Threat Actor

The Intricate Babylon RAT Campaign Targets Malaysian Politicians, Government

Threat Actor, trojan /

The Intricate Babylon RAT Campaign Targets Malaysian Politicians, Government 2024-09-04 at 17:01 By Cyble Key takeaways  Overview  Cyble Research and Intelligence Lab (CRIL) has recently discovered a campaign involving malicious ISO files, targeting political figures and government officials within Malaysia. The initial infection vector for this campaign is unclear. The ISO file is crafted with […]

React to this headline:

Loading spinner

The Intricate Babylon RAT Campaign Targets Malaysian Politicians, Government Read More »

FudModule Rootkit Targets Crypto, Linked to North Korean Citrine Sleet Group

Threat Actor /

FudModule Rootkit Targets Crypto, Linked to North Korean Citrine Sleet Group 2024-09-04 at 16:46 By Cyble Key Takeaways  Overview   The Citrine Sleet threat actor group was observed by Microsoft researchers exploiting the CVE-2024-7971 zero-day vulnerability in the V8 JavaScript and WebAssembly engine, which affects versions of Chromium prior to 128.0.6613.84. By exploiting this vulnerability, the

React to this headline:

Loading spinner

FudModule Rootkit Targets Crypto, Linked to North Korean Citrine Sleet Group Read More »

TA-FudModule Rootkit Targets Crypto, Linked to North Korean Citrine Sleet Group

Threat Actor /

TA-FudModule Rootkit Targets Crypto, Linked to North Korean Citrine Sleet Group 2024-09-04 at 11:16 By Cyble Key Takeaways  Overview   The Citrine Sleet threat actor group was observed by Microsoft researchers exploiting the CVE-2024-7971 zero-day vulnerability in the V8 JavaScript and WebAssembly engine, which affects versions of Chromium prior to 128.0.6613.84. By exploiting this vulnerability, the

React to this headline:

Loading spinner

TA-FudModule Rootkit Targets Crypto, Linked to North Korean Citrine Sleet Group Read More »

New Cheana Stealer Targets VPN Users Across Multiple Operating Systems

Threat Actor /

New Cheana Stealer Targets VPN Users Across Multiple Operating Systems 2024-08-22 at 19:46 By Cyble Key takeaways  Overview  Threat actors (TAs) predominantly rely on phishing websites as a method to distribute malware. A key tactic involves impersonating well-known brands, especially those associated with essential or security-related applications, to enhance the credibility of their campaigns. They

React to this headline:

Loading spinner

New Cheana Stealer Targets VPN Users Across Multiple Operating Systems Read More »

Widespread Cloud Exposure: Extortion Campaign Used Exposed AWS ENV Files to Target 110,000 Domains

Threat Actor /

Widespread Cloud Exposure: Extortion Campaign Used Exposed AWS ENV Files to Target 110,000 Domains 2024-08-20 at 19:33 By Cyble Key Takeaways Overview An extortion campaign targeted more than 100,000 domains by using misconfigured AWS environment variable files (.env files) to ransom data stored in S3 containers. The sophisticated campaign employed automation techniques and extensive knowledge of

React to this headline:

Loading spinner

Widespread Cloud Exposure: Extortion Campaign Used Exposed AWS ENV Files to Target 110,000 Domains Read More »

Threat Actors Exploit Recent CrowdStrike Outage to Ramp Up Suspicious Domain Creation

CrowdStrike, Malware, Threat Actor, Windows /

Threat Actors Exploit Recent CrowdStrike Outage to Ramp Up Suspicious Domain Creation 2024-07-20 at 19:46 By dakshsharma16 On July 19th, 2024, CrowdStrike, a leading cybersecurity provider of advanced end-point security detection and protection solutions, released a sensor configuration update to Windows systems. This update contained a logic error that resulted in system crashes and Blue

React to this headline:

Loading spinner

Threat Actors Exploit Recent CrowdStrike Outage to Ramp Up Suspicious Domain Creation Read More »

Threat Actor profile: SideCopy 

APT, Threat Actor /

Threat Actor profile: SideCopy  2024-04-29 at 16:01 By rohansinhacyblecom Since early 2019, Operation SideCopy has remained active, exclusively targeting Indian defense forces and armed forces personnel. The malware modules associated with this Threat Actor are continually evolving, with updated versions released following reconnaissance of victim data. Threat Actors behind Operation SideCopy closely monitor malware detections

React to this headline:

Loading spinner

Threat Actor profile: SideCopy  Read More »

Threat Actor Profile: TransparentTribe

Threat Actor /

Threat Actor Profile: TransparentTribe 2024-04-19 at 07:46 By neetha871ad236bd TransparentTribe primarily targets Indian government organizations, military personnel, and defense contractors. Its objective is usually to gather sensitive information, conduct cyber espionage, and compromise the security of its targets.   TransparentTribe is known to have exploited various platforms, including Windows and Android, in their endeavours. The threat

React to this headline:

Loading spinner

Threat Actor Profile: TransparentTribe Read More »

