Analysis, Groups and Manufacturing - Information Management Today

Chinese APT Group Winnti Is Stealing Intellectual Property

Data Breach Today

MAY 5, 2022

Forensic Analysis Used to Detect the Group's Involvement, Cybereason Says A new malicious campaign that siphons off intellectual property and sensitive data - including documents, blueprints, diagrams, formulas and manufacturing-related proprietary data - has been identified by researchers at Cybereason as being the work of Chinese APT Winnti, based (..)

Manufacturing

More on NSO Group and Cytrox: Two Cyberweapons Arms Manufacturers

Schneier on Security

DECEMBER 20, 2021

One was hacked by NSO Group’s Pegasus spyware. The other was hacked both by Pegasus and by the spyware from another cyberweapons arms manufacturer: Cytrox. ” In related news, Google’s Project Zero has published a detailed analysis of NSO Group’s zero-click iMessage exploit: FORCED ENTRY.

Manufacturing

Manufacturing Access IT

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia

Security Affairs

APRIL 16, 2024

The Dark Angels (Dunghill) ransomware group claims the hack of the chipmaker Nexperia and the theft of 1 TB of data from the company. The Dark Angels (Dunghill) ransomware group claims responsibility for hacking chipmaker Nexperia and stealing 1 TB of the company’s data. The chipmaker has 14,000 employees as of 2024.

Ransomware

Ransomware Manufacturing Insurance Cybersecurity

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

NSO Group Hacked

Schneier on Security

JULY 20, 2021

NSO Group, the Israeli cyberweapons arms manufacturer behind the Pegasus spyware — used by authoritarian regimes around the world to spy on dissidents, journalists, human rights workers, and others — was hacked. Citizen Lab conducted an independent analysis. Why does NSO Group have that list? More coverage.

Manufacturing

Manufacturing IT

Winnti Group was planning a devastating supply-chain attack against Asian manufacturer

Security Affairs

OCTOBER 14, 2019

Winnti Group is back with a new modular Win backdoor that was used to infect the servers of a high-profile Asian mobile hardware and software manufacturer. Researchers also discovered that the APT group used an updated version of its ShadowPad malware. ” continues the analysis. Pierluigi Paganini.

Manufacturing

Manufacturing Paper Communications IT

A Year Later, Cybercrime Groups Still Rampant on Facebook

Krebs on Security

APRIL 8, 2019

Almost exactly one year ago, KrebsOnSecurity reported that a mere two hours of searching revealed more than 100 Facebook groups with some 300,000 members openly advertising services to support all types of cybercrime, including spam, credit card fraud and identity theft. Facebook responded by deleting those groups. What did we find?

Passwords

Passwords Privacy Manufacturing Phishing

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

Symantec researchers reported that cyberespionage group APT41 targeted organizations in Hong Kong in a campaign that is a likely continuation of the Operation CuckooBees activity detailed by Cybereason in May. Winnti (aka APT41 , Axiom, Barium , Blackfly) is a cyberespionage group that has been active since at least 2007.

File names

File names Encryption Manufacturing Libraries

China-linked APT group VANGUARD PANDA uses a new tradecraft in recent attacks

Security Affairs

JUNE 26, 2023

China-linked APT group VANGUARD PANDA, aka Volt Typhoon, was spotted observing a novel tradecraft to gain initial access to target networks. CrowdStrike researchers observed the China-linked APT group VANGUARD PANDA, aka Volt Typhoon , using a novel tradecraft to gain initial access to target networks. ” concludes the report.

Cleanup

Cleanup Libraries Access Manufacturing

Balikbayan Foxes group spoofs Philippine gov to spread RATs

Security Affairs

NOVEMBER 1, 2021

Meet Balikbayan Foxes: a threat group impersonating the Philippine gov’t. The group focuses on Shipping/Logistics, Manufacturing, Business Services, Pharmaceutical, and Energy entities, among others. Victims of the group are located in North America, Europe, and Southeast Asia. . ” concludes the report.

