Blog, Groups and Security - Information Management Today

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. Multiple security firms soon assigned the hacking group the nickname “ Scattered Spider.” 9, 2024, U.S. Twilio disclosed in Aug. According to an Aug.

Passwords

Passwords Phishing Access Encryption

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

SEPTEMBER 30, 2023

Earlier this week, KrebsOnSecurity revealed that the darknet website for the Snatch ransomware group was leaking data about its users and the crime gang’s internal operations. According to a September 20, 2023 joint advisory from the FBI and the U.S. According to a September 20, 2023 joint advisory from the FBI and the U.S.

Ransomware

Ransomware Data breaches Encryption Systems administration

Ransomware Group Debuts Searchable Victim Data

Krebs on Security

JUNE 14, 2022

Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying. The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware group, which has traditionally published any stolen victim data on the Dark Web.

Ransomware

Ransomware Privacy Security IT

Ransomware Group Turns to Facebook Ads

Krebs on Security

NOVEMBER 10, 2020

It’s bad enough that many ransomware gangs now have blogs where they publish data stolen from companies that refuse to make an extortion payment. Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up. On the evening of Monday, Nov. ”

Ransomware

Ransomware IT Security

Fulton County, Security Experts Call LockBit’s Bluff

Krebs on Security

FEBRUARY 29, 2024

The ransomware group LockBit told officials with Fulton County, Ga. Security experts say LockBit was likely bluffing and probably lost most of the data when the gang’s servers were seized this month by U.S. 13, saying that unless it was paid a ransom the group would publish files stolen in a breach at the county last month.

Security

Security Ransomware IT Access

Conti Ransomware Group Diaries, Part I: Evasion

Krebs on Security

MARCH 1, 2022

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. On Sunday, Feb. ” GAP #1. 22, 2020, the U.S.

Ransomware

Ransomware Government Security IT

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Security Affairs

OCTOBER 18, 2023

Google’s Threat Analysis Group (TAG) reported that in recent weeks multiple nation-state actors were spotted exploiting the vulnerability CVE-2023-38831 in WinRAR. The researchers reported that several cybercrime groups began exploiting the flaw in early 2023, when the bug was still a zero-day. ” reported Google TAG.

Archiving

Archiving Security IT Data breaches

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported.

Security

Security Phishing Information Security Communications

New RA Group ransomware gang is the latest group using leaked Babuk source code

Security Affairs

MAY 15, 2023

A previously unknown ransomware group known as RA Group is targeting companies in U.S. Cisco Talos researchers recently discovered a new ransomware operation called RA Group that has been active since at least April 22, 2023. The group has already compromised three organizations in the U.S. and one in South Korea.

Ransomware

Ransomware Encryption Healthcare Insurance

Unknown APT group is targeting Russian government entities

Security Affairs

MAY 25, 2022

An unknown APT group is targeting Russian government entities since the beginning of the Russian invasion of Ukraine. Experts attributed the attacks, with low confidence, to a China-linked APT group. “Attribution is difficult, and threat actors are known to use indicators from other groups as false flags.

Government

Government Phishing Archiving Cybersecurity

Cybercrime group exploits Windows zero-day in ransomware attacks

Security Affairs

APRIL 11, 2023

Microsoft fixed the issue with the release of Patch Tuesday security updates for April 2023. The experts pointed out that while the majority of zero-days they have discovered in the past were used by APT groups, this zero-day was exploited by a sophisticated cybercrime group. ” reads the analysis published by Kaspersky.

Ransomware

Ransomware Education Cybersecurity Security

Pro-Russian hacker group KillNet plans to attack Italy on May 30

Security Affairs

MAY 29, 2022

Pro-Russian hacker group KillNet is threatening again Italy, it announced a massive and unprecedented attack on May 30. Pro-Russian hacker group KillNet is threatening again Italy, it announced a massive and unprecedented attack on May 30. “With different levels of superiority, command lines and tasking. Pierluigi Paganini.

