Cybersecurity researchers at Check Point Research have uncovered a series of coordinated cyber-espionage campaigns targeting government and law enforcement organizations across Southeast Asia.
In a concerning turn for the Ethereum developer community, a sophisticated supply chain attack has compromised the Hardhat development environment, maintained by the Nomic Foundation. This breach, explained by Socket, leverages malicious npm packages, has exposed sensitive data, including private keys and mnemonics, and highlighted critical vulnerabilities in the open-source ecosystem. The Attack in Detail [...]
APT41, a China-based cyber threat group, has been linked to an extensive campaign targeting multiple sectors worldwide. This campaign has particularly affected global shipping and logistics organizations, media and entertainment, technology, and automotive sectors across Italy, Spain, Taiwan, Thailand, Turkey, and the U.K. The group’s activities, blending state-sponsored espionage with financially motivated operations, showcase its [...]
In a recent breakthrough, researchers from Aqua Nautilus have successfully intercepted Kinsing's experimental incursions into cloud environments, shedding light on the threat actor's manual efforts to exploit the Looney Tunables vulnerability (CVE-2023-4911). This marks a pivotal moment in cybersecurity as the first documented instance of Kinsing deviating from its typical fully automated attacks to manually [...]
In recent years, Israeli organizations have been the primary targets of cyber espionage campaigns orchestrated by the Iranian nation-state actor known as OilRig. These campaigns, named Outer Space (2021) and Juicy Mix (2022), have revealed the group's persistent focus on gathering sensitive information from Israeli entities. Analysis by ESET sheds light on the details of [...]
A significant cybersecurity breach at JumpCloud is attributed to a hacking unit affiliated with North Korea's Reconnaissance General Bureau (RGB). The group, UNC4899, has a history of targeting cryptocurrency companies and stealing passwords from executives and security teams to fund North Korea's nuclear weapons program. This article provides a detailed analysis of the breach, the [...]
Recent reports have revealed that North Korean state-sponsored hackers, known for their cybercriminal activities and involvement in cryptocurrency heists, were behind a breach of the software business JumpCloud. The attack was part of an attempted supply-chain intrusion aimed at cryptocurrency companies. The JumpCloud Breach and Attribution JumpCloud, a US-based enterprise software company, recently disclosed that [...]
The Ukrainian defense forces are facing a new cyber threat from the notorious Russian hacking group Turla, also known as Waterbug, Venomous Bear, and Secret Blizzard. Recent research conducted by Ukraine's Computer Emergency Response Team (CERT-UA) and Microsoft's Threat Intelligence team has uncovered Turla's use of sophisticated spyware, including Capibar and Kazuar, to infiltrate defense [...]
Chinese cyber espionage activities have evolved significantly in recent years, with threat actors employing advanced techniques to avoid detection and complicate attribution. Mandiant has recently disclosed these evolving tactics, focusing on exploiting zero-day vulnerabilities in security, networking, and virtualization software. Additionally, Chinese threat actors have increasingly targeted routers and utilized botnets to relay and disguise [...]
Identity and access management firm JumpCloud recently disclosed a security incident in which a nation-state hacking group breached its systems. As a precaution, the company reset customers' API keys and actively addressed the ongoing security incident. This breach specifically targeted a select group of customers and has raised concerns about the evolving cybersecurity landscape. The [...]
In the first half of 2023, cybersecurity experts have witnessed a significant increase in cyber attacks utilizing infected USB drives as an initial access vector. This alarming trend, identified by Mandiant, highlights the growing threat posed by USB-based campaigns targeting both public and private sector organizations worldwide. There are two prominent malware campaigns, SOGU and [...]
Revolut, a prominent fintech company, experienced a significant security breach in its US payment system, resulting in criminals stealing more than $20 million over several months in 2022. The incident has been reported by Financial Times (FT), but Revolut hasn’t publicly disclosed the incident yet. The incident has further exacerbated the challenges faced by Revolut, [...]