While much of the cybersecurity world’s attention is on fending off Russian hacks against Ukraine, American officials are increasingly worried about another growing threat: attacks by China on U.S. soil.

Trellix detected a new private RaaS group, named Read The Manual (RTM) Locker, that has been leveraging affiliates for ransom. Also, it flies under the radar by avoiding high-profile targets. Moreover, the self-destructive nature of RTM Locker and the wipeout of logs make it a tough game to crack for security professionals.

Networking, cloud, and cybersecurity solutions provider Juniper Networks this week published advisories detailing tens of vulnerabilities found across its product portfolio, including critical bugs in third-party components of Junos OS and STRM.

Some apps were removed from Google Play while others were updated by the official developers. Users are encouraged to update the apps to the latest version to remove the identified threat from their devices.

SentinelLabs identified a campaign by the Transparent Tribe that targets the Indian education sector via education-themed malicious Office documents propagating Crimson RAT. The group has long been targeting different sectors in India. Hence, vigilance and robust cyber defense strategies are necessary.

3CX confirmed that the software supply chain attack was the work of a North Korean hacker group, UNC4736. The group used the Taxhaul and Simplesea malware for infecting Windows and macOS, respectively. Attackers used Taxhaul (or TxRLoader) to target Windows machines, which was further used to deploy a second-stage payload called Coldcat.

Ukrainian hacker group Cyber Resistance claimed to have hacked the personal accounts, emails, and social media of a Russian GRU officer, who is also the leader of APT28. The email hack allowed the hackers to extract sensitive documents along with personal information and photos, and then leak them into the public domain.

The cybercriminal group, which goes by the moniker “Forza Tools,” was seen offering Legion – a Python-based credential harvester and SMTP hijacking tool. The malware targets online email services for phishing and spam attacks. Experts suggest it is likely based on the AndroxGhOst malware and has several feature modules. 

QuaDream, an Israeli company best known for its malware Reign, has launched the new commercial spyware KingsPawn (a Pegasus-like threat). To begin the attack, iCloud calendar invitations with backdated timestamps are sent to targeted iOS devices. Experts recommend following best practices, such as enabling automatic software updates and using reliable anti-malware software to stay protected.

It is now apparent that LockBit messed up, confusing Darktrace with threat intelligence company DarkTracer which tweeted about the gang’s leak site being flooded with fake victims.