Cybersecurity

Cybersecurity Risk Security Government

Exclusive: Pro-Russia group ‘Cyber Spetsnaz’ is attacking government agencies

Security Affairs

JUNE 6, 2022

(USA) has identified an increase in activity within hacktivist groups conducted by a new group called “Cyber Spetsnaz”. USA) has identified an increase in activity within hacktivist groups, they’re leveraging current geopolitical tensions between the Ukraine and Russia to perform cyber-attacks. Resecurity, Inc.

Government

Government Cybersecurity IoT Security

Iran-linked APT groups started exploiting Papercut flaw

Security Affairs

MAY 9, 2023

Microsoft warns of Iran-linked APT groups that are targeting vulnerable PaperCut MF/NG print management servers. Microsoft warns that Iran-linked APT groups have been observed exploiting the CVE-2023-27350 flaw in attacks against PaperCut MF/NG print management servers. 21.2.11, and 22.0.9 We are in the final!

Cybersecurity

Cybersecurity Authentication Access Security

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG). The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017.

Phishing

Phishing Military Ransomware Education

Money Message ransomware group claims to have hacked IT giant MSI

Security Affairs

APRIL 6, 2023

The ransomware group added the company to the list of victims on its Tor leak site, it claims to have stolen the source code from the company, including a framework to develop bios, and private keys. MSI is headquartered in Taipei, Taiwan.

Ransomware

Ransomware IT Manufacturing Education

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Security Affairs

APRIL 6, 2023

Google’s Threat Analysis Group (TAG) warns of a North Korea-linked cyberespionage group tracked as ARCHIPELAGO. Google experts are tracking ARCHIPELAGO since 2012 and have observed the group targeting individuals with expertise in North Korea policy issues. ” reads the analysis published by Google TAG.

Phishing

Phishing Passwords Military Education

China-linked APT41 group spotted using open-source red teaming tool GC2

Security Affairs

APRIL 17, 2023

China-linked APT41 group used the open-source red teaming tool GC2 in an attack against a Taiwanese media organization. Google Threat Analysis Group (TAG) team reported that the China-linked APT41 group used the open-source red teaming tool Google Command and Control ( GC2 ) in an attack against an unnamed Taiwanese media organization.

Phishing

Phishing Cloud Government Education

DEV-0569 group uses Google Ads to distribute Royal Ransomware

Security Affairs

NOVEMBER 19, 2022

Researchers from the Microsoft Security Threat Intelligence team warned that a threat actor, tracked as DEV-0569, is using Google Ads to distribute various payloads, including the recently discovered Royal ransomware. The BATLOADER was hosted on domains created by the group to appear as legitimate software download sites (i.e.

Ransomware

Ransomware Phishing Encryption Access

Pro-Russia hacking group executed a disruptive attack against a Canadian gas pipeline

Security Affairs

APRIL 26, 2023

Pro-Russia hacking group Zarya caused a cybersecurity incident at a Canadian gas pipeline, the critical infrastructure sector is on alert. A Canadian gas pipeline suffered a cyber security incident, Canada’s top cyber official and Pro-Russia hacking group Zarya claimed the attack could have caused an explosion.

Cybersecurity

Cybersecurity Education Authentication Security

FIN8 Group spotted delivering the BlackCat Ransomware

Security Affairs

JULY 18, 2023

The cybercrime group FIN8 is using a revamped version of the Sardonic backdoor to deliver the BlackCat ransomware. The financially motivated group FIN8 (aka Syssphinx) was spotted using a revamped version of a backdoor tracked as Sardonic to deliver the BlackCat ransomware (aka Noberus ransomware).

Ransomware

Ransomware Sales IT Security

New PowerExchange Backdoor linked to an Iranian APT group

Security Affairs

MAY 26, 2023

An alleged Iran-linked APT group targeted an organization linked to the United Arab Emirates (U.A.E.) The experts speculate that the backdoor is likely linked to an Iran-linked APT group. The experts speculate that the backdoor is likely linked to an Iran-linked APT group. with the new PowerExchange backdoor.

