DarkReading
TA547 Uses an LLM-Generated Dropper to Infect German Orgs
It's finally happening: Rather than just for productivity and research, threat actors are using LLMs to write malware. But companies need not worry just yet.
DarkReading
LockBit Ransomware Takedown Strikes Deep Into Brand's Viability
Nearly three months after Operation Cronos, it's clear the gang is not bouncing back from the innovative law-enforcement action. RaaS operators are on notice, and businesses should pay attention.
Trend Micro
Unveiling the Fallout: Operation Cronos' Impact on LockBit Following Landmark Disruption
Our new article provides key highlights and takeaways from Operation Cronos' disruption of LockBit's operations, as well as telemetry details on how LockBit actors operated post-disruption.
SecurityWeek
Moldovan Operator of Credential Marketplace Sentenced to US Prison
Sandu Diaconu has been sentenced to 42 months in prison for operating a marketplace for compromised credentials.
The Hacker News
Authorities Claim LockBit Admin "LockBitSupp" Has Engaged with Law Enforcement
In a dramatic turn of events, LockBitSupp, a key figure in the notorious LockBit ransomware operation, is reportedly cooperating with law enforcement.
The Cyber Express
ThreeAM Ransomware Hits Again: Claims Abcor, MTM Robotics as Latest Victims
ThreeAM ransomware group has struck again, this time targeting Abcor in Australia and MTM Robotics in the United States. The
The Record
How the FBI and CISA look to mature the government’s top ransomware task force
Nearly two years after its creation, a task force meant to streamline federal efforts to combat ransomware hopes to further cement how the government handles key aspects of such attacks and do a better job trumpeting its contributions to the broader fight.
The Hacker News
Bumblebee Malware Returns with New Tricks, Targeting U.S. Businesses
Bumblebee, QakBot, Zloader, & PikaBot are back, sneakier than ever. Don't trust those shady emails or downloads.
SecurityWeek
Microsoft Confirms Windows Exploits Bypassing Security Features
Patch Tuesday: Microsoft pushes a massive batch of security-themed updates and calls urgent attention to exploits bypassing security features.
Bleeping Computer
Bumblebee malware attacks are back after 4-month break
The Bumblebee malware has returned after a four-month vacation, targeting thousands of organizations in the United States in phishing campaigns.
SecurityWeek
JFK Airport Taxi Hackers Sentenced to Prison
Two individuals involved in hacking the taxi dispatch system at JFK airport have been sentenced to prison.
The Cyber Express
Garon Products Inc. Falls Victim to ThreeAM Ransomware Attack
Garon Products Inc. finds itself ensnared in the web of cybercrime as it becomes the latest target of the ThreeAM
SecurityWeek
US Slaps Sanctions on ‘Dangerous’ Iranian Hackers Linked to Water Utility Hacks
The US government slaps sanctions against six Iranian government officials linked to cyberattacks against Israeli PLC vendor Unitronics.
SecurityWeek
DraftKings Hacker Sentenced to 18 Months in Prison
Joseph Garrison has received an 18-month prison sentence for accessing 60,000 DraftKings user accounts using credential stuffing.
SecurityWeek
Man Sentenced to Prison for Stealing Millions in Cryptocurrency via SIM Swapping
Daniel James Junk sentenced to six years in prison for stealing millions in cryptocurrency through SIM swapping.
Infosecurity News
US Sanctions Egyptian IT Experts Aiding ISIS in Cybersecurity
The US said the two Egyptian nationals provided cybersecurity training and support to ISIS leadership and supporters, as well as helping enable the group to use cryptocurrency
SecurityWeek
Canadian Man Sentenced to Prison for Ransomware Attacks
Matthew Philbert was sentenced to two years for launching cyberattacks on Canadian businesses and government entities.
The Hacker News
Albabat, Kasseika, Kuiper: New Ransomware Gangs Rise with Rust and Golang
Faust, the untargeted ransomware variant, highlights the need for comprehensive protection.
Security Affairs
Security Affairs newsletter Round 456 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Bleeping Computer
The Week in Ransomware - January 26th 2024 - Govts strike back
Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison.
Security Affairs
A TrickBot malware developer sentenced to 64 months in prison
The Russian national malware developer Vladimir Dunaev was sentenced to more than 5 years in prison for his role in the TrickBot operation.