Healthcare

Healthcare Phishing Manufacturing Government

Cyber-Criminal espionage Operation insists on Italian Manufacturing

Security Affairs

MAY 22, 2020

ZLab researchers spotted a new malicious espionage activity targeting Italian companies operating worldwide in the manufacturing sector. The group behind this activity is the same we identified in the past malicious operations described in Roma225 (12/2018), Hagga (08/2019), Mana (09/2019), YAKKA (01/2020). Technical Analysis.

Manufacturing

Manufacturing e-Delivery IT Security

McAfee Finds Years-Long Attack by Chinese-Linked APT Groups

eSecurity Planet

SEPTEMBER 16, 2021

During the two-month investigation, McAfee researchers were able to narrow down the list of suspects to two advanced persistent threat (APT) nation-state groups that have links to China. Chinese-Linked APT Groups Likely Suspects. PlugX, Winnti and some other custom tools all point to a group that had access to the same tools.

Military

Military Access Manufacturing Phishing

Antlion APT group used a custom backdoor that allowed them to fly under the radar for months

Security Affairs

FEBRUARY 3, 2022

A China-linked APT group tracked as Antlion used a custom backdoor called xPack that was undetected for months. A China-linked APT group tracked as Antlion is using a custom backdoor called xPack in attacks aimed at financial organizations and manufacturing companies, Symantec researchers reported. Pierluigi Paganini.

Manufacturing

Manufacturing Data collection Encryption Passwords

ANALYSIS OF THE TURKISH LARGE FORMAT PRINTING MARKET, 2022?

Info Source

MAY 3, 2023

The reason for this situation, is due to the CAD segment being a pure import market, dominated by multinational companies and with no cheaper alternatives either from local producers or from Chinese manufacturers. Indeed, the overall Turkish CAD market has followed a long-term downward trend, falling from 1.7K units in 2014 to 0.5K

Marketing

Marketing Sales Manufacturing Paper

Group-IB detects a series of ransomware attacks by OldGremlin

Security Affairs

SEPTEMBER 23, 2020

Researchers from threat hunting and intelligence firm Group-IB have detected a successful attack by a ransomware gang tracked as OldGremlin. Group-IB , a global threat hunting and intelligence company headquartered in Singapore, has detected a successful attack by a ransomware gang, codenamed OldGremlin. Unsought invoice.

Ransomware

Ransomware Phishing Encryption Authentication

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs

NOVEMBER 15, 2023

The FBI and CISA warn of attacks carried out by the Rhysida ransomware group against organizations across multiple industry sectors. The report is part of the ongoing #StopRansomware effort that disseminates advisories about tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with ransomware groups.

Ransomware

Ransomware Manufacturing Education Passwords

Chipmaker Qualcomm warns of three actively exploited zero-days

Security Affairs

OCTOBER 4, 2023

Google Threat Analysis Group and Google Project Zero first reported that the CVE-2023-33106, CVE-2023-33107, CVE-2022-22071 and CVE-2023-33063 are actively exploited in targeted attacks. Please contact your device manufacturer for more information on the patch status about specific devices.” ” reads the advisory.

Authentication

Authentication Manufacturing Security Information Security

China-linked APT Curious Gorge targeted Russian govt agencies

Security Affairs

MAY 3, 2022

China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge , is targeting Russian government agencies.

Manufacturing

Manufacturing Phishing Passwords Military

Re-invent your warranty process with a digital twin

IBM Big Data Hub

JUNE 20, 2023

According to Warranty Week , claims totaling 46 billion USD were paid by the global automotive Original Equipment Manufacturers in 2021. avoiding warranty issues through simulation), manufacturing (e.g., detecting and preventing failures through sensor data analysis) and after sales (e.g.,

Manufacturing

Manufacturing Sales IoT Analytics

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

Security Affairs

DECEMBER 12, 2023

North Korea-linked APT group Lazarus was spotted exploiting Log4j vulnerabilities to deploy previously undocumented remote access trojans. The North Korea-linked APT group Lazarus is behind a new hacking campaign that exploits Log4j vulnerabilities to deploy previously undocumented remote access trojans (RATs).

Agriculture

Agriculture Data collection Access Manufacturing

Researchers Quietly Cracked Zeppelin Ransomware Keys

Krebs on Security

NOVEMBER 17, 2022

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “ Zeppelin ” in May 2020. There are multiple examples of ransomware groups doing just that after security researchers crowed about finding vulnerabilities in their ransomware code. ” they wrote.