Communications

Communications File names Archiving Phishing

Lacroix Group shut down three facilities after a ‘targeted cyberattack’

Security Affairs

MAY 16, 2023

French electronics manufacturer Lacroix Group shut down three plants after a cyber attack, experts believe it was the victim of a ransomware attack. The French electronics manufacturer Lacroix Group shut down three facilities in France, Germany, and Tunisia in response to a cyber attack. ” reported Yahoo Finance.

Manufacturing

Manufacturing Ransomware Sales Encryption

A cyber attack forced the wind turbine manufacturer Nordex Group to shut down some of IT systems

Security Affairs

APRIL 6, 2022

Nordex Group, one of the largest manufacturers of wind turbines, was hit by a cyberattack that forced the company to shut down part of its infrastructure. Nordex Group, one of the world’s largest manufacturers of wind turbines, was the victim of a cyberattack that forced the company to take down multiple systems. Pierluigi Paganini.

Manufacturing

Manufacturing IT Ransomware Cybersecurity

FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it

Security Affairs

DECEMBER 19, 2023

The Federal Bureau of Investigation (FBI) announced the seizure of the Tor leak site of the AlphV/Blackcat ransomware group. The FBI seized the Tor leak site of the AlphV/Blackcat ransomware group and replaced the home page with the announcement of the seizure. the fashion giant Moncler , the Swissport , NCR , and Western Digital.

Ransomware

Ransomware IT Access Manufacturing

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Security Affairs

MAY 19, 2023

The Lemon Group cybercrime ring has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. A cybercrime group tracked has Lemon Group has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. The domain used by the DEX file belongs to the Lemon Group ( js [.]big

Libraries

Libraries Communications Big data Passwords

Experts linked multiple ransomware strains North Korea-backed APT38 group

Security Affairs

MAY 4, 2022

Researchers from Trellix linked multiple ransomware strains to the North Korea-backed APT38 group. APT38 appears to be a North Korea-linked group separate from the infamous Lazarus group, it has been active since at least 2014 and it has been observed targeting over 16 organizations across 11 countries. akkim@protonmail[.]com

Ransomware

Ransomware Encryption Cybersecurity Security

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

A search in Google for a string of text from that script turns up a December 2023 blog post from cryptocurrency security firm SlowMist about phishing attacks on Telegram from North Korean state-sponsored hackers. “When the project team clicks the link, they encounter a region access restriction,” SlowMist wrote.

Phishing

Phishing Blockchain Military Passwords

Pro-Russia group NoName took down multiple France sites, including the French Senate one

Security Affairs

MAY 5, 2023

The French Senate’s website was taken offline by a DDoS attack launched by the pro-Russian hacker group NoName. The pro-Russia hacker group NoName is claiming responsibility for a DDoS attack that took the website of the French Senate offline. We are in the final!

Cybersecurity

Cybersecurity Government Security Access

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

Security Affairs

APRIL 24, 2023

The company received two vulnerability reports from the cybersecurity firm Trend Micro ) for high/critical severity security issues in PaperCut MF/NG. Cybersecurity and Infrastructure Security Agency (CISA) added it to its Known Exploited Vulnerabilities Catalog. ” reads the advisory published by PaperCut. Last week, the U.S.

Cybersecurity

Cybersecurity Ransomware Education Authentication

Lazarus APT group employed Linux Malware in recent attacks and was linked to 3CX supply chain attack

Security Affairs

APRIL 20, 2023

North Korea-linked APT group Lazarus employed new Linux malware in attacks that are part of Operation Dream Job. North Korea-linked APT group Lazarus is behind a new campaign tracked as Operation DreamJob (aka DeathNote or NukeSped ) that employed Linux malware.

