Data Breach Today

DECEMBER 19, 2023

Agency Developed a Tool to Decrypt the Systems of More Than 500 Victims U.S. authorities seized dark web infrastructure of the BlackCat ransomware-as-a-service group, also known as Alphv, although the Russian-speaking threat actor said it has reestablished operations.

Ransomware 279

Ransomware IT 279

Krebs on Security

FEBRUARY 20, 2024

authorities have seized the darknet websites run by LockBit , a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. Investigators used the existing design on LockBit’s victim shaming website to feature press releases and free decryption tools.

Ransomware 259

Ransomware Encryption Insurance Manufacturing 259

Security Affairs

OCTOBER 12, 2023

Ransomlooker monitors ransomware groups’ extortion sites and delivers consolidated feeds of their claims worldwide. Cybernews presented Ransomlooker , a tool to monitor ransomware groups’ extortion sites and delivers consolidated feeds of their claims worldwide. ” reads the announcement.

Ransomware 135

Ransomware Personal data Access Cybersecurity 135

Data Breach Today

JULY 16, 2021

Palo Alto Networks Report Describes Tactics of Group Leveraging Open-Source Tools The gang behind the ransomware strain known as Mespinoza, aka PYSA, is targeting manufacturers, schools and others, mainly in the U.S. million, according to Palo Alto Networks' Unit 42, which says the group leverages open-source tools.

Ransomware 363

Ransomware Manufacturing 363

Data Breach Today

APRIL 19, 2019

Group, Apparently Backed By Iran, Was Broadening Its Targets, Analysts Say A set of malicious tools, along with a list of potential targets and victims, belonging to an APT group dubbed OilRig has leaked online, exposing some of the organization's methods and goals, analysts say.

IT 211

IT 211

Data Breach Today

MARCH 3, 2023

Mustang Panda Using MQsTTang Tool to Target Victims in Asia and Europe, Eset Finds Chinese APT group Mustang Panda is deploying a previously unseen malware backdoor dubbed MQsTTang as part of a spear-phishing campaign targeting governmental organizations, specifically in Ukraine and Taiwan, security firm Eset says.

Phishing 256

Phishing Security IT 256

Krebs on Security

JANUARY 30, 2024

Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. Multiple security firms soon assigned the hacking group the nickname “ Scattered Spider.” 9, 2024, U.S. technology companies during the summer of 2022.

Passwords 305

Passwords Phishing Access Encryption 305

Data Breach Today

AUGUST 24, 2022

Tool Can Steal Gmail, Yahoo! and Microsoft Outlook Emails An Iranian government-backed hacking group known as Charming Kitten has updated its malware arsenal to include an email inbox scrapping tool, proof of the group's dedication to developing and maintaining purpose-built capabilities.

Government 240

Government IT 240

Security Affairs

APRIL 22, 2024

Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler service flaw. Since at least June 2020, and possibly earlier, the cyberespionage group has used the tool GooseEgg to exploit the CVE-2022-38028 vulnerability.

Military 124

Military File names Education Phishing 124

Security Affairs

APRIL 17, 2023

China-linked APT41 group used the open-source red teaming tool GC2 in an attack against a Taiwanese media organization. Google Threat Analysis Group (TAG) team reported that the China-linked APT41 group used the open-source red teaming tool Google Command and Control ( GC2 ) in an attack against an unnamed Taiwanese media organization.

Phishing 98

Phishing Cloud Government Education 98

Data Breach Today

MAY 17, 2023

Malware Designed to Load Crypto-Lockers Remains Key Tool for Ransomware Groups The Royal ransomware group, which spun off from Conti in early 2022, is refining its downloader malware using tactics and techniques that appear to draw directly from other post-Conti groups, as well as working closely with trusted former associates of Conti, REvil and Hive, (..)