Infosecurity News
Ukraine Arrests Hacker for Assisting Russian Missile Strikes
Ukraine’s security services said that the hacker targeted government websites and provided intelligence to Russia to carry out missile strikes
SecurityWeek
Russian TrickBot Malware Developer Sentenced to Prison in US
Vladimir Dunaev sentenced to 5 years in prison after admitting to participating in the development and distribution of the TrickBot malware.
The Hacker News
Russian TrickBot Mastermind Gets 5-Year Prison Sentence for Cybercrime Spree
Russian national Vladimir Dunaev sentenced to 5 years and 4 months for TrickBot malware involvement.
DataBreaches
Russian TrickBot malware dev sentenced to 64 months in prison
Following up on the case of Vladimir Dunaev, a Russian national who was extradited to the U.S. from Korea in 2021 and pleaded guilty in December 2023 for his...
Bleeping Computer
Russian TrickBot malware dev sentenced to 64 months in prison
Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the Trickbot malware used in attacks against hospitals, companies, and individuals worldwide.
The Record
Russian developer of Trickbot malware sentenced to five years in prison
A Russian developer of Trickbot malware has been sentenced to five years and four months in prison, the U.S. Department of Justice said on Thursday.
The Record
Kansas State, Clackamas Community College respond to cyberattacks
Kansas State University and a large community college near Portland, Oregon, each spent this week overcoming IT problems linked to cyberattacks.
Cyber Security News
ThreeAM Ransomware Attacking Small & Medium Companies
Security analysts at Intrinsic recently discovered ThreeAM (aka 3 AM, ThreeAMtime) ransomware which has been actively attacking small and medium companies.
SecurityWeek
US Charges Russian Involved in 2013 Hacking of Neiman Marcus, Michaels
US charges Russian cybercriminals, including man allegedly involved in hacking of Neiman Marcus and Michaels Stores in 2013.
The Hacker News
Microsoft Disables MSIX App Installer Protocol Widely Used in Malware Attacks
Microsoft takes action against malware threat: disables ms-appinstaller protocol handler by default.
Ars Technica
How Microsoft’s cybercrime unit has evolved to combat increased threats
Microsoft has honed its strategy to disrupt global cybercrime and state-backed actors.
SecurityWeek
Russian APT Used Zero-Click Outlook Exploit Against Targets in 11 NATO Countries
Russian threat actor APT28 has been exploiting a no-interaction Outlook vulnerability in attacks against 14 countries.
The Cyber Express
TrickMo Banking Trojan Resurfaces with New Features, Targeting Android Devices this Time Around
A particularly nefarious Banking Trojan, TrickBot, has reemerged, this time with an Android variant named "TrickMo" - a reference to
SecurityWeek
Russian Pleads Guilty to Role in Developing TrickBot Malware
Vladimir Dunaev pleads guilty to his involvement in the development and deployment of the notorious TrickBot malware.
Infosecurity News
Russian Programmer Pleads Guilty to Trickbot Conspiracy
40-year-old was extradited from South Korea
The Hacker News
Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware
Microsoft Warns of New CACTUS Ransomware Threat. Malvertising used to deploy DanaBot as initial access. Learn more about this evolving cyber threat.
DataBreaches
Russian National Pleads Guilty to Trickbot Malware Conspiracy
In October 2021, Russian national Vladimir Dunaev, was extradited to the U.S. from Korea. On November 30, he pleaded guilty. From the Department of Justice...
The Hacker News
Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware
Russian national Vladimir Dunaev found guilty for developing TrickBot malware, facing up to 35 years in prison.
Bleeping Computer
TrickBot malware dev pleads guilty, faces 35 years in prison
On Thursday, a Russian national pleaded guilty to charges related to his involvement in developing and deploying the Trickbot malware, which was used in attacks against hospitals, companies, and individuals in the United States and worldwide.
The Record
Russian developer of Trickbot malware pleads guilty, faces 35-year sentence
According to court documents, Vladimir Dunaev, 40, was a member of a cybercriminal organization that deployed Trickbot to steal money and install ransomware on victims’ computers.
