Security Affairs
APT29 group exploited WinRAR 0day in attacks against embassies
Russia-linked cyberespionage group APT29 has been observed leveraging the CVE-2023-38831 vulnerability in WinRAR in recent attacks.
Infosecurity News
Russia’s APT29 Targets Embassies With Ngrok and WinRAR Exploit
Threat group may be looking for intel on Azerbaijan
Bleeping Computer
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies
After Sandworm and APT28 (known as Fancy Bear), another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks.
The Hacker News
Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks
Russian cyber espionage group linked to the FSB are using a USB worm called LitterDrifter to target Ukrainian organizations.
DarkReading
Qatar & Rwanda Partner to Boost Cybersecurity in Africa
The two countries will work on AI security guardrails, public key infrastructure, smart city cyber, and more.
The Record
Cyber-espionage operation on embassies linked to Russia’s Cozy Bear hackers
Targets in Azerbaijan and Italy bore the brunt of the operation by the Kremlin-backed hackers of APT29, also known as Cozy Bear, according to Ukraine's National Cyber Security Coordination Center.
DarkReading
Azerbaijan Agencies Sign Cyber-Partner Deals
The country has signed fresh deals to boost cyber intelligence and preparedness capabilities.
The Hacker News
CanesSpy Spyware Discovered in Modified WhatsApp Versions
WhatsApp mods for Android hiding a dangerous spyware, CanesSpy! Your phone could be compromised without you knowing.
The Record
Apple warns Armenians of state-sponsored hacking attempts
Apple has sent alerts to people in Armenia in recent weeks that their phones are being targeted by state-sponsored hackers, with several cybersecurity experts warning that it is likely tied to Pegasus spyware.
Infosecurity News
Spy Module Discovered in WhatsApp Mods
Kaspersky said that between October 5 and 31 alone, it intercepted over 340,000 attacks
The Record
Arabic-speaking WhatsApp users targeted with spyware
Otherwise harmless mods of the WhatsApp messenger have been infected with spyware aimed at users in Saudi Arabia, Yemen and elsewhere, according to researchers at Kaspersky.
The Hacker News
YoroTrooper: Researchers Warn of Kazakhstan's Stealthy Cyber Espionage Group
YoroTrooper is a unique threat actor - likely originating from Kazakhstan. Get the latest info on tactics, techniques, tools, and targeting of this ac
SecurityWeek
'YoroTrooper' Espionage Group Linked to Kazakhstan
The YoroTrooper espionage group likely consists of individuals from Kazakhstan, Cisco’s Talos security researchers report.
The Record
Kazakhstan-based hackers targeting gov’t websites in Central Asia, Cisco says
Hackers believed to be based in Kazakhstan are targeting other members of the Commonwealth of Independent States in a wide-ranging espionage campaign, according to new research.
Latest Hacking News
Hackers Target Azerbaijan Users With A Novel Rust Malware
Researchers have caught a new malware campaign in the wild that deploys a novel Rust-based malware to Azerbaijan targets. While not linked to a known threat actor group, the campaign still includes some false flags,
The Hacker News
Operation Rusty Flag: Azerbaijan Targeted in New Rust-Based Malware Campaign
Researchers warn of a new sophisticated campaign, Operation Rusty Flag, deploying Rust-based malware in Azerbaijan.
Cyber Security News
NSO’s Pegasus Hacked Russia Media Agency CEO's iPhone
The iPhone of Galina Timchenko, the co-founder, CEO, and publisher of the Russian independent media outlet Meduza was found to have NSO Group's Pegasus spyware.
The Record
More Russian journalists investigating possible spyware infections
After the news that the prominent media figure Galina Timchenko was hacked with Pegasus, three other Russian-speaking journalists said they too received warnings of spyware on their phones.
The Record
Exiled Russian journalist had phone hacked with Pegasus spyware
The phone of a prominent Russian journalist and critic of the Kremlin was infected with Pegasus spyware, according to new research.
The Record
Council of Europe report calls use of Pegasus spyware by several countries potentially illegal
Several European states known to have acquired or deployed powerful foreign commercial surveillance tools have potentially used them illegally, according to a report released Friday by the Parliamentary Assembly of the Council of Europe (PACE).
Infosecurity News
Four in Five Cyber-Attacks Powered by Just Three Malware Loaders
ReliaQuest found that 80% of cyber intrusion campaigns used either QakBot, SocGholish or Raspberry Robin
CSO
Command-and-control framework PhonyC2 attributed to Iran’s Muddywater group
PhonyC2 was used to exploit the log4j vulnerability in the Israeli software SysAid, the attack against Israel’s Technion institute, and the ongoing attack against the PaperCut print management software.
