The popular VPNLab.net used by malicious actors to deploy ransomware has been taken offline following a coordinated law enforcement operation. Europol stated that it took action against the misuse of the VPN service by grounding 15 of its servers on January 17 thus rendering it inoperable as part of a disruptive action that took place […]
Europol Shuts Down VPNLab Popularly Used By Cybercriminals Read More »
Aquatic Panda a China-based targeted intrusion has been observed leveraging critical flaws in the Apache Log4j logging library as an access vector to perform various post-exploitation operations, including reconnaissance and credential harvesting on targeted systems. Crowdstrike a cybersecurity firm stated that the infiltration which was foiled was aimed at an unnamed “large academic institution”. The
Chinese Hackers Target Academic Institution Using Log4Shell Exploit Read More »
Microsoft has announced the seizure of 42 domains used by Nickel a China-based cyber espionage group which has its sights on organizations in the U.S. and 28 other countries. Nickel has targeted organizations in both private and public sectors including diplomatic organizations and ministries of foreign affairs in North America, Central America, South America, Europe
Malicious Web Domain Used By Chinese Hackers Seized by Microsoft Read More »
Enterprise security firm Proofpoint has linked TA406, a North Korean threat actor to a wave of credential theft campaigns targeting research, education and government with two of the attacks aimed at distributing malware which could be used for intelligence gathering. TA406 also known as Kimsuky came into operations as early as 2012 emerging as one
Credential Theft Campaign Linked To North Korean Hackers Read More »
After a seven month hiatus, the Russian-speaking cyber-espionage group RedCurl returns. With their arrival on the scene, the group has targeted 4 companies including a large retail store in Russia as well as improving on its toolset in an attempt to thwart analysis and antivirus detection. The group became active in November 2018 with attacks
RedCurl The Corporate Espionage Hacker Group Returns Read More »
The dark web payment portal operated by Conti the ransomware group has gone down in what appears to be a shift to a new infrastructure after details of inner working of the group was made public. According to MalwareHunterTeam, “while both the clearweb and Tor domains of the leak site of the Conti ransomware gang
Conti Ransomware Group Secrets Exposed Read More »
There has been an increase in the adoption of ransomware as a means of generating revenue for nation-state operators with affiliations with Iran. So far, six threat actors with the West Asian country have been discovered deploying ransomware to achieve their strategic objectives, researchers from Microsoft Threat Intelligence Center (MSTIC) revealed, adding that the ransomware
Microsoft Discloses 6 Iranian Hacking Groups Turning to Ransomware Read More »
Researchers have discovered a hacker-for-hire group called “Void Balaur” which has been linked to strings of cyberespionage and data theft activities targeting politicians, human right activists and government officials since 2015 for financial gain. The group was only recently unmasked when advertisements of its services was cited in a Russia-speaking underground forum dating all the
Researchers Discover “Void Balaur” the Hacker-for-Hire Group Active since 2015 Read More »
Threat actors believed to be affiliated with Iran has been linked to series of targeted attacks aimed at telecommunication operators and internet service providers (ISPs) in Morocco, Saudi Arabia and Isreal and a few ministries of foreign affairs (MFA) in Africa. The group tracked as Lyceum is believed to have occurred between July and October
ISPs and Telecomms are Currently Targets of Iranian Hackers Lyceum Read More »
Law enforcement authorities in Romania on November 4 arrested two individuals for their role played as affiliates of REvill ransomware. The suspects have been linked to more than 5,000 ransomware attacks and extorted close to $600,000 from victims. The arrest is a part of a coordinated operation called GoldDust, which has resulted in arrest of
REvil Ransomware Associates Arrested in Global Takedown Read More »
