Security Affairs

DECEMBER 26, 2020

REvil ransomware gang, aka Sodinokibi, hacked The Hospital Group and threatens to release before-and-after pictures of celebrity clients. The Hospital Group has confirmed the ransomware attack and notified the Information Commissioner about the security breach. The Hospital Group also notified via email all customers.

Ransomware 121

Ransomware Personal data File names Security 121

Security Affairs

NOVEMBER 5, 2020

A new Chinese APT group, tracked as KilllSomeOne, appeared in the threat landscape targeting corporate organizations in Myanmar. A new Chinese APT group, tracked as KilllSomeOne, was spotted by researchers at Sophos. The advanced cyber-espionage group is targeting corporate organizations in Myanmar with DLL side-loading attacks.

File names 109

File names Encryption Libraries IT 109

Security Affairs

AUGUST 16, 2021

We were able to tie this activity to a threat group that identify themselves as regime opposition group, named Indra.” A file named mssetup.exe was used as a screenlocker that locked the user out of their systems, and the nti.exe file used to corrupt the system’s master boot record (MBR).

File names 104

File names Ransomware IT Security 104

eSecurity Planet

AUGUST 23, 2021

A researcher with email security solutions vendor Abnormal Security found a threat actor directly emailing employees of a company urging them to release the ransomware into a company computer or Windows server in return for 40 percent – about $1 million – of the expected $2.5 million ransom the company would pay. Filling the Void.

Ransomware 126

Ransomware Phishing Cybersecurity File names 126

Security Affairs

MAY 18, 2021

Uptycs’ threat research team discovered a new botnet, tracked as Simps botnet, attributed to Keksec group, which is focused on DDOS activities. Uptycs’ threat research team has discovered a new Botnet named ‘Simps’ attributed to Keksec group primarily focussed on DDOS activities. Discovery of Simps Botnet.

IoT 127

IoT File names Communications Security 127

Security Affairs

AUGUST 23, 2023

A previously unknown APT group, tracked as Carderbee, was behind a supply chain attack against Hong Kong organizations. The group attempted to infect target organizations with the Korplug backdoor (aka PlugX ). EsafeNet is owned by Chinese information security firm NSFOCUS. It decompresses and executes a file named content.dll.

File names 83

File names Encryption Archiving Information Security 83

Security Affairs

MARCH 11, 2023

Researchers at ASEC (AhnLab Security Emergency response Center) observed threat actors deploying the PlugX malware by exploiting vulnerabilities in the Chinese remote control software Sunlogin and Awesun. esetservice.exe is actually a legitimate HTTP Server Service program made by the security firm ESET.

File names 92

File names Security IT Information Security 92

Security Affairs

OCTOBER 22, 2023

WithSecure researchers linked the recent attacks using the DarkGate malware to a Vietnamese cybercrime group previously known for the usage of Ducktail stealer. Vietnamese cybercrime groups are using multiple Malware as a Service (MaaS), their targeting and methods heavily overlap. ” reads the report published by WithSecure.

File names 111

File names Archiving IT Access 111

Security Affairs

FEBRUARY 16, 2024

Russia-linked APT group Turla has been spotted targeting Polish non-governmental organizations (NGO) with a new backdoor dubbed TinyTurla-NG. Russia-linked cyberespionage group Turla has been spotted using a new backdoor dubbed TinyTurla-NG in attacks aimed at Polish non-governmental organizations.

CMS 109

CMS File names Passwords Access 109

Security Affairs

APRIL 5, 2022

Ukraine CERT-UA published a security advisory to warn of spear-phishing attacks conducted by Russia-linked Armageddon APT (aka Gamaredon , Primitive Bear, Armageddon, Winterflounder, or Iron Tilden) targeting local state organizations. The group targeted government and military organizations in Ukraine. Pierluigi Paganini.

Military 118

Military Phishing File names Archiving 118

Security Affairs

APRIL 10, 2023

Iran-linked APT group MERCURY is behind destructive attacks on hybrid environments masquerading as a ransomware operation. The Microsoft Threat Intelligence team observed a series of destructive attacks on hybrid environments that were carried out by MuddyWater APT group (aka MERCURY ). Both groups used MULLVAD VPN.

Ransomware 93

Ransomware File names Access Education 93

Security Affairs

SEPTEMBER 12, 2019

Iran-linked Cobalt Dickens APT group carried out a spear-phishing campaign aimed at tens of universities worldwide. This operation is similar to the threat group’s August 2018 campaign , using compromised university resources to send library-themed phishing emails.” ” reads the analysis published by Secureworks.