Ransomware 190

Ransomware IT 190

Data Breach Today

JULY 16, 2022

Europe and Asia The cybercriminals behind BlackCat ransomware have upgraded their arsenal by adding Brute Ratel, a pentesting tool with remote access features that are used by attackers. The group targets large corporations in different industry segments across the U.S., Gang Targets Large Corporations Across the U.S.,

Ransomware 250

Ransomware Access 250

Data Breach Today

SEPTEMBER 10, 2020

Reports: TeamTNT Using Weave Scope Tool to Target Cloud Platforms TeamTNT, a recently uncovered hacking group, is weaponizing Weave Scope, a legitimate cloud monitoring tool, to help install cryptominers in cloud environments, according to reports from Intezer and Microsoft.

Cloud 299

Cloud 299

Data Breach Today

JANUARY 16, 2021

Researchers Find Groups Hiding JavaScript Skimmers and Phishing Pages Several Magecart groups hide their JavaScript skimmers, phishing domains and other malicious tools behind a "bulletproof" hosting service called Media Land, according to researchers with RiskIQ.

Phishing 281

Phishing 281

Data Breach Today

JANUARY 20, 2021

FireEye Also Describes Hackers' Tools and Techniques Security firm FireEye has released a free auditing and remediation tool on GitHub that it says can help organizations determine if the hacking group that targeted SolarWinds used similar techniques within their network to gain access to Microsoft Office 365 accounts.

Access 263

Access Security IT 263

Data Breach Today

MAY 14, 2020

CISA Warns That Lazarus Group Has Added 3 New Tools A sophisticated hacking group associated with the North Korean government that's been tied to a number of high-profile attacks, including WannaCry, is using three new malware variants, according to the U.S.

Cybersecurity 301

Cybersecurity Government Security 301

Data Breach Today

APRIL 1, 2023

Tools, Code Used to Hack 3CX Desktop Confirm Cyberespionage Group's Involvement Security researchers have uncovered more evidence that the North Korean Lazarus group is responsible for the software supply chain attack on 3CX, a voice and video calling desktop client used by major multinational companies.

Security 144

Security 144

Security Affairs

JANUARY 28, 2021

The TeamTNT cybercrime group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. The TeamTNT cybercrime group has upgraded their Linux cryptocurrency miner by adding open-source detection evasion capabilities, AT&T Alien Labs researchers warn. Set persistence through systemd.

IT 129

IT Libraries Mining Security 129

Data Breach Today

DECEMBER 4, 2020

Microsoft: Bismuth APT Tries to Distract Targets From Spying Tools A hacking group recently deployed cryptocurrency miners within targeted victims' networks to distract security teams from their cyberespionage campaigns, Microsoft reports.

Security 251

Security 251

Security Affairs

SEPTEMBER 1, 2023

Researchers released a free decryptor for the Key Group ransomware that allows victims to recover their data without paying a ransom. Threat intelligence firm EclecticIQ released a free decryption tool for the Key Group ransomware (aka keygroup777) that allows victims to recover their data without paying a ransom.

Ransomware 116

Ransomware Encryption Access Security 116

Security Affairs

MARCH 2, 2024

Court ordered surveillance firm NSO Group to hand over the source code for its Pegasus spyware and other products to Meta. Meta won the litigation against the Israeli spyware vendor NSO Group , a U.S. Follow me on Twitter: @securityaffairs and Facebook Pierluigi Paganini ( SecurityAffairs – hacking, NSO GROUP)

IT 132

IT Government Security Information Security 132

Security Affairs

MARCH 16, 2024

North Korea-linked Lazarus APT group allegedly using again the mixer platform Tornado Cash to launder $23 million. North Korea-linked Lazarus APT group allegedly has reportedly resumed using the mixer platform Tornado Cash to launder $23 million. million from exchange HTX , which took place in November 2023, to the North Korea’s group.

Blockchain 129

Blockchain Cybersecurity IT Information Security 129

Krebs on Security

JUNE 22, 2023

The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. “smishing”) messages that spoofed UPS and other top brands.

Phishing 265

Phishing Retail IT Communications 265

Data Breach Today

OCTOBER 29, 2020

Turla' Recently Targeted a European Government Agency for Espionage Turla, a hacking group based in Russia, is deploying a revamped set of customized tools to target potential victims, including a European government agency, for its espionage campaigns, according to Accenture.

