'Rex Mundi' Hacker Extortion Group: Busted

Data Breach Today

Seven Gang Members Arrested in France, Eighth Busted in Thailand, Police Say Cyber extortion group Rex Mundi has been shut down following the arrest of seven suspects in France and a French national in Thailand, police say.

Groups 163

Noose Tightens Around Dark Overlord Hacking Group

Data Breach Today

Serbia Makes Arrest; UK Close to Sentencing Another The noose appears to be tightening around the Dark Overlord, a group of international hackers who have stolen and held for ransom sensitive information from dozens of companies, healthcare organizations and U.S.

Groups 145

GreyEnergy cyberespionage group targets Poland and Ukraine

Security Affairs

Security researchers from ESET published a detailed analysis of a recently discovered cyber espionage group tracked as GreyEnergy. Experts from ESET speculate the BlackEnergy threat actor evolved into two separate APT groups, namely TeleBots and GreyEnergy.

Symantec: 'Orangeworm' Group Hits Healthcare Organizations

Data Breach Today

Europe and Asia are getting hit with a backdoor that comes from a long-observed group, which Symantec calls Orangeworm. Custom Backdoor Lands on X-Ray and MRI Machines Large healthcare companies in the U.S.,

Groups 141

Group-IB UncoversAPT- attacks on Banks: The Sound of Silence

Security Affairs

Researchers at security firm Group-IB have exposed the attacks carried out by the Silence cybercriminal group, providing details on its tactics and tools. Experts at security firm Group-IB have exposed the attacks committed by Silence cybercriminal group.

A Cyber Espionage Group Re-Emerges

Data Breach Today

A group of suspected Chinese cyber espionage actors, dubbed TEMP.Periscope or Leviathan, has re-emerged, targeting the maritime industry as well as others, according to a report from FireEye. FireEye Describes Campaign by Suspected Chinese Actors; Is Asia Next Target?

Groups 134

Iowa Health Group Data Breach Hits 1.4 Million Patients

Data Breach Today

UnityPoint Health Says Hackers' Likely Goal Was Business Email Compromise Fraud A large Midwestern health network says a successful phishing campaign exposed a raft of personal and medical data stored in its email systems. The count of affected victims numbers 1.4

EU Mass Surveillance Alive and Well, Privacy Groups Warn

Data Breach Today

Groups 154

Magecart Group Targets Shopper Approved in Latest Attack

Threatpost

Malware Web Security data breach magecart Magecart group shopper approved Skimmer ticketmasterThe breach also impacted hundreds of Shopper Approved's customers.

New Threat Group Conducts Malwareless Cyber Espionage

Dark Reading

Gallmaker group is relying exclusively on legitimate tools and living-off-the-land tactics to make detection very difficult

RiskIQ: British Airways Breach Ties to Cybercrime Group

Data Breach Today

Magecart Gang Tweaked Script on BA's Server to Scrape Card Data, Researchers Say The British Airways breach, in which up to 380,000 website and mobile users' payment card details were stolen, traces to card-scraping code injected into a script on the airline's website by the cybercrime group called Magecart, says security firm RiskIQ

Groups 100

Recent Andariel Group ActiveX Attacks Point to Future Targets

Threatpost

Changes in the group's script may indicate that the hackers may start using attack vectors other than ActiveX. Government Hacks ActiveX ActiveX vulnerability andariel group apt Code Injection Lazarus Group North Korea South Korea zero day

New Gallmaker APT group eschews malware in cyber espionage campaigns

Security Affairs

A previously unknown cyber espionage group, tracked as Gallmaker, has been targeting entities in the government, military and defense sectors since at least 2017. A new cyber espionage group tracked as Gallmaker appeared in the threat landscape.

Public Google Groups Leaking Sensitive Data at Thousands of Orgs

Threatpost

Cloud Security Privacy Web Security exposed data google groups misconfiguration public settings sensitive informationThe exposed information includes accounts payable and invoice data, customer support emails, password-recovery mails, links to employee manuals, staffing schedules and other internal resources.