Phishing 80

Phishing Libraries File names Metadata 80

Security Affairs

MAY 16, 2019

The BlackTech cyber-espionage group exploited the ASUS update process for WebStorage application to deliver the Plead backdoor. The cyber espionage group tracked as BlackTech compromised the ASUS update process for WebStorage application to deliver the Plead backdoor. SecurityAffairs – Plead Backdoor, Zero-day, BlackTech group).

File names 76

File names Cloud Authentication Security 76

Security Affairs

JUNE 15, 2023

Russia-linked APT group Gamaredon is using a new toolset in attacks aimed at critical organizations in Ukraine. Symantec researchers reported that in some cases, the cyberespionage group remained undetected in the target networks for three months. The attack chain commences with spear-phishing emails with malicious attachments (.docx,rar,sfx

Military 88

Military File names Archiving Phishing 88

Security Affairs

OCTOBER 10, 2018

A previously unknown cyber espionage group, tracked as Gallmaker, has been targeting entities in the government, military and defense sectors since at least 2017. A new cyber espionage group tracked as Gallmaker appeared in the threat landscape. ” continues Symantec. Pierluigi Paganini.

Military 84

Military File names Libraries Government 84

Security Affairs

FEBRUARY 3, 2023

The State Cyber Protection Centre (SCPC) of Ukraine warns of a new wave of targeted attacks conducted by the Russia-linked APT group Gamaredon (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa). Currently, the Gamaredon group is using the GammaLoad and GammaSteel SPZs in their campaigns.

File names 94

File names Archiving Phishing Government 94

Security Affairs

OCTOBER 13, 2022

The Budworm espionage group resurfaced targeting a U.S.-based This is the first time that Symantec researchers have observed the Budworm group targeting a U.S-based The group also targeted a hospital in South East Asia. The China-linked APT27 group has been active since 2010, it targeted organizations worldwide, including U.S.

File names 132

File names Financial Services Manufacturing Libraries 132

Security Affairs

DECEMBER 22, 2022

The Vice Society ransomware group has adopted new custom ransomware, with a strong encryption scheme, in recent intrusions. This group focuses on public school districts and other educational institutions, like other ransomware gangs it implements a double extortion model and publishes data stolen from the victims on a data leak site.

Ransomware 130

Ransomware Encryption File names Education 130

Security Affairs

FEBRUARY 28, 2019

Security expert Marco Ramilli analyzed a new piece of malware apparently designed to target PIK-Group that implements ransomware , Trojan, and Miner capabilities. So I clicked on the link (see IOC section) and I’ve downloaded a “pik.zip” file. which according to google translate would be: “PIK Group of Companies order details”.

Ransomware 76

Ransomware Mining File names Encryption 76

Security Affairs

OCTOBER 21, 2021

The Macaw Locker ransomware encrypts victims’ files and append the .macaw macaw extension to the file name of the encrypted files. The Evil Corp cybercrime group (aka the Dridex gang Indrik Spider , the Dridex gang, and TA505 ) has been active in cybercrime activities since 2007. Pierluigi Paganini.

Ransomware 120

Ransomware File names Encryption Government 120

Security Affairs

AUGUST 18, 2023

SentinelOne observed China-linked APT group Bronze Starlight (aka APT10 , Emperor Dragonfly or Storm-0401) targeting the gambling sector within Southeast Asia. Bronze Starlight is a nation-state group that was observed using ransomware as means for distraction or misattribution. ” reads the analysis published by SentinelOne.

Archiving 95

Archiving File names Encryption Passwords 95

Security Affairs

FEBRUARY 10, 2024

The experts grouped these variants into Variant 1, 2 and Zero. All the variants support commands that allow operators to gather and upload files, and gather information about the machine. The researchers noticed that the backdoor contained a plist file named ‘test’. ” reads the report published by Bitdefender.

Ransomware 122

Ransomware File names Passwords IT 122

Security Affairs

NOVEMBER 20, 2018

Sofacy APT group (aka APT28 , Pawn Storm , Fancy Bear , Sednit , Tsar Team, and Strontium ) has a new weapon in its arsenal dubbed Cannon. The Russia-linked APT group delivers Cannon in a spear-phishing attack that targets government organizations in North America, Europe and in a former USSR state. Pierluigi Paganini.

File names 78

File names Phishing Communications Government 78

Security Affairs

JANUARY 7, 2022

Once encrypted a file, the ransomware appends the ‘ nightsky ‘ extension to encrypted file names. According to BleepingComputer , the group demanded one of its victims, the payment of an initial ransom of $800,000 to recover the encrypted data. Program Files Program Files (x86) #recycle.

Ransomware 134

Ransomware Encryption File names Communications 134

Security Affairs

MARCH 18, 2022

Google’s TAG team revealed that China-linked APT groups are targeting Ukraine’s government for intelligence purposes. Below is the tweet published by TAG chief, Shane Huntley, who cited the Google TAG Security Engineer Billy Leonard. ” wrote Leonard. We will continue to update our recent blog as necessary. government.

