A recent incident in West Africa has once again brought attention to the persistent threat posed by the LockBit ransomware. Cybercriminals, armed with stolen administrator credentials, have deployed a customized variant of the encryption malware equipped with self-propagation capabilities. Exploiting privileged access, they breached corporate infrastructure, demonstrating the ongoing risk posed by the leaked LockBit […]
Apr 05, 2024NewsroomAdvanced Persistent Threat Multiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893). The clusters are being tracked by Mandiant under the monikers UNC5221, UNC5266, UNC5291, UNC5325, UNC5330, and UNC5337. Another group linked to the exploitation spree is UNC3886. The Google […]
A persistent social engineering threat faced by enterprises involves attackers trying to obtain login credentials for identity and access management (IAM), cloud resources or single sign-on (SSO)-enabled systems. If successful, these entry points can allow broader access to an organization, leaving the potential for data theft and ransomware. We’ve observed a significant surge in 2024 […]
Two China-linked advanced persistent threat (APT) groups have been observed targeting entities and member countries affiliated with the Association of Southeast Asian Nations (ASEAN) as part of a cyber espionage campaign over the past three months. This includes the threat actor known as Mustang Panda, which has been recently linked to cyber attacks against Myanmar […]
Dec 15, 2023NewsroomBotnet / Advanced Persistent Threat A new botnet consisting of firewalls and routers from Cisco, DrayTek, Fortinet, and NETGEAR is being used as a covert data transfer network for advanced persistent threat actors, including the China-linked threat actor called Volt Typhoon. Dubbed KV-botnet by the Black Lotus Labs team at Lumen Technologies, the […]
Nov 16, 2023NewsroomAdvanced Persistent Threat / Zero-Day A hacking group that leveraged a recently disclosed security flaw in the WinRAR software as a zero-day has now been categorized as an entirely new advanced persistent threat (APT). Cybersecurity company NSFOCUS has described DarkCasino as an “economically motivated” actor that first came to light in 2021. “DarkCasino […]
Australia faces a “persistent threat” from state-backed hackers, the country’s signals intelligence agency said Wednesday, highlighting the particular danger of Russian and Chinese cyberattacks on critical infrastructure. Australia has been hit by a string of high-profile hacks in the past 12 months, including one late last week that crippled major ports for three days. Without […]
The UK’s critical infrastructure (CNI) providers face a persistent and critical threat from emboldened state-backed and aligned actors, a leading UK cybersecurity agency has warned. The National Cyber Security Centre (NCSC), part of GCHQ, issued the warning in its Annual Review 2023. Over the past year it has repeatedly sounded the alarm over the activity […]
Since January 2023, an Iranian advanced persistent threat (APT) actor has been targeting higher education and technology organizations in Israel with wipers, cybersecurity firm Palo Alto Networks reports. Tracked as Agrius, but also known as Agonizing Serpens, BlackShadow, Pink Sandstorm, and DEV-0022, the APT has been active since at least 2020 and is believed to […]
- 1
- 2