) as well as UNC757 ( also known as Fox Kitten), which has a “suspected nexus to the Iranian government.”

Malware 121

Malware Authentication Infrastructure Analysis 121

Lacework

FEBRUARY 7, 2024

Once the scanning process uncovers possible targets, the next phase is exploitation, where the threat actors deploy various forms of malware. Malware (e.g., In another, Obsidian discovered that the 0mega ransomware group carried out data extortion by gaining access to the admin account of a victim’s SharePoint account.

Weak Development Team 111

Weak Development Team Malware Cloud Internet 111