The Record
Ukraine appoints new cyber chief following ouster of top officials
The Ukrainian government has appointed Yury Myronenko, a decorated serviceman and air defense commander, as head of one of its main cybersecurity agencies amid a corruption probe.
The Record
US sanctions North Korean ‘Kimsuky’ hackers after surveillance satellite launch
The U.S. partnered with several nations in the Pacific to hand down sanctions on North Korea — particularly the country’s Kimsuky cyber espionage group — after the country launched a surveillance satellite last week.
SecurityWeek
US Sanctions Cryptocurrency Mixer Sinbad for Aiding North Korean Hackers
US Treasury sanctions Sinbad, saying the cryptocurrency mixer is laundering funds for North Korean hacking group Lazarus.
Security Affairs
International police operation dismantled prominent Ukraine-based Ransomware group
An international law enforcement operation dismantled the core of a ransomware group operating from Ukraine.
PCMag
Police Bust Ransomware Gang in Ukraine for Attacking 1,800 Victims
The gang allegedly attacked targets, including large corporations, in 71 countries.
SecurityWeek
Police Dismantle Major Ukrainian Ransomware Operation
Police from several countries have dismantled a major Ukraine-based ransomware operation and arrested its alleged ringleader.
The Hacker News
Key Cybercriminals Behind Notorious Ransomware Families Arrested in Ukraine
A coordinated effort led to the arrest of key figures in Ukraine linked to various ransomware attacks, involving LockerGoga, MegaCortex, and Dharma.
Infosecurity News
Ukraine Police Dismantle Major Ransomware Group
Affiliate deployed LockerGoga, MegaCortex, Hive and Dharma
Bleeping Computer
Police dismantle ransomware group behind attacks in 71 countries
In cooperation with Europol and Eurojust, law enforcement agencies from seven nations have arrested in Ukraine the core members of a ransomware group linked to attacks against organizations in 71 countries.
The Record
High-profile ransomware gang suspects arrested in Ukraine
The international operation, centered on Kyiv, essentially neutralized a group known for deploying variants of LockerGoga, MegaCortex, Hive and Dharma ransomware, authorities said.
The Record
Moldovan accused of running cybercrime marketplace to face charges in US
A Moldovan national has been extradited from the United Kingdom to face charges related to allegedly running an online marketplace selling access to compromised computers.
DarkReading
Unkillable? Qakbot Infections Fly On Even After Its High-Profile Raid
A literal seven-nation (cyber) army wasn't enough to hold back the famous initial access broker (IAB) for long — it's been chugging along, spreading ransomware, despite a massive takedown in August.
CSO
ShadowSyndicate Cybercrime gang has used 7 ransomware families over the past year
Researchers from Group-IB believe it's likely the group is an independent affiliate working for multiple ransomware-as-a-service operations
Cyber Security News
ShadowSyndicate: A New Raas Provider Launching Multiple Ransomware Attacks
A new Ransomware-as-a-service (RaaS) provider has been discovered by researchers, which notably uses multiple ransomware families and is found to have links with several ransomware attacks since July 2022.
The Hacker News
ShadowSyndicate: A New Cybercrime Group Linked to 7 Ransomware Families
Cyber experts uncover a new threat: ShadowSyndicate. Explore their connections to ransomware and the latest findings from cybersecurity experts.
Bleeping Computer
ShadowSyndicate hackers linked to multiple ransomware ops, 85 servers
Security researchers have identified infrastructure belonging to a threat actor now tracked as ShadowSyndicate, who likely deployed seven different ransomware families in attacks over the past year.
The Hacker News
Microsoft Warns of New Phishing Campaign Targeting Corporations via Teams Messages
Microsoft sounds the alarm on Storm-0324's tactics, luring its prey through Teams messages to breach corporate networks.
DataBreaches
Conti member indicted for role in 2021 Scripps Health ransomware attack
On September 7, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), in coordination with the United Kingdom, sanctioned 11...
Bleeping Computer
The Week in Ransomware - September 8th 2023 - Conti Indictments
It started as a slow ransomware news week but slowly picked up pace with the Department of Justice announcing indictments on TrickBot and Conti operations members.
The Hacker News
U.K. and U.S. Sanction 11 Russia-based Trickbot Cybercrime Gang Members
U.S. and U.K. governments have jointly imposed sanctions on 11 individuals connected to the Russia-based TrickBot cybercrime group.