Ransomware

Ransomware Encryption Manufacturing Phishing

8Base ransomware operators use a new variant of the Phobos ransomware

Security Affairs

NOVEMBER 19, 2023

In June, VMware Carbon Black researchers observed an intensification of the activity associated with a stealthy ransomware group named 8Base. The group has been active since March 2022, it focused on small and medium-size businesses in multiple industries, including finance, manufacturing, business services, and IT. and Brazil.

Ransomware

Ransomware Encryption Metadata Manufacturing

THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!

Security Affairs

OCTOBER 19, 2023

The Europen Agency for cybersecurity ENISA releases its ENISA Threat Landscape 2023 (ETL) report , which is the annual analysis of the state of the cybersecurity threat landscape. It identifies the top threats, major trends observed with respect to threats, threat actors and attack techniques, as well as impact and motivation analysis.

Artificial Intelligence

Artificial Intelligence Ransomware Cybersecurity Manufacturing

APT40 cyberespionage group supporting growth of China’s naval sector

Security Affairs

MARCH 5, 2019

A cyber-espionage group, tracked as APT40, apparently linked to the Chinese government is focused on targeting countries important to the country’s Belt and Road Initiative. The cyber-espionage group tracked as APT40 (aka TEMP. ” reads the analysis published by FireEye. ” continues the analysis. .

Phishing

Phishing Passwords Manufacturing Government

Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022

Security Affairs

DECEMBER 1, 2023

The Black Basta ransomware group has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model. A joint research by Elliptic and Corvus Insurance revealed that the group accumulated at least $107 million in Bitcoin ransom payments since early 2022. The average ransom payment was $1.2

Ransomware

Ransomware Blockchain Retail Insurance

Experts warn of a spike in May and June of 8Base ransomware attacks

Security Affairs

JUNE 28, 2023

Researchers warn of a massive spike in May and June 2023 of the activity associated with the ransomware group named 8Base. VMware Carbon Black researchers observed an intensification of the activity associated with a stealthy ransomware group named 8Base. The 8BASE group claims to be composed of honest pentesters. “We

Ransomware

Ransomware Encryption Manufacturing Business Services

The Week in Cyber Security and Data Privacy: 5 – 11 February 2024

IT Governance

FEBRUARY 14, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. TB JP Original Corp Source New Manufacturing USA Yes 1.2 TB JP Original Corp Source New Manufacturing USA Yes 1.2 TB JP Original Corp Source New Manufacturing USA Yes 1.2

Data Privacy

Data Privacy Manufacturing Privacy Security

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Security Affairs

APRIL 3, 2019

The OceanLotus APT group, also known as APT32 or Cobalt Kitty , leverages a steganography-based loader to deliver backdoors on compromised systems. The APT32 group, also known as OceanLotus Group, has been active since at least 2013, according to the experts it is a state-sponsored hacking group.

Libraries

Libraries Encryption Communications Manufacturing

Earth Empusa targets minority group with Android ActionSpy spyware

Security Affairs

JUNE 15, 2020

The Earth Empusa threat group is distributing new Android spyware, dubbed ActionSpy, through watering hole attacks to targets Turkic minority group. ” continues the analysis. The post Earth Empusa targets minority group with Android ActionSpy spyware appeared first on Security Affairs. Pierluigi Paganini.

Phishing

Phishing Encryption Manufacturing Access

NEW TECH: ICS zero-day flaws uncovered by Nozomi Networks’ analysis of anomalous behaviors

The Last Watchdog

AUGUST 26, 2019

The state-sponsored hacking groups are still in business. And not just of power plants and utilities, but also in the firmware and software that run manufacturing plants of all types and sizes, Carcano told me.

Artificial Intelligence

Artificial Intelligence Cybersecurity Manufacturing Security

Experts link Raspberry Robin Malware to Evil Corp cybercrime gang

Security Affairs

SEPTEMBER 2, 2022

Researchers attribute the Raspberry Robin malware to the Russian cybercrime group known as Evil Corp group. The malware was first spotted on September 2021, the experts observed it targeting organizations in the technology and manufacturing industries. The malware uses TOR exit nodes as a backup C2 infrastructure.