Archiving

Archiving Education Phishing Cybersecurity

China-linked TA413 group actively exploits Microsoft Follina zero-day flaw

Security Affairs

JUNE 1, 2022

A China-linked APT group is actively exploiting the recently disclosed Follina zero-day flaw in Microsoft Office in attacks in the wild. China-linked APT group TA413 has been observed exploiting the recently disclosed Follina zero-day flaw (tracked as CVE-2022-30190 and rated CVSS score 7.8) Pierluigi Paganini.

Archiving

Archiving Cybersecurity Phishing Security

Ransomware Groups Look for Inside Help

eSecurity Planet

AUGUST 23, 2021

A researcher with email security solutions vendor Abnormal Security found a threat actor directly emailing employees of a company urging them to release the ransomware into a company computer or Windows server in return for 40 percent – about $1 million – of the expected $2.5 million ransom the company would pay. Filling the Void.

Ransomware

Ransomware Phishing Cybersecurity File names

NSO Group Pegasus spyware leverages new zero-click iPhone exploit in recent attacks

Security Affairs

APRIL 19, 2022

Researchers reported that threat actors leveraged a new zero-click iMessage exploit to install NSO Group Pegasus on iPhones belonging to Catalans. The experts at the Citizen Lab, in collaboration with Catalan civil society groups, have identified at least 65 individuals targeted or infected with spyware. and before iOS 13.5.1.”

Government

Government Cybersecurity Security Access

Group-IB CEO remains in prison – the Russian-led company has been ‘blacklisted’ in Italy

Security Affairs

MAY 2, 2022

The latest executive order from the Italian ACN agency banned Group-IB, a Russian-led cybersecurity firm from working in the government sector. Kislitsin continues to work for Group-IB and is still currently listed on the Russian version of their official WEB-site. based corporations. Government.

Cybersecurity

Cybersecurity Government Paper Information Security

NB65 group targets Russia with a modified version of Conti’s ransomware

Security Affairs

APRIL 10, 2022

NB65 hacking group created its ransomware based on the leaked source code of the Conti ransomware and targets Russia. According to BleepingComputer , NB65 hacking group is targeting Russian organizations with ransomware that they have developed using the leaked source code of the Conti ransomware. Why CTI is fun? Pierluigi Paganini.

Ransomware

Ransomware Encryption Military Cybersecurity

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. Image: Cloudflare.com.

Phishing

Phishing Authentication Passwords Access

IT Governance Podcast Episode 8: Twitter, Instagram, InterContinental and Cloud security

IT Governance

SEPTEMBER 16, 2022

This week, we discuss allegations of data security failures at Twitter, a €405 million fine for Instagram, a cyber attack on InterContinental Hotels Group, and why Cloud security is so important. Now available on Spotify , Amazon Music , Apple Podcasts and SoundCloud.

Cloud

Cloud Government IT Security

MSI confirms security breach after Money Message ransomware attack

Security Affairs

APRIL 7, 2023

Multinational IT corporation MSI (Micro-Star International) confirms security breach after Money Message ransomware gang claimed the hack. The ransomware group added the company to the list of victims on its Tor leak site, it claims to have stolen the source code from the company, including a framework to develop bios, and private keys.

Ransomware

Ransomware Security Manufacturing Cybersecurity

McAfee Finds Years-Long Attack by Chinese-Linked APT Groups

eSecurity Planet

SEPTEMBER 16, 2021

During the two-month investigation, McAfee researchers were able to narrow down the list of suspects to two advanced persistent threat (APT) nation-state groups that have links to China. Chinese-Linked APT Groups Likely Suspects. PlugX, Winnti and some other custom tools all point to a group that had access to the same tools.

Military

Military Access Manufacturing Phishing

A Tiny Blog Took on Big Surveillance in China—and Won

WIRED Threat Level

APRIL 4, 2023

Digging through manuals for security cameras, a group of gearheads found sinister details and ignited a new battle in the US-China tech war.

