"The Russian state-sponsored hacking group known as Sandworm (aka: Quedagh, Voodoo Bear, TEMP.Noble, IRON VIKING, G0034, ELECTRUM, TeleBots, IRIDIUM, Blue Echidna) has been observed masquerading as telecommunication providers to target Ukrainian entities with malware." Sandworm is a state-backed threat actor attributed by the US government as part
Revolut has suffered a cyberattack that gave an unauthorized third party access to personal information of tens of thousands of clients. Founded in 2015, Revolut is a financial technology company that has seen a rapid growth, now offering banking, money management, and investment services to customers all over the world.
Researchers at Akamai are reporting a distributed denial-of-service (DDoS) attack in Eastern Europe, which set records by peaking at 704.8 Mpps as the cyberattackers tried to cripple the organization's business operations. The attackers began by targeting the victim's primary data center, before expanding unexpectedly and
TrendMicro have recently observed malicious actors exploiting both recently disclosed and older Oracle WebLogic Server vulnerabilities to deliver cryptocurrency-mining malware. Oracle WebLogic Server is typically used for developing and deploying high-traffic enterprise applications on cloud environments and engineered and conventional systems. One of the older vulnerabilities that is still being
The Center for European Policy Analysis (CEPA) recently published a 38-page study, Russian Cyberwarfare: Unpacking the Kremlin’s Capabilities by two esteemed researchers, Irina Borogan and Andrei Soldatov. The opening premise is that Russia has not demonstrated its cyber warfare adroitness in support of its invasion of Ukraine. Whether the
Former leader of Team OneFist claims a strategic cyber strike was conducted against a Schneider uninterruptable power system (UPS), located in the town of Satka.
Uber suffered a cyberattack Thursday afternoon with an allegedly 18-year-old hacker downloading HackerOne vulnerability reports and sharing screenshots of the company's internal systems, email dashboard, and Slack server. Other systems accessed by the hacker include the company's Amazon Web Services console, VMware vSphere/ESXi virtual machines,
The operators behind the Lornenz ransomware operation have been observed exploiting a now-patched critical security flaw in Mitel MiVoice Connect to obtain a foothold into target environments for follow-on malicious activities. "Initial malicious activity originated from a Mitel appliance sitting on the network perimeter," researchers from cybersecurity firm
The FBI is warning healthcare facilities of the risks associated with unpatched and outdated medical devices. Security flaws in medical devices could adversely impact the operations of healthcare facilities, while also affecting the safety of patients and data confidentiality and integrity, the FBI says. Both hardware design and device software
The Treasury Department's Office of Foreign Assets Control (OFAC) announced sanctions today against ten individuals and two entities affiliated with Iran's Islamic Revolutionary Guard Corps (IRGC) for their involvement in ransomware attacks. Their malicious activity is tracked and overlaps with state-sponsored hacking groups tracked by cybersecurity
The pro-Russian hacking group Killnet and their founder, Killmilk gave a warning to the entire Georgian government that if they work against the Russian Federation, Killmilk himself would personally arrange the genocide of the Georgian people around the world. Accordingly, it has been claimed that Georgia is planning to open
As the war in Ukraine rages on, unseen but related battles occur daily across the globe. These confrontations stem from pro-Russian hacktivist groups targeting countries that support Ukraine, likely with support from the Kremlin. These hacktivists have been targeting a wide swath of industries and sectors, including aviation, energy, financial,
Artifacts exposed personas and companies associated with the Iranian threat group. Secureworks® Counter Threat Unit™ (CTU) analysis of a June 2022 ransomware incident revealed details about Iranian COBALT MIRAGE threat group operations. Despite CTU™ researchers publicly disclosing COBALT MIRAGE tactics, techniques, and procedures (TTPs) in May 2022, the threat actors
Governments and state-owned organizations are the latest targets of a well-established threat actor. A distinct group of espionage attackers who were formerly associated with the ShadowPad remote access Trojan (RAT) has adopted a new, diverse toolset to mount an ongoing campaign against a range of government and state-owned organizations in
State-backed Chinese hackers have developed a Linux variant for the SideWalk backdoor used against Windows systems belonging to targets in the academic sector. The malware is attributed with high confidence to the SparklingGoblin threat group, also tracked as Earth Baku, which is believed to be connected to the APT41 cyberespionage