MoneyTaker hacking group stole 1 million US dollars from Russian PIR Bank

Security Affairs

The cybersecurity firm Group-IB is involved in the incident response on an attack on the Russian PIR Bank conducted by MoneyTaker hacking group. The bank hired Group-IB in order to respond to the incident and limit the damages. ” states Group-IB.

Cybercrime Groups and Nation-State Attackers Blur Together

Data Breach Today

North Korean Hackers are 'Rational Actors,' Ex-Intelligence Chief Warns "This is not a crazy state; this is a rational state pursuing rational objectives."

Groups 141

Leafminer cyber espionage group targets Middle East

Security Affairs

Hackers belonging an Iran-linked APT group tracked as ‘Leafminer’ have targeted government and various organizations in the Middle East. An Iran-linked APT group tracked as ‘Leafminer’ has targeted government and businesses in the Middle.

APT28 group return to covert intelligence gathering ops in Europe and South America.

Security Affairs

Experts from Symantec collected evidence that APT28 group returns to covert intelligence gathering operations in Europe and South America. The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide.

Magecart Group Pinned in Recent British Airways Breach

Threatpost

The Magecart Group has been blamed for the British Airways breach that compromised 380k payment cards. Breach Web Security British Airways data breach Magecart group script injection Ticketmaster breach

Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks

Security Affairs

Security firm Group-IB has estimated that in H2 2017-H1 2018 cyber attacks caused $49.4 Group-IB, an international company that specializes in preventing cyber attacks, has estimated that in H2 2017-H1 2018 cyber attacks caused $49.4 About the author Group-IB.

Group-IB: 14 cyber attacks on crypto exchanges resulted in a loss of $882 million

Security Affairs

Group-IB has estimated that crypto exchanges suffered a total loss of $882 million due to targeted attacks between 2017 and 2018. According to Group-IB experts, at least 14 crypto exchanges were hacked. One beg phishing group is capable of stealing roughly $1 million a month.

Cobalt Group Targets Banks in Eastern Europe with Double-Threat Tactic

Threatpost

Hacks Malware Web Security Banking campaign Carbanak cobalt group double threat Eastern Europe Financial russia Spear Phishing two c2 servers two payloadsThe campaign uses double infection points and two command-and-control servers.

Perficient Detroit Hosts April Atlassian User Group

Perficient Data & Analytics

For those in the Detroit area, the Perficient office in Livonia is hosting the SouthEast Michigan Atlassian User Group (AUG) on April 24th. News Atlassian AUG confluence jira Perficient reporting user groupsThe SouthEast Michigan AUG meets the last Tuesday of every other month for the 2018 year.

Groups find IT essential in making the shift to value

Information Management Resources

Value-based care Group practices Healthcare analytics Health outcomes EHR HITMultispecialty organizations such as Crystal Run Healthcare, the Carle Foundation and Marshfield Clinic are using technology ranging from care management to analytics to improve care.

Russian Hacking Groups Intersect in Recent Cyberattacks

Dark Reading

Two different hacking teams best known as Turla and Fancy Bear employed the same stealthy attack method in an unusual overlap of hacking activity

Russia-linked APT group DustSquad targets diplomatic entities in Central Asia

Security Affairs

Kaspersky experts published a detailed analysis of the attacks conducted by the Russian-linked cyber espionage group DustSquad. The group has been active since at least 2015, ESET researchers presented their findings at the Virus Bulletin conference.

Honda, Universal Music Group Expose Sensitive Data in Misconfig Blunders

Threatpost

Cloud Security Privacy apache airflow AWS cloud storage bucket connect app data breach Honda leak misconfiguration third party universal music groupThe Honda mistake affects 50,000 users of the Honda Connect App, while UMG exposed corporate keys to the kingdom.