Government 102

Government File names Phishing Security 102

Security Affairs

JUNE 5, 2021

The company reported the security breach to the Bombay Stock Exchange (BSE) and the National Stock Exchange of India (NSEI). top) that was recently registered for the beginning of the group’s operations. The Ransomware perform file system enumeration while encrypting the victim files, then appends the extension “.BlackCocaine

Ransomware 129

Ransomware Encryption File names Financial Services 129

Schneier on Security

MAY 4, 2022

The group, which security firm Mandiant is calling UNC3524, has spent the past 18 months burrowing into victims’ networks with unusual stealth. In cases where the group is ejected, it wastes no time reinfecting the victim environment and picking up where things left off. Unpacking this threat group is difficult.

IoT 98

IoT File names Encryption Access 98

Security Affairs

MAY 23, 2023

A previously undocumented APT group tracked as GoldenJackal has been targeting government and diplomatic entities in the Middle East and South Asia since 2019. Kaspersky researchers shared details about the activity of a previously undocumented APT group, tracked as GoldenJackal, which has been active since 2019.

File names 87

File names Government Communications IT 87

Security Affairs

OCTOBER 24, 2022

Upon clicking the “DOWNLOAD” button, the executable file named “AcroRdrDCx642200120169_uk_UA.exe” will be downloaded to the machine. Running the above executable will decode and run the “rmtpak.dll” DLL file which is the ROMCOM RAT. . ” reads the alert published by Ukraine CERT.

Ransomware 98

Ransomware Phishing File names IT 98

IT Governance

NOVEMBER 17, 2022

Australia’s Home Affairs Minister Clare O’Neil rushed to Medibank’s defence , praising the organisation for refusing to pay the criminal’s ransom, while calling the group responsible “scumbags” and “disgraceful human beings”. Things got worse for Medibank after a second database was leaked , containing a file named “abortions”.

IT 107

IT Ransomware Security Data breaches 107

Security Affairs

JULY 15, 2022

. “The ransomware searches for files to encrypt on the local system by enumerating the file directories using FindFirstFileW() and FindNextFileW() API functions. It ignores the file extensions such as EXE, DLL, and SYS and excludes a list of directory and file names from the encryption process.”

Ransomware 124

Ransomware Encryption File names Risk 124

Security Affairs

OCTOBER 27, 2021

Experts believe that the decision of the group to leave the ransomware practice could be the result of an operational error, it was a bad idea to threaten the US police department due to the information that it manages. Metropolitan Police Department, encrypted its files and demanded a $4 million ransom. Pierluigi Paganini.

Ransomware 95

Ransomware File names Encryption Cybersecurity 95

eSecurity Planet

JULY 1, 2022

Security researchers have uncovered an unusually sophisticated malware that has been targeting small office/home office (SOHO) routers for nearly two years, taking advantage of the pandemic and rapid shift to remote work. For now, the advanced persistent threat (APT) group behind the campaign remains unknown.

File names 113

File names Access Communications Security 113

Security Affairs

FEBRUARY 8, 2023

Researchers from Broadcom Symantec spotted a Russia-linked ATP group, tracked as Nodaria (aka UAC-0056), deploying new info-stealing malware, dubbed Graphiron, in attacks against Ukraine. It creates temporary files with the “ lock” and “ trash” extensions. ” Symantec concludes.

File names 86

File names Passwords Phishing Encryption 86

Security Affairs

MARCH 28, 2022

Ukraine CERT-UA warns that the Belarus-linked GhostWriter APT group is targeting state entities of Ukraine with Cobalt Strike Beacon. Ukraine CERT-UA uncovered a spear-phishing campaign conducted by Belarus-linked GhostWriter APT group targeting Ukrainian state entities with Cobalt Strike Beacon. Pierluigi Paganini.

Archiving 96

Archiving CMS File names Phishing 96

Security Affairs

JUNE 3, 2023

ReadMe file name: README.BlackSuit.txt. Another option is that BlackSuit emerged from a splinter group within the original Royal ransomware gang.” In May, multiple cybersecurity experts spotted a new ransomware family called BlackSuit, including Palo Alto Unit42 experts. New #ransomware #BlackSuit targets Windows, #Linux.

Ransomware 97

Ransomware Encryption File names Cybersecurity 97

Security Affairs

MARCH 26, 2021

Accenture security researchers published an analysis of the latest Hades campaign, which is ongoing since at least December 2020. . While the ransom notes are similar, we do not have any evidence to suggest the threat groups or operations have any overlap at this time. nz cloud infrastructure, leveraging the MEGAsync utility.”

Ransomware 142

Ransomware Encryption File names Manufacturing 142