The Hacker News
Predator Android Spyware: Researchers Sound the Alarm on Alarming Capabilities
Android Spyware 'Predator' Records Your Calls, Steals Messages, and More! Discover more about its chilling capabilities.
Bleeping Computer
GoldenJackal state hackers silently attacking govts since 2019
A relatively unknown advanced persistent threat (APT) group named 'GoldenJackal' has been targeting government and diplomatic entities in Asia since 2019 for espionage.
Security Affairs
The previously undocumented GoldenJackal APT targets Middle East, South Asia entities
A previously undocumented APT group tracked as GoldenJackal has been targeting government and diplomatic entities in the Middle East and South Asia since 2019. Kaspersky researchers shared details about the activity of a previously undocumented APT group, tracked as GoldenJackal, which has been active since 2019. The primary motivation of the group appears to be […]
The Hacker News
GoldenJackal: New Threat Group Targeting Middle Eastern and South Asian Governments
A new cyber threat, GoldenJackal, is targeting government and diplomatic entities in the Middle East and South Asia.
Infosecurity News
APT Groups Expand Reach to New Industries and Geographies
The findings come from Kaspersky's latest APT trends report for the first quarter of 2023
CSO
Iran cyberespionage group taps SimpleHelp for persistence on victim devices
Group-IB researchers have also identified a previously unknown command and control infrastructure and a PowerShell script that APT group MuddyWater is using for its cyberespionage and IP theft attacks.
The Hacker News
Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access
Iranian MuddyWater hacker group has been found using the legitimate SimpleHelp remote support software to maintain persistence on victim devices.
Security Affairs
Updates from the MaaS: new threats delivered through NullMixer
A technical analysis of NullMixer malware operation revealed Italy and France are the favorite European countries from the attackers’ perspective. Executive Summary Introduction During March 2023, we obtained information and data regarding an ongoing malware operation hitting more than 8.000 targets within a few weeks, with a particular emphasis on North American, Italian, and French […]
Cyber Security News
New Android Banking Malware Attacking Over 400 Financial Apps
Several threat actors have already been exploiting a newly discovered Android banking trojan, dubbed Nexus, to penetrate 450 financial applications and steal data.
The Hacker News
Nexus: A New Rising Android Banking Trojan Targeting 450 Financial Apps
New Android banking trojan Nexus targets 450 financial apps & crypto services
DarkReading
Low-Budget 'Winter Vivern' APT Awakens After 2-Year Hibernation
The "underreported" APT has returned to focus after attacks promoting Russian and Belarusian government interests and going after targets with humor, zest, and scrappiness.
Security Affairs
YoroTrooper APT group targets CIS countries and embassies
A new APT group, dubbed YoroTrooper, has been targeting government and energy organizations across Europe, experts warn. Cisco Talos researchers uncovered a new cyber espionage group targeting CIS countries, embassies and EU health care agency since at least June 2022. The APT group focuses on government or energy organizations in Azerbaijan, Tajikistan, Kyrgyzstan and other Commonwealth […]
The Hacker News
YoroTrooper Stealing Credentials and Information from Government and Energy Organizations
A new threat actor, YoroTrooper, has been identified by Cisco Talos as running espionage campaigns targeting government and energy organizations.
Infosecurity News
YoroTrooper Espionage Campaigns Target CIS, EU Countries
The threat actors mainly targeted organizations across Azerbaijan, Tajikistan and Kyrgyzstan
Bleeping Computer
YoroTrooper cyberspies target CIS energy orgs, EU embassies
A new threat actor named 'YoroTrooper' has been running cyber-espionage campaigns since at least June 2022, targeting government and energy organizations in Commonwealth of Independent States (CIS) countries.
The Record
Treasury Department hits Russian disinformation operators with sanctions
The Treasury announced sanctions on Russian companies, including some connected to disinformation operations with links to intelligence.
Infosecurity News
Armenia and Azerbaijan Hackers Use OxtaRAT to Monitor Conflict
The newest version of OxtaRAT is a polyglot file combining a compiled AutoIT script and an image
The Hacker News
Armenian Entities Hit by New Version of OxtaRAT Spying Tool
Cybercriminals are using a new version of OxtaRAT backdoor to target Armenian entities.
Security Affairs
Roaming Mantis uses new DNS changer in its Wroba mobile malware
Roaming Mantis threat actors were observed using a new variant of their mobile malware Wroba to hijack DNS settings of Wi-Fi routers. Researchers from Kaspersky observed Roaming Mantis threat actors using an updated variant of their mobile malware Wroba to compromise Wi-Fi routers and hijack DNS settings. Roaming Mantis surfaced in March 2018 when hacked routers in Japan to […]
Infosecurity News
Over Four Billion People Affected By Internet Censorship in 2022
Individuals experienced 112 internet restrictions across 32 countries throughout the year
SecurityWeek
Godfather Android Banking Trojan Targeting Over 400 Applications
The Godfather Android banking trojan has been observed targeting more than 400 banking and crypto applications in 16 countries.