DarkReading
Trickbot, Conti Sanctions Affect Top Cybercrime Brass
US Treasury officials said the sanctions move is part of its effort to combat Russian state-sponsored cybercrime.
SecurityWeek
US, UK Sanction More Members of Trickbot Russian Cybercrime Group
The US and UK have announced sanctions against 11 more alleged members of the Russian cybercrime group Trickbot.
Trend Micro
TrickBot & Conti Sanctions for CISOs & Board Members
Discover what the increased regulatory risk due to recent US and UK sanctions imposed on TrickBot and Conti cybercriminals mean for CISOs and board members.
DataBreaches
United States and United Kingdom Sanction Additional Members of the Russia-Based Trickbot Cybercrime Gang
WASHINGTON — Today, the United States, in coordination with the United Kingdom, sanctioned eleven individuals who are part of the Russia-based Trickbot...
Infosecurity News
UK and US Sanction 11 Russians Tied to Conti/TrickBot Ransomware
These new sanctions follow a first wave in February 2023, where seven Russians involved with Trickbot and Conti were also sanctioned
Bleeping Computer
US and UK sanction 11 TrickBot and Conti cybercrime gang members
The USA and the United Kingdom have sanctioned eleven Russian nationals associated with the TrickBot and Conti ransomware cybercrime operations.
The Record
UK and US sanction 11 Russians connected to notorious Trickbot group
Eleven Russian nationals alleged to have been part of the criminal group operating the Trickbot malware and Conti ransomware schemes were sanctioned by authorities in the United States and United Kingdom.
The Record
DOJ unseals indictments against alleged Trickbot and Conti cybercriminals
The indictments are the latest example of a more aggressive U.S. law enforcement strategy to battling cybercrime.
DarkReading
Sprawling Qakbot Malware Takedown Spans 700,000 Infected Machines
"Operation Duck Hunt" is not likely to eliminate the initial access botnet forever, but the proactive removal of the malware from victim machines by law enforcement is one of the largest and most significant efforts of its kind.
Infosecurity News
Ransomware Attacks Skyrocket in Q2 2023
SonicWall’s report finds that ransomware rebounded in Q2 2023 following a major reduction in Q1
DarkReading
Patch Now: Up to 900K MikroTik Routers Vulnerable to Total Takeover
Researchers have delivered working exploits for RouterOS, which when combined with default admin passwords can be a recipe for cyber disaster.
The Hacker News
BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising
BlackCat ransomware now spreading via malvertising! Watch out for rogue installers disguised as legitimate apps like WinSCP.
The Hacker News
Powerful JavaScript Dropper PindOS Distributes Bumblebee and IcedID Malware
New JavaScript Dropper PindOS delivers dangerous payloads like Bumblebee and IcedID, acting as loaders for ransomware and other malware.
Cyber Security News
Ransomware Attack Prevention Checklist - 2023
Implementing a ransomware attack prevention plan can provide businesses with the necessary tools to protect your organisation.
The Hacker News
AceCryptor: Cybercriminals' Powerful Weapon, Detected in 240K+ Attacks
AceCryptor: the crypter malware that packs a punch! Since 2016, it's been hiding numerous strains of malware under its cloak
Cyber Security News
What is Malware Attack? Types, Methods, Distribution, Protection - Guide
A malware attack is a cyber-attack using malicious software to gain unauthorized access to a computer system or network.
Cyber Security News
Researchers Uncovered C2 Infrastructure Used by Baking Malware Ursnif
Bridewell's Cyber Threat Intelligence (CTI) team has discovered previously undetected Ursnif infrastructure used in 2023 campaigns, suggesting that the malware operators have not yet utilized this highly elusive infrastructure.
DataBreaches
Ex-Conti members and FIN7 devs team up to push new Domino malware
Lawrence Abrams reports: Ex-Conti ransomware members have teamed up with the FIN7 threat actors to distribute a new malware family named ‘Domino’...
