4 malicious campaigns, 13 confirmed victims, and a new wave of Cobalt Strike infections The state-sponsored hacker group APT41 (aka ARIUM, Winnti, LEAD, WICKED SPIDER, WICKED PANDA, Blackfly, Suckfly, Winnti Umbrella, Double Dragon), whose goals are cyber espionage and financial gain, has been active since at least 2007. Group-IB Threat
On June 1, a Google Cloud Armor customer was targeted with a series of HTTPS DDoS attacks which peaked at 46 million requests per second. This is the largest Layer 7 DDoS reported to date—at least 76% larger than the previously reported record. The geographic distribution and types of
A cyber attack disrupted the IT operations of South Staffordshire Water, a company supplying drinking water to 1.6M consumers daily. South Staffordshire Water has issued a statement confirming the security breach, the company pointed out that the attack did not impact the safety and water distribution systems. South Staffordshire
Team82 has developed a novel attack that weaponizes programmable logic controllers (PLCs) in order to exploit engineering workstations and further invade OT and enterprise networks. We’re calling this the Evil PLC Attack. Download the full report here (free PDF). The attack targets engineers working every day on industrial networks,
Pro-ukrainan hacker group OneFist claim demolished the KUPROS Paper Mill in Novosibirk via SCADA attack. They claim "full system control allowed destruction of machinery and potential floods/fires. The loss of machinery and production will be in the millions." Sources: OneFist's Telegram and Twitter channels #RusUkrWar
Infostealer appears to be payload in recent activity aimed at Ukrainian organizations. This activity was ongoing as recently as August 8, 2022 and much of the activity observed in this campaign is consistent with activity that was highlighted by CERT-UA on July 26. Shuckworm (aka Gamaredon, Armageddon) is a Russia-linked
The Microsoft Threat Intelligence Center (MSTIC) has observed and taken actions to disrupt campaigns launched by SEABORGIUM, an actor Microsoft has tracked since 2017. SEABORGIUM is a threat actor that originates from Russia, with objectives and victimology that align closely with Russian state interests. Its campaigns involve persistent phishing and
The pro-Russia Killnet hacker group claims that the stolen information includes PII data such as email addresses and phone numbers of the company’s employees. On August 1st, 2022, the pro-Russian hackers from Killnet claimed responsibility for a DDoS attack on Lockheed Martin, a United States-based global security and aerospace
Pro-Ukraine hacker group OneFist claims hacked SCADA system for Rosseti Lenenergo's 110 kV substation PS-249 "Dymi" as part of their special cyberwarfare operation, Operation "Smoked". Using a vulnerability in it's uninterruptible power supply (UPS), which gave them total access to the batteries,
The Anonymous Hacker group has claimed to have taken down two Russian video conferencing apps, Webnir.ru and videomost.com station. Webinar Group is a Russian ecosystem of services for meetings, online events, training and webinars. One of the clients as stated on their website is Huwaei. While webinar.ru
A group of 18 tech and cyber companies said Wednesday they are building a common data standard for sharing cybersecurity information. They aim to fix a problem for corporate security chiefs who say that cyber products often don’t integrate, making it hard to fully assess hacking threats. Amazon. com
CTI (Cyber Threat Intelligence) analysis by Trend Micro of a cyber espionage campaign of Iron Tiger APT (Advanced Persistent Threat) group. Iron Tiger (also known as Emissary Panda, APT27, Bronze Union, and Luckymouse) compromising chat application Mimi’s servers in a supply chain attack by HyperBro malware. MiMi is an
Pro-Ukraine hacker group Bluehornet who was AgainstTheWest and has continued to operate in some capacity under spot has now allegedly returned to operations.
The pro-Russian hacker gang known as Killnet took down the website of Latvia’s parliament on Thursday after lawmakers there designated Russia as a “state sponsor of terrorism.” The parliament’s website went down for several hours after being hit by a distributed denial-of-service (DDoS) attack, which floods websites with
On May 24, 2022, Cisco became aware of a potential compromise. Since that point, Cisco Security Incident Response (CSIRT) and Cisco Talos have been working to remediate. Cisco has updated its security products with intelligence gained from observing the bad actor’s techniques, shared Indicators of Compromise (IOCs) with other
CTI analysis by Cyble of the escalation of the China-Taiwan conflict in the wake of Nancy Pelosi's visit to Taiwan, which was followed by widespread cyberattacks on Taiwanese institutions. Pelosi’s Taiwan Visit Widens Taipei-Beijing RiftCyble analyzes the escalation of the China-Taiwan conflict in the wake of Nancy