The Hacker News
Trojanized Windows 10 Installer Used in Cyberattacks Against Ukrainian Government Entities
Researchers have uncovered a new campaign targeting Ukrainian government entities via trojanized Windows 10 operating system installers.
The Record
Cyber-espionage group Cloud Atlas targets Russia and its supporters
Cyber-espionage group Cloud Atlas has ramped up activities targeting Russia, Belarus and disputed parts of Ukraine and Moldova.
Security Affairs
MuddyWater APT group is back with updated TTPs
The Iran-linked MuddyWater APT is targeting countries in the Middle East as well as Central and West Asia in a new campaign. Deep Instinct’s Threat Research team uncovered a new campaign conducted by the MuddyWater APT (aka SeedWorm, TEMP.Zagros, and Static Kitten) that was targeting Armenia, Azerbaijan, Egypt, Iraq, Israel, Jordan, Oman, Qatar, Tajikistan, and United Arab Emirates. The […]
The Hacker News
MuddyWater Hackers Target Asian and Middle East Countries with Updated Tactics
Iran hackers using compromised corporate email accounts to launch spear-phishing attacks on countries in the Middle East and Central and West Asia.
Infosecurity News
Ukraine Enhances Cooperation with EU Cybersecurity Agencies
Ukraine looks to enhance European integration with ENISA special partner status
CSO
Spyware infections continue as the U.S. federal government takes notice
As more high-profile instances of spyware misuse come to light, the U.S. government begins to take action to address the threat.
Trend Micro
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
In June 2022, LockBit revealed version 3.0 of its ransomware. In this blog entry, we discuss the findings from our own technical analysis of this variant and its behaviors, many of which are similar to those of the BlackMatter ransomware.
The Hacker News
Fronton: Russian IoT Botnet Designed to Run Social Media Disinformation Campaigns
Fronton: Russian IoT Botnet Designed to Run Social Media Disinformation Campaigns
The Record
Russian government procured powerful botnet to shift social media trending topics
Researchers at Nisos said the Fronton botnet was primarily developed “for coordinated inauthentic behavior on a massive scale."
Security Affairs
OpRussia update: Anonymous breached other organizations
Another week has passed and Anonymous has hacked other Russian companies and leaked their data via DDoSecrets. The #OpRussia launched by Anonymous on Russia after the criminal invasion of Ukraine continues, the collective claims to have hacked multiple organizations and government entities. The hacktivists leaked the stolen data via DDoSecrets. Below is the list of […]
Bleeping Computer
Fake Binance NFT Mystery Box bots steal victim's crypto wallets
A new RedLine malware distribution campaign promotes fake Binance NFT mystery box bots on YouTube to lure people into infecting themselves with the information-stealing malware from GitHub repositories.
Cyber Security News
Facebook Blocked Russia and Belarus Hackers Targeting Ukraine
UNC788 was the hacking group behind many cyber espionage activities. These hackers were responsible for tricking many people to reveal their PII about their devices and accounts. The hackers use the following TTPs (Tactics, Techniques, and Procedures)
The Hacker News
Microsoft Obtains Court Order to Take Down Domains Used to Target Ukraine
Microsoft has obtained a court order to take control of 7 domains used by the state-sponsored Russian hacker group APT28 in order to neutralize attack
The Record
Meta said it disrupted a network of fake accounts targeting Ukrainians with espionage
Several Russian and Belarusian social media campaigns that targeted Ukrainians with espionage over the last two months have been disrupted by Meta, the company said Thursday in a new security report.
CyberNews
Russia-linked Hydra, the world's largest darknet marketplace, shut down and seized | CyberNews
Authorities seized the infrastructure of the infamous marketplace, with the US Treasury sanctioning the entity.
ZDNet
Meet BlackGuard: a new infostealer peddled on Russian hacker forums | ZDNet
Sophisticated, but potentially cheap.
Bleeping Computer
Powerful new Oski variant ‘Mars Stealer’ grabbing 2FAs and crypto
A new and powerful malware named 'Mars Stealer' has appeared in the wild, and appears to be a redesign of the Oski malware that shut down development abruptly in the summer of 2020.
ZDNet
Trellix finds OneDrive malware campaign targeting gov't officials in Western Asia | ZDNet
Researchers with Trellix named the malware involved "Graphite" because it uses Microsoft's Graph API to leverage OneDrive as a command and control server