Security Affairs
The intricate relationships between the FIN7 group and members of the Conti ransomware gang
A new malware, dubbed Domino, developed by the FIN7 cybercrime group has been used by the now-defunct Conti ransomware gang. IBM Security X-Force researchers recently discovered a new malware family, called Domino, which was created by developers associated with the FIN7 cybercriminal group (tracked by X-Force as ITG14). FIN7 is a Russian criminal group (aka Carbanak) that has […]
Bleeping Computer
Ex-Conti members and FIN7 devs team up to push new Domino malware
Ex-Conti ransomware members have teamed up with the FIN7 threat actors to distribute a new malware family named 'Domino' in attacks on corporate networks.
The Hacker News
FIN7 and Ex-Conti Cybercrime Gangs Join Forces in Domino Malware Attacks
Cybercriminal syndicates FIN7 and ex-Conti members have teamed up to launch Domino malware attacks.
Security Affairs
Emotet is back after a three-month hiatus
The infamous Emotet malware is back after a short hiatus, threat actors are spreading it via Microsoft OneNote email attachments. The Emotet malware returns after a three-month hiatus and threat actors are distributing it via Microsoft OneNote email attachments to avoid detection. The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked […]
The Hacker News
Emotet Rises Again: Evades Macro Security via OneNote Attachments
Emotet is back, now hiding in Microsoft OneNote email attachments to bypass macro-based security restrictions and compromise systems.
Bleeping Computer
Conti-based ransomware ‘MeowCorp’ gets free decryptor
A decryption tool for a modified version of the Conti ransomware could help hundreds of victims recover their files for free.
The Hacker News
Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection
Threat actors from Chinese and Russian cybercriminal ecosystems have been observed using a new malware designed to load Cobalt Strike.
CSO
DNS data shows one in 10 organizations have malware traffic on their networks
Akamai report highlights how widespread malware threats remain, noting the dangers of threats specific to DNS infrastructure.
Ars Technica
Botnet that knows your name and quotes your email is back with new tricks
Quoting Herman Melville is only one of Emotet's latest innovations.
DarkReading
Emotet Resurfaces Yet Again After 3-Month Hiatus
More than two years after a major takedown by law enforcement, the threat group is once again proving just how impervious it is against disruption attempts.
The DFIR Report
2022 Year in Review - The DFIR Report
As we move into the new year, it’s important to reflect on some of the key changes and developments we observed and reported on in 2022. This year’s year-in-review report … Read More
DarkReading
Mobile Banking Trojans Surge, Doubling in Volume
Mobile malware developers were busy bees in 2022, flooding the cybercrime landscape with twice the number of banking trojans than the year before.
Infosecurity News
Russian IT “Brain Drain” Decentralizes Cybercrime
Recorded Future claims war in Ukraine is having a major impact
CSO
5 top threats from 2022 most likely to strike in 2023
Study and prepare for these five threats and you will be well on your way to protecting your network, assets, and employees.
CSO
5 top threats from 2022 most likely to strike in 2023
Study and prepare for these five threats and you will be well on your way to protecting your network, assets, and employees.
The Hacker News
Google Reveals Alarming Surge in Russian Cyber Attacks Against Ukraine
Russia's cyber attacks against Ukraine surged by 250% in 2022, according to a report by Google's Threat Analysis Group and Mandiant.
The Record
Expect more sanctions and hacking operations on ransomware groups, top Justice official says
Deputy Attorney General Lisa Monaco said the feds will continue to use sanctions and hacking operations as tools against ransomware groups.
Security Affairs
Security Affairs newsletter Round 406 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Clop ransomware claims the hack of 130 orgs using GoAnywhere MFT flaw CISA adds Fortra […]
Bleeping Computer
The Week in Ransomware - February 10th 2023 - Clop's Back
From ongoing attacks targeting ESXi servers to sanctions on Conti/TrickBot members, it has been quite a busy week regarding ransomware.
Cyber Security News
U.S & U.K Sanctioned Seven Russian Individuals Who Are Part of Trickbot Gang
Seven members of the Trickbot cybercrime gang, which has its base in Russia, have been designated by the US and UK.
The Hacker News
U.K. and U.S. Sanction 7 Russians for TrickBot, Ryuk, and Conti Ransomware Attacks
Seven Russian nationals have been sanctioned by the governments of the United Kingdom and the United States for their involvement in the TrickBot.
Loading more articles....