cyber espionage

Russian hackers deliver malicious RDP configuration files to thousands

Amazon, APT, Australia, cyber espionage, Don't miss, Europe, Government, Hot stuff, Japan, Microsoft, News, RDP, Russian Federation, spear-phishing, UK /

Russian hackers deliver malicious RDP configuration files to thousands 2024-10-30 at 12:49 By Zeljka Zorz Midnight Blizzard – a cyber espionage group that has been linked to the Russian Foreign Intelligence Service (SVR) – is targeting government, academia, defense, and NGO workers with phishing emails containing a signed Remote Desktop Protocol (RDP) configuration file. “Based […]

Russian hackers deliver malicious RDP configuration files to thousands Read More »

GoldenJackal APT group breaches air-gapped systems in Europe

APT, cyber espionage, cybercrime, cybersecurity, ESET, EU, News /

GoldenJackal APT group breaches air-gapped systems in Europe 2024-10-09 at 07:01 By Help Net Security ESET researchers have discovered a series of attacks that took place in Europe from May 2022 to March 2024, where the attackers used a toolset capable of targeting air-gapped systems, in a governmental organization of a European Union country. Cyberespionage

GoldenJackal APT group breaches air-gapped systems in Europe Read More »

Exposed: Russian military Unit 29155 does digital sabotage, espionage

CISA, cyber espionage, cyber sabotage, cyber war, cybercriminals, disruption, Don't miss, hacker, Hot stuff, Justice Department, NATO, News, Russian Federation, Ukraine, USA /

Exposed: Russian military Unit 29155 does digital sabotage, espionage 2024-09-06 at 17:01 By Zeljka Zorz The US Department of Justice has named five Russian computer hackers as members of Unit 29155 – i.e., the 161st Specialist Training Center of the Russian General Staff Main Intelligence Directorate (GRU) – which they deem resposible for the 2022

Exposed: Russian military Unit 29155 does digital sabotage, espionage Read More »

Pioneer Kitten: Iranian hackers partnering with ransomware affiliates

CISA, cyber espionage, Don't miss, FBI, Iran, News, Ransomware /

Pioneer Kitten: Iranian hackers partnering with ransomware affiliates 2024-08-28 at 19:46 By Zeljka Zorz A group of Iranian hackers – dubbed Pioneer Kitten by cybersecurity researchers – is straddling the line between state-contracted cyber espionage group and initial access provider (and partner in crime) for affiliates of several ransomware groups. “The FBI assesses these actors

Pioneer Kitten: Iranian hackers partnering with ransomware affiliates Read More »

Chinese hackers compromised an ISP to deliver malicious software updates

APT, cyber espionage, DNS, Don't miss, ESET, Hot stuff, ISP, Malware, News, supply chain compromise, Symantec, Volexity /

Chinese hackers compromised an ISP to deliver malicious software updates 2024-08-05 at 13:46 By Zeljka Zorz APT StormBamboo compromised a undisclosed internet service provider (ISP) to poison DNS queries and thus deliver malware to target organizations, Volexity researchers have shared. Malware delivery via automatic software updates StormBamboo (aka Evasive Panda, aka StormCloud), a Chinese-speaking threat

Chinese hackers compromised an ISP to deliver malicious software updates Read More »

Chinese attackers leverage previously unseen malware for espionage

China, cyber espionage, cybercrime, cybersecurity, Malware, News, report, Sophos, survey /

Chinese attackers leverage previously unseen malware for espionage 2024-06-06 at 05:46 By Help Net Security Sophos released its report, “Operation Crimson Palace: Threat Hunting Unveils Multiple Clusters of Chinese State-Sponsored Activity Targeting Southeast Asia,” which details a highly sophisticated, nearly two-year long espionage campaign against a high-level government target. During Sophos X-Ops’ investigation, which began

Chinese attackers leverage previously unseen malware for espionage Read More »

Moonstone Sleet: A new North Korean threat actor

cyber espionage, data theft, Don't miss, Hot stuff, Microsoft, News, North Korea, Ransomware /

Moonstone Sleet: A new North Korean threat actor 2024-05-29 at 15:46 By Zeljka Zorz Microsoft has named yet another state-aligned threat actor: Moonstone Sleet (formerly Storm-1789), which engages in cyberespionage and ransomware attacks to further goals of the North Korean regime. “Moonstone Sleet uses tactics, techniques, and procedures (TTPs) also used by other North Korean

Moonstone Sleet: A new North Korean threat actor Read More »

Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028)

0-day, APT, CVE, cyber espionage, Don't miss, exploit, Hot stuff, Microsoft, News, Windows /

Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) 2024-04-23 at 17:01 By Zeljka Zorz For nearly four years and perhaps even longer, Forest Blizzard (aka Fancy Bear, aka APT28) has been using a custom tool that exploits a specific vulnerability in Windows Print Spooler service (CVE-2022-38028). Dubbed GooseEgg, the tool is a

Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) Read More »

State-sponsored hackers know enterprise VPN appliances inside out

attacks, cyber espionage, Don't miss, enterprise, Fortinet, government-backed attacks, Hot stuff, Ivanti, Mandiant, News, threat, Threat Intelligence /

State-sponsored hackers know enterprise VPN appliances inside out 2024-02-28 at 14:19 By Zeljka Zorz Suspected Chinese state-sponsored hackers who have been leveraging Ivanti Connect Secure VPN flaws to breach a variety of organizations have demonstrated “a nuanced understanding of the appliance”, according to Mandiant incident responders and threat hunters. They were able to perform a

State-sponsored hackers know enterprise VPN appliances inside out Read More »

Cyber threats cast shadow over 2024 elections

cyber espionage, cybercrime, cybersecurity, election security, News, report, survey, Tidal Cyber /