Despite Ringeader’s Arrest, Cobalt Group Still Active

Threatpost

Hacks Malware arrest ATM jackpotting Banking Carbanak cobalt group financial sector phishing campaign ringleaderThe threat actors behind widespread attacks on banks and ATM jackpotting campaigns in Russia and Europe resurfaced in may, attacking banks.

China-linked APT10 group behind new attacks on the Japanese media sector

Security Affairs

Recently researchers from FireEye uncovered and blocked a campaign powered by the Chinese APT10 cyber espionage group aimed at Japanese media sector. Experts noticed the group since around mid-2016 when it was using PlugX, ChChes, Quasar and RedLeaves malware in targeted attacks.

Alleged Iran-linked APT group RASPITE targets US electric utilities

Security Affairs

According to Dragos firm, the RASPITE cyber-espionage group (aka Leafminer) has been targeting organizations in the United States, Europe, Middle East, and East Asia. “Dragos has identified a new activity group targeting access operations in the electric utility sector.

Recently uncovered PowerPool Group used recent Windows Zero-Day exploit

Security Affairs

Now security researchers from ESET reported the local privilege escalation vulnerability has been exploited by a previously unknown group tracked as PowerPool. The group used a multi-stage malware, the first stage is a backdoor used for a reconnaissance activity.

New criminal hacking group targets healthcare organisations

IT Governance

Industry researchers have identified a new criminal hacking group targeting healthcare organisations in the US, EU (including the UK) and the Middle East.

NOKKI Malware Sports Mysterious Link to Reaper APT Group

Threatpost

The relationship between the malware and the APT group remains somewhat murky. Malware apt 37 deobfuscation dogcall Malware analysis North Korea Reaper remote access Trojan

DHS – Russian APT groups are inside US critical infrastructure

Security Affairs

According to the US Department of Homeland Security, Russia’s APT groups have already penetrated America’s critical infrastructure, especially power utilities, and are still targeting them.

Lazarus Group Targets Bitcoin Company

Dark Reading

The cybercrime group blamed for attacks on the SWIFT financial network launches a spearphishing campaign to steal employee credentials at a London cryptocurrency company

Google Groups Misconfiguration Exposes Corporate Data

Dark Reading

Researchers say as many as 10,000 businesses are affected by a widespread misconfiguration in Google Groups settings

Russian APT28 espionage group targets democratic Senator Claire McCaskill

Security Affairs

The Russia-linked APT28 group targets Senator Claire McCaskill and her staff as they gear up for her 2018 re-election campaign. Microsoft attributed the attacks to Russian APT28 group.

Fin7: The Inner Workings of a Billion-Dollar Hacking Group

WIRED Threat Level

The Justice Department announced the arrest of three members of notorious cybercrime group Fin7—and detailed some of their methods in the process. Security

Amnesty International employee targeted with NSO group surveillance malware

Security Affairs

An employee at Amnesty International has been targeted with Israeli surveillance malware, the news was revealed by the human rights group. The human rights group published a report that provides details on the attack against its employee.

Lazarus Group, Fancy Bear Most Active Threat Groups in 2017

Dark Reading

Lazarus, believed to operate out of North Korea, and Fancy Bear, believed to operate out of Russia, were most referenced threat actor groups in last year's cyberattacks

Lazarus Group Builds its First MacOS Malware

Dark Reading

This isn't the first time Lazarus Group has infiltrated a cryptocurrency exchange as the hacking team has found new ways to achieve financial gain

Magecart cybercrime group stole customers’ credit cards from Newegg electronics retailer

Security Affairs

The Magecart cybercrime group is back, this time the hackers have stolen customers’ credit card data from the computer hardware and consumer electronics retailer Newegg.

UK: The rise of privacy group action risk

DLA Piper Privacy Matters

Two recent developments in the United Kingdom highlight the growing risk of privacy litigation and “group actions” which is likely to further increase following the enactment of the General Data Protection Regulation (“ GDPR “) in May 2018. However litigation risk, particularly group action litigation risk, is potentially an equally significant hazard for organisations which should not be overlooked in GDPR readiness programmes. Uncategorized Group action