Security awareness

Security awareness Manufacturing Ransomware Cybersecurity

Hades ransomware gang targets big organizations in the US

Security Affairs

MARCH 26, 2021

Accenture security researchers published an analysis of the latest Hades campaign, which is ongoing since at least December 2020. . Experts discovered that threat actors targeted a large US transportation & logistics organization, a large US consumer products organization, and a global manufacturing organization.

Ransomware

Ransomware Encryption File names Manufacturing

North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya

Security Affairs

AUGUST 7, 2023

Two North Korea-linked APT groups compromised the infrastructure of the major Russian missile engineering firm NPO Mashinostroyeniya. Cybersecurity firm SentinelOne linked the compromise of the major Russian missile engineering firm NPO Mashinostroyeniya to two different North Korea-linked APT groups.

Military

Military Communications Manufacturing Phishing

Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs

Security Affairs

NOVEMBER 16, 2022

DTrack is a modular backdoor used by the Lazarus group since 2019 , it was employed in attacks against a wide variety of targets, from financial environments to a nuclear power plan. The second stage payload is a heavily obfuscated shellcode, the APT group used an encryption method different for each sample.

Manufacturing

Manufacturing Education Encryption IT

Witchetty APT used steganography in attacks against Middle East entities

Security Affairs

OCTOBER 1, 2022

A cyberespionage group, tracked as Witchetty, used steganography to hide a previously undocumented backdoor in a Windows logo. The group used the backdoor in attacks against Middle Eastern governments. The group used the backdoor in attacks against Middle Eastern governments. ” the researchers concluded.

Manufacturing

Manufacturing Government Cybersecurity IT

6,009,014 MovieBoxPro Accounts Breached in Another Data Scraping Incident

IT Governance

MAY 7, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Source (New) IT services USA Yes 1,382 Worthen Industries Source 1 ; source 2 (Update) Manufacturing USA Yes 1,277 R.J. Source (New) Manufacturing USA Yes Unknown Human Events.

Data breaches

Data breaches Education Manufacturing Retail

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

IT Governance

FEBRUARY 21, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Source New Manufacturing USA Yes 20,415 TECA Srl Source New Transport Italy Yes 16.7 GB AGC Flat Glass North America, Inc.

Data Privacy

Data Privacy Manufacturing Privacy Energy and Utilities

Experts spotted a variant of the Agenda Ransomware written in Rust

Security Affairs

DECEMBER 19, 2022

The Qilin ransomware-as-a-service (RaaS) group uses a double-extortion model, with most of the victims in the manufacturing and IT industries. ” reads the analysis published by Trend Micro. ” reads the analysis published by Trend Micro. ” continues the analysis. AGENDA.THIAFBB.”

Ransomware

Ransomware Encryption Passwords Education

Holy Ghost ransomware operation is linked to North Korea

Security Affairs

JULY 15, 2022

The Microsoft Threat Intelligence Center (MSTIC) researchers linked the activity of the Holy Ghost ransomware (H0lyGh0st) operation to a North Korea-linked group they tracked as DEV-0530. The list of victims includes manufacturing organizations, banks, schools, and event and meeting planning companies.

Ransomware

Ransomware Encryption Government Manufacturing

UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware

Security Affairs

MAY 5, 2021

The group targeted the organization with phishing attacks aimed at spreading at least three new sophisticated malware strains. FireEye’s Mandiant unit observed two distinct waves of attacks carried out by the cybercrime group in December 2020. ” states the analysis published by FireEye.

Manufacturing

Manufacturing Phishing Military Retail

RansomExx Ransomware upgrades to Rust programming language

Security Affairs

NOVEMBER 24, 2022

RansomExx operation has been active since 2018, the list of its victims includes government agencies, the computer manufacturer and distributor GIGABYTE , and the Italian luxury brand Zegna. ” reads the analysis published by IBM Security X-Force. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon.