Cyber threats cast shadow over 2024 elections 2024-02-16 at 06:01 By Help Net Security Considering that 2024 is a historic year for elections – with an estimated half of the world’s population taking part in democratic votes – this high threat of cyber interference has significant implications for global free society, threatening to undermine confidence

Cyber threats cast shadow over 2024 elections Read More »

Global malicious activity targeting elections is skyrocketing

cyber espionage, cybercrime, cybersecurity, election security, News, Resecurity /

Global malicious activity targeting elections is skyrocketing 2024-02-13 at 13:46 By Help Net Security With more voters than ever in history heading to the polls in 2024, Resecurity has identified a growing trend of malicious cyber-activity targeting sovereign elections globally. In an era of unprecedented geopolitical volatility, this trend is particularly concerning, as Time Magazine

Global malicious activity targeting elections is skyrocketing Read More »

Russian hackers breached Microsoft, HPE corporate maliboxes

APT, cyber espionage, data breach, Don't miss, Hot stuff, HPE, Microsoft, News /

Russian hackers breached Microsoft, HPE corporate maliboxes 2024-01-25 at 15:31 By Helga Labus Cozy Bear (aka Midnight Blizzard, aka APT29) has been busy hacking and spying on big tech companies: both Microsoft and Hewlett Packard Enterprise (HPE) have recently disclosed successful attack campaigns by the Russia-affiliated APT group. The Microsoft breach Last Friday, Microsoft revealed

Russian hackers breached Microsoft, HPE corporate maliboxes Read More »

Blackwood APT delivers malware by hijacking legitimate software update requests

backdoor, China, cyber espionage, Don't miss, ESET, hijacking, Japan, Malware, MITM, News, UK /

Blackwood APT delivers malware by hijacking legitimate software update requests 2024-01-25 at 13:32 By Help Net Security ESET researchers have discovered NSPX30, a sophisticated implant used by a new China-aligned APT group, which they dubbed Blackwood. Blackwood has carried out cyberespionage operations against individuals and companies from China, Japan, and the United Kingdom. It leverages

Blackwood APT delivers malware by hijacking legitimate software update requests Read More »

OilRig targets Israel organizations with new lightweight downloaders

cyber espionage, cybercrime, cybersecurity, ESET, Israel, News /

OilRig targets Israel organizations with new lightweight downloaders 15/12/2023 at 14:55 By Help Net Security ESET researchers analyzed a growing series of new OilRig downloaders that the group used in several campaigns throughout 2022 to maintain access to target organizations of special interest, all located in Israel. They include an organization in the healthcare sector,

OilRig targets Israel organizations with new lightweight downloaders Read More »

Russian hackers target unpatched JetBrains TeamCity servers

APT, CISA, cyber espionage, Don't miss, enterprise, exploit, Fortinet, Hot stuff, JetBrains, National Cyber Security Centre, News, Shadowserver, vulnerability /

Russian hackers target unpatched JetBrains TeamCity servers 14/12/2023 at 16:04 By Helga Labus Russian state-sponsored hackers have been exploiting CVE-2023-42793 to target unpatched, internet-facing JetBrains TeamCity servers since September 2023, US, UK and Polish cybersecurity and law enforcement authorities have warned. The targets APT 29 (aka CozyBear, aka Midnight Blizzard), believed to be associated with

Russian hackers target unpatched JetBrains TeamCity servers Read More »

Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397)

APT, cyber espionage, Don't miss, Email, EU, Hot stuff, Microsoft, Microsoft Exchange, News, Outlook, vulnerability /

Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397) 05/12/2023 at 17:47 By Helga Labus Russian state-backed hacking group Forest Blizzard (aka Fancy Bear, aka APT28) has been using a known Microsoft Outlook vulnerability (CVE-2023-23397) to target public and private entities in Poland, Polish Cyber Command has warned. Compromising email accounts and maintaining

Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397) Read More »

Lazarus impersonated Meta recruiter to breach Spanish aerospace firm

APT, backdoor, cyber espionage, ESET, News, spear-phishing /

Lazarus impersonated Meta recruiter to breach Spanish aerospace firm 02/10/2023 at 11:48 By Help Net Security Operators of the North Korea-linked Lazarus APT obtained initial access to the network of an aerospace company in Spain last year after a successful spearphishing campaign, by masquerading as a recruiter for Meta — the company behind Facebook, Instagram,

Lazarus impersonated Meta recruiter to breach Spanish aerospace firm Read More »

Hidden dangers loom for subsea cables, the invisible infrastructure of the internet

attacks, critical infrastructure, cyber espionage, cyber resilience, cybersecurity, ENISA, EU, law, News, regulation, report /

Hidden dangers loom for subsea cables, the invisible infrastructure of the internet 21/09/2023 at 06:32 By Help Net Security More than 97% of the world’s internet traffic passes through subsea cables at some point, according to ENISA. Subsea cables are a vital component of the global internet infrastructure, and it is critical to protect them

Hidden dangers loom for subsea cables, the invisible infrastructure of the internet Read More »

How Chinese hackers got their hands on Microsoft’s token signing key

cloud security, cyber espionage, data theft, Don't miss, enterprise, Europe, Government, Hot stuff, Microsoft, Microsoft 365, News, USA, Wiz /

How Chinese hackers got their hands on Microsoft’s token signing key 07/09/2023 at 17:00 By Zeljka Zorz The mystery of how Chinese hackers managed to steal a crucial signing key that allowed them to breach Microsoft 365’s email service and access accounts of employees of 25 government agencies has been explained: they found it somewhere

How Chinese hackers got their hands on Microsoft’s token signing key Read More »

Scroll to Top