Remove File names Remove Groups Remove Phishing
article thumbnail

CERT-UA warns of a phishing campaign targeting government entities

Security Affairs

CERT-UA warned that Russia-linked actor is impersonating the Security Service of Ukraine (SSU) in a new phishing campaign to distribute malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign targeting organizations in the country, including government entities.

Phishing 125
article thumbnail

Chinese APT Earth Baxia target APAC by exploiting GeoServer flaw

Security Affairs

Trend Micro researchers reported that China-linked APT group Earth Baxia has targeted a government organization in Taiwan and potentially other countries in the Asia-Pacific (APAC) region. The threat actor used spear-phishing emails and exploited the recently patched GeoServer vulnerability CVE-2024-36401. ” reads the report.

Phishing 127
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Experts warn of a new wave of Bumblebee malware attacks

Security Affairs

Bumblebee has been active since March 2022 when it was spotted by Google’s Threat Analysis Group (TAG), experts noticed that cybercriminal groups that were previously using the BazaLoader and IcedID as part of their malware campaigns switched to the Bumblebee loader. lnk” that, once executed, starts the attack chain.

article thumbnail

New PowerExchange Backdoor linked to an Iranian APT group

Security Affairs

An alleged Iran-linked APT group targeted an organization linked to the United Arab Emirates (U.A.E.) The experts speculate that the backdoor is likely linked to an Iran-linked APT group. The experts speculate that the backdoor is likely linked to an Iran-linked APT group. with the new PowerExchange backdoor.

article thumbnail

North Korea-linked Kimsuky APT attack targets victims via Messenger

Security Affairs

North Korea-linked Kimsuky APT group employs rogue Facebook accounts to target victims via Messenger and deliver malware. Researchers at Genius Security Center (GSC) identified a new attack strategy by the North Korea-linked Kimsuky APT group and collaborated with the Korea Internet & Security Agency (KISA) for analysis and response.

article thumbnail

Ransomware Groups Look for Inside Help

eSecurity Planet

The shutting down of operations by ransomware groups like REvil and DarkSide also has given other bad actors room to roam, which has fueled a resurgence in the LockBit ransomware-as-a-service (RaaS), with the most recent high-profile attack being on global consulting firm Accenture that sought a ransom of about $50 million. Filling the Void.

article thumbnail

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler service flaw. Microsoft reported that the Russia-linked APT28 group (aka “ Forest Blizzard ”, “ Fancybear ” or “ Strontium ” used a previously unknown tool, dubbed GooseEgg, to exploit the Windows Print Spooler flaw CVE-2022-38028.

Military 129