Ransomware

Ransomware Encryption Manufacturing Government

New financially motivated attacks in Western Europe traced to Russian-speaking threat actors

Security Affairs

MARCH 27, 2020

Researchers at Group-IB observed new financially motivated attacks in Western Europe traced to Russian-speaking threat actors. At least two companies operating in pharmaceutical and manufacturing sectors have been affected. At least two companies operating in pharmaceutical and manufacturing sectors have been affected.

Healthcare

Healthcare Manufacturing Cybersecurity Retail

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Security Affairs

SEPTEMBER 23, 2023

MILES/CBS NEWS TEXAS The Royal ransomware group is behind the attack and threatens to publish stolen data if the City will not meet its ransom demand. Once obtained access to the City’s network, the group performed reconnaissance and information-gathering activities using legitimate third-party remote management tools.

Ransomware

Ransomware Encryption Systems administration Cybersecurity

Mysterious threat actor TAC-040 used previously undetected Ljl Backdoor

Security Affairs

AUGUST 5, 2022

The attack took place in May and lasted seven days, the analysis of the network logs suggests TAC-040 exfiltrated around 700MBs of data from the victim system. “ATI’s thorough analysis determined that the attack occurred during the end of May over a seven day period. ” reads the analysis published by Deepwatch.

Manufacturing

Manufacturing Cybersecurity IT Access

Kraken fileless attack technique abuses Microsoft Windows Error Reporting (WER)

Security Affairs

OCTOBER 7, 2020

An unidentified group of hackers is using a new fileless attack technique, dubbed Kraken, that abuses the Microsoft Windows Error Reporting (WER). The hacking technique was employed by an unidentified hacking group to avoid detection. The hacking technique was employed by an unidentified hacking group to avoid detection.

Phishing

Phishing Manufacturing Archiving Government

Chinese APT Group Winnti Is Stealing Intellectual Property

More on NSO Group and Cytrox: Two Cyberweapons Arms Manufacturers

Webinars

Trending Sources

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia

Webinars

NSO Group Hacked

Winnti Group was planning a devastating supply-chain attack against Asian manufacturer

A Year Later, Cybercrime Groups Still Rampant on Facebook

China-linked APT41 group targets Hong Kong with Spyder Loader

China-linked APT group VANGUARD PANDA uses a new tradecraft in recent attacks

Balikbayan Foxes group spoofs Philippine gov to spread RATs

Cyber-Criminal espionage Operation insists on Italian Manufacturing

McAfee Finds Years-Long Attack by Chinese-Linked APT Groups

Antlion APT group used a custom backdoor that allowed them to fly under the radar for months

ANALYSIS OF THE TURKISH LARGE FORMAT PRINTING MARKET, 2022?

Group-IB detects a series of ransomware attacks by OldGremlin

FBI and CISA warn of attacks by Rhysida ransomware gang

Chipmaker Qualcomm warns of three actively exploited zero-days

China-linked APT Curious Gorge targeted Russian govt agencies

Re-invent your warranty process with a digital twin

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

Researchers Quietly Cracked Zeppelin Ransomware Keys

8Base ransomware operators use a new variant of the Phobos ransomware

THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!

APT40 cyberespionage group supporting growth of China’s naval sector

Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022

Experts warn of a spike in May and June of 8Base ransomware attacks

The Week in Cyber Security and Data Privacy: 5 – 11 February 2024

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Earth Empusa targets minority group with Android ActionSpy spyware

NEW TECH: ICS zero-day flaws uncovered by Nozomi Networks’ analysis of anomalous behaviors

Experts link Raspberry Robin Malware to Evil Corp cybercrime gang

Hades ransomware gang targets big organizations in the US

North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya

Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs

Witchetty APT used steganography in attacks against Middle East entities

6,009,014 MovieBoxPro Accounts Breached in Another Data Scraping Incident

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

Experts spotted a variant of the Agenda Ransomware written in Rust

Holy Ghost ransomware operation is linked to North Korea

UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware

RansomExx Ransomware upgrades to Rust programming language

New financially motivated attacks in Western Europe traced to Russian-speaking threat actors

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Mysterious threat actor TAC-040 used previously undetected Ljl Backdoor

Kraken fileless attack technique abuses Microsoft Windows Error Reporting (WER)

Stay Connected