New Enchant Android Malware Targeting Chinese Cryptocurrency Users

Bitcoin, Bitpie Wallet, China, Crypto wallet, Cryptocurrency, darkweb, Enchant, imToken, Malware, OKX, Threat Actor, Threat Intelligence, TokenPocket wallet /

New Enchant Android Malware Targeting Chinese Cryptocurrency Users 23/10/2023 at 14:01 By cybleinc Cyble Research and Intelligence Labs analyzes a New Android malware “Enchant” targeting cryptocurrency users in China. The post New Enchant Android Malware Targeting Chinese Cryptocurrency Users appeared first on Cyble. This article is an excerpt from Cyble View Original Source React to

React to this headline:

Loading spinner

New Enchant Android Malware Targeting Chinese Cryptocurrency Users Read More »

Exela Stealer Spotted Targeting Social Media Giants

Discord, Discord Injection, Exela Stealer, Fake Error Message, GetIcon, GitHub, Keylogger, Open source stealer, PumpFile, Startup, Stealer, Telegram, Threat Actor, VM Machine /

Exela Stealer Spotted Targeting Social Media Giants 26/09/2023 at 16:31 By cybleinc Cyble Research and intelligence labs analyzes the latest version of Exela Stealer, observed targeting Social Media and gaming platforms. The post Exela Stealer Spotted Targeting Social Media Giants appeared first on Cyble. This article is an excerpt from Cyble View Original Source React

React to this headline:

Loading spinner

Exela Stealer Spotted Targeting Social Media Giants Read More »

Low-profile Threat Actor observed imitating NoEscape Ransomware

Bitcoin, Cryptocurrency, NoEscape Ransomware, Ransomware, Threat Actor /

Low-profile Threat Actor observed imitating NoEscape Ransomware 14/09/2023 at 20:17 By cybleinc Cyble Research and Intelligence Labs uncovers a possible crafty imitator of the infamous NoEscape Ransomware. The post Low-profile Threat Actor observed imitating NoEscape Ransomware first appeared on Cyble. The post Low-profile Threat Actor observed imitating NoEscape Ransomware appeared first on Cyble. This article

React to this headline:

Loading spinner

Low-profile Threat Actor observed imitating NoEscape Ransomware Read More »

Threat Actors orchestrate cyber-attacks on vulnerable Ivanti products

CVE-2023-35078, Ivanti, Threat Actor, United States, vulnerability /

Threat Actors orchestrate cyber-attacks on vulnerable Ivanti products 14/09/2023 at 20:17 By cybleinc Cyble Global Sensor Intelligence Networks observes exploitation of Ivanti Vulnerabilities. The post Threat Actors orchestrate cyber-attacks on vulnerable Ivanti products first appeared on Cyble. The post Threat Actors orchestrate cyber-attacks on vulnerable Ivanti products appeared first on Cyble. This article is an

React to this headline:

Loading spinner

Threat Actors orchestrate cyber-attacks on vulnerable Ivanti products Read More »

 LockBit 2.0 Ransomware Resurfaces

CVE-2017-0199, cybercrime, darkweb, Korea, Lockbit 3.0, LockBit Ransomware 2.0, Malware, phishing, Ransomware, Threat Actor, Threat Intelligence /

 LockBit 2.0 Ransomware Resurfaces 07/06/2023 at 15:15 By cybleinc Cyble analyzes LockBit Ransomware, which is distributed via malicious documents, specifically targeting users in Korea. The post  LockBit 2.0 Ransomware Resurfaces appeared first on Cyble. This article is an excerpt from Cyble View Original Source React to this headline:

React to this headline:

Loading spinner

 LockBit 2.0 Ransomware Resurfaces Read More »

 LockBit Ransomware 2.0 Resurfaces

CVE-2017-0199, cybercrime, darkweb, Korea, Lockbit 3.0, LockBit Ransomware 2.0, Malware, phishing, Ransomware, Threat Actor, Threat Intelligence /

 LockBit Ransomware 2.0 Resurfaces 06/06/2023 at 15:02 By cybleinc Cyble Research and Intelligence Labs analyzes LockBit ransomware which uses malicious documents to specifically target users in Korea. The post  LockBit Ransomware 2.0 Resurfaces appeared first on Cyble. This article is an excerpt from Cyble View Original Source React to this headline:

React to this headline:

Loading spinner

 LockBit Ransomware 2.0 Resurfaces Read More »

HelloTeacher: New Android Malware Targeting Banking Users In Vietnam

All, Android malware, Banking Trojan, HelloTeacher Malware, Kik Messenger, Malware, MB Bank, spyware, Threat Actor, Threat Intelligence, TPBank Mobile, Viber, VietinBank iPay, Vietnam /

HelloTeacher: New Android Malware Targeting Banking Users In Vietnam 05/06/2023 at 17:23 By cybleinc Cyble analyzes a new malware “HelloTeacher” masquerading as popular messaging app to target banking users from Vietnam and steals sensitive data. The post HelloTeacher: New Android Malware Targeting Banking Users In Vietnam appeared first on Cyble. This article is an excerpt

React to this headline:

Loading spinner

HelloTeacher: New Android Malware Targeting Banking Users In Vietnam Read More »

Scroll to Top