Security

Ransomware Groups are Targeting VMs

eSecurity Planet

JUNE 30, 2021

Security analysts at Sophos’ Managed Threat Response unit last year detailed some campaigns that used VMs to hide their malicious payloads. “If nothing else, it’s a growth in capability for an already active and prolific group, with some interesting features. . “The motivation behind the tactic is stealth. .

Ransomware

Ransomware Cybersecurity Digital transformation Cloud

Pro-Russian group Killnet launched DDoS attacks on Romanian govt sites

Security Affairs

APRIL 30, 2022

The Romanian national cyber security and incident response team, DNSC, warns of a series of distributed denial-of-service (DDoS) attacks targeting government websites. The post Pro-Russian group Killnet launched DDoS attacks on Romanian govt sites appeared first on Security Affairs. To nominate, please visit:?

CMS

CMS Government Cybersecurity Security

Nation-State Attackers, Ransomware Groups Take Aim at Apache Log4j Flaw

eSecurity Planet

DECEMBER 15, 2021

Nation-state cyber threat groups and ransomware attackers are moving in to exploit a critical flaw found in the seemingly ubiquitous Apache Log4j open-source logging tool, as attacks spread just days after the vulnerability that could affect hundreds of millions of devices was made public late last week. Expanding Log4j Attacks.

Ransomware

Ransomware Cybersecurity Access Libraries

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

A Closer Look at the Snatch Data Ransom Group

Trending Sources

Ransomware Group Debuts Searchable Victim Data

Ransomware Group Turns to Facebook Ads

Fulton County, Security Experts Call LockBit’s Bluff

Conti Ransomware Group Diaries, Part I: Evasion

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

New RA Group ransomware gang is the latest group using leaked Babuk source code

Unknown APT group is targeting Russian government entities

Cybercrime group exploits Windows zero-day in ransomware attacks

Pro-Russian hacker group KillNet plans to attack Italy on May 30

Exclusive: Pro-Russia group ‘Cyber Spetsnaz’ is attacking government agencies

Iran-linked APT groups started exploiting Papercut flaw

Google TAG warns of Russia-linked APT groups targeting Ukraine

Money Message ransomware group claims to have hacked IT giant MSI

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

China-linked APT41 group spotted using open-source red teaming tool GC2

DEV-0569 group uses Google Ads to distribute Royal Ransomware

Pro-Russia hacking group executed a disruptive attack against a Canadian gas pipeline

FIN8 Group spotted delivering the BlackCat Ransomware

New PowerExchange Backdoor linked to an Iranian APT group

Lacroix Group shut down three facilities after a ‘targeted cyberattack’

A cyber attack forced the wind turbine manufacturer Nordex Group to shut down some of IT systems

FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Experts linked multiple ransomware strains North Korea-backed APT38 group

Calendar Meeting Links Used to Spread Mac Malware

Pro-Russia group NoName took down multiple France sites, including the French Senate one

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

Lazarus APT group employed Linux Malware in recent attacks and was linked to 3CX supply chain attack

China-linked TA413 group actively exploits Microsoft Follina zero-day flaw

Ransomware Groups Look for Inside Help

NSO Group Pegasus spyware leverages new zero-click iPhone exploit in recent attacks

Group-IB CEO remains in prison – the Russian-led company has been ‘blacklisted’ in Italy

NB65 group targets Russia with a modified version of Conti’s ransomware

How 1-Time Passcodes Became a Corporate Liability

IT Governance Podcast Episode 8: Twitter, Instagram, InterContinental and Cloud security

MSI confirms security breach after Money Message ransomware attack

McAfee Finds Years-Long Attack by Chinese-Linked APT Groups

A Tiny Blog Took on Big Surveillance in China—and Won

Ransomware Groups are Targeting VMs

Pro-Russian group Killnet launched DDoS attacks on Romanian govt sites

Nation-State Attackers, Ransomware Groups Take Aim at Apache Log4j Flaw

Stay Connected