Group-IB researchers have identified two malicious campaigns from 2020 and 2021, respectively, carried out by SideWinder APT that were designed to steal cryptocurrency. The researchers found two new home-grown tools used by SideWinder APT during the campaign: SideWinder.RAT.b and SideWinder.StealerPy. Given the groups’s financial backing and target list, researchers anticipate this threat to keep evolving […]
Norwegian authorities announced on Thursday that they had recovered $5.9 million of cryptocurrency stolen in the Axie Infinity hack – an incident widely held to have been perpetrated by the Lazarus Group, which has links to North Korea.
The attackers use the same commercial online services that sales and marketing teams rely on to identify prospects and personalize communications. They also use Google Translate to translate their malicious emails into multiple languages.
Recent guidance from the US Cyber Security and Infrastructure Security Agency (CISA) recognizes the need for organizations to continually validate defenses against the latest adversary tactics, techniques, and procedures (TTPs).
The users receive an SMS with information on the status of a fictional package, presumably ordered from outside of the country. Also, they are informed of the fact that the delivery has failed due to the customs fee not being paid.
This Red Team framework is designed to be capable of being highly evasive and undetectable by security products, as demonstrated also by many shellcodes we intercepted through hunting activities with zero detection rate on VirusTotal platform.
SAS said it was hit by a cyberattack Tuesday evening and urged customers to refrain from using its app but later said it had fixed the problem. News reports said the hack paralyzed the carrier’s website and leaked customer information from its app.
There are an estimated 3.09 billion active video gamers worldwide. Unsurprisingly, the rising popularity of video gaming has proved an irresistible draw for cyber-criminals looking to target players’ login credentials and personal information.
Chinese 8220 Gang has been found enhancing its attack techniques, such as involving using malicious Docker images and exploiting Struts2, Redis, and Weblogic servers, to launch cryptomining attacks. Some of these attacks leveraged vulnerable Oracle Weblogic servers, and the other campaign attacked a vulnerable Apache web server. Companies can leverage threat intelligence platforms to track IOCs […]
?A hacker is using fake code-signing certificates impersonating cybersecurity firm Emsisoft to target customers using its security products, hoping to bypass their defenses.