Government 210

Government IT 210

Security Affairs

DECEMBER 14, 2023

Microsoft’s Digital Crimes Unit seized multiple domains used by cybercrime group Storm-1152 to sell fraudulent Outlook accounts. Microsoft’s Digital Crimes Unit seized multiple domains used by a cybercrime group, tracked as Storm-1152, to sell fraudulent accounts. ” reads the announcement published by Microsoft.

Sales 122

Sales Ransomware Marketing IT 122

Data Breach Today

JULY 14, 2020

Amnesty International Accused Tech Company of Violating Human Rights An Israeli court has dismissed a petition filed by Amnesty International that sought to revoke the security export license of NSO Group, a tech firm that's been accused of selling hacking tools to governments for targeting dissidents, journalists and lawyers.

Government 223

Government Security 223

Krebs on Security

FEBRUARY 9, 2023

Department of the Treasury says the Trickbot group is associated with Russian intelligence services, and that this alliance led to the targeting of many U.S. Members of the Trickbot Group publicly gloated over the ease of targeting the medical facilities and the speed with which the ransoms were paid to the group.”

Ransomware 185

Ransomware Government Cybersecurity Blockchain 185

The Last Watchdog

MARCH 17, 2022

Cybersecurity tools evolve towards leveraging machine learning (ML) and artificial intelligence (AI) at ever deeper levels, and that’s of course a good thing. Sophisticated tools were employed to auto generate content that compelled users to respond. According to Group-IB, the victims found themselves: “.in Humans needed.

Cybersecurity 213

Cybersecurity Artificial Intelligence Personal data Phishing 213

Dark Reading

SEPTEMBER 6, 2022

The threat actor — whose techniques and procedures do not match known groups — has created custom attack tools, including a program that hides scripts in.PNG images.

98

98

Data Breach Today

JULY 24, 2019

Hackers Create a Backdoor to Steal Card Data, Gigamon Researchers Report FIN8, a hacker group that targeted POS devices in the hospitality and retail sectors, is back on the scene with new malware, including the Badhatch backdoor that's designed to steal payment card data, according to researchers with Gigamon's threat detection unit.

Retail 164

Retail 164

Dark Reading

FEBRUARY 23, 2023

A previously unidentified threat group uses open source malware and phishing to conduct cyber-espionage on shipping and medical labs associated with COVID-19 treatments and vaccines.

Phishing 96

Phishing 96

Schneier on Security

NOVEMBER 1, 2022

It’s Iran’s turn to have its digital surveillance tools leaked : According to these internal documents, SIAM is a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their phones.

Metadata 133

Metadata Encryption Communications Access 133

Data Breach Today

FEBRUARY 12, 2021

SunBird and HornBill Malicious Apps Mainly Target Users in South Asia Researchers at the security firm Lookout have identified two new Android spyware tools used for cyberespionage campaigns in South Asia which they say are linked to "Confucius," an pro-India advanced persistent threat group.

Security 176

Security 176

Security Affairs

JUNE 12, 2020

Reseaerchers from ESET reported that Russia-linked Gamaredon APT has a new tool in its arsenal, it is a module for Microsoft Outlook that creates custom emails with malicious documents and sends them to a victim’s contacts. The group targeted government and military organizations in Ukraine. ” continues ESET.

Military 116

Military Phishing Government IT 116

Data Breach Today

FEBRUARY 29, 2024

Is Moscow using the Russian-speaking LockBit ransomware group as a tool to disrupt critical infrastructure and democracy in the West? While no publicly available evidence reveals direct ties, what are the chances that the prolific, trash-talking group has escaped authorities' attention - or demands?

Ransomware 284

Ransomware 284

Dark Reading

SEPTEMBER 1, 2023

Researchers crack Key Group's ransomware encryption and release free tool for victim organizations to recover their data.

Ransomware 105

Ransomware Encryption 105

Data Breach Today

MAY 7, 2019

Symantec Report Deepens Mystery Around Lost NSA Tools and Exploits A Chinese hacking group was using exploits and tools developed by the NSA months before the tools were released by another group, Symantec says in a new report. s most effective cyberweapons were compromised.

199

199