Earth Hundun is a cyberespionage-motivated threat actor that has been active for several years in the Asia-Pacific region, targeting the technology and government sectors. The group has been known for employing several tools and techniques, including Waterbear, a malware entity that has had over 10 versions since 2009. Waterbear is known for its complexity, as […]
The threat actor TA547 has been observed targeting German organizations with the known stealer Rhadamanthys. According to a recent report from Proofpoint, this is the first time this threat actor has been associated with such activity. What’s particularly intriguing according to the researchers is the actor’s apparent employment of a PowerShell script likely generated by […]
Apr 11, 2024NewsroomEndpoint Security / Ransomware A threat actor tracked as TA547 has targeted dozens of German organizations with an information stealer called Rhadamanthys as part of an invoice-themed phishing campaign. “This is the first time researchers observed TA547 use Rhadamanthys, an information stealer that is used by multiple cybercriminal threat actors,” Proofpoint said. “Additionally, […]
Artificial intelligence continues to be a big threat, but it’s also a huge promise in the world of cybersecurity. Today, one of the startups tackling both the opportunity and the challenge is announcing a major round of funding. Cyera has built an AI-based platform to help organizations understand the location and movement of all the […]
Apr 11, 2024NewsroomVulnerability / Threat Mitigation Fortinet has released patches to address a critical security flaw impacting FortiClientLinux that could be exploited to achieve arbitrary code execution. Tracked as CVE-2023-45590, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10. “An Improper Control of Generation of Code (‘Code Injection’) vulnerability [CWE-94] […]
A new threat actor dubbed “Starry Addax” is targeting human rights activists associated with the Sahrawi Arab Democratic Republic (SADR) cause in North Africa using a novel mobile malware named “FlexStarling.” Starry Addax’s modus operandi involves conducting phishing attacks, enticing victims into installing malicious Android apps that are disguised as legitimate tools. The apps impersonate […]
Varonis Threat Labs discovered two techniques in SharePoint that allow users to circumvent audit logs and avoid triggering download events while exfiltrating files. These techniques can bypass the detection and enforcement policies of traditional tools, such as cloud access security brokers, data loss prevention, and SIEMs, by hiding downloads as less suspicious access and sync […]
A recent research study has shed light on the decade-long activities of a Romanian cyber threat group known as RUBYCARP, which uses techniques such as cryptocurrency mining and phishing. One of the key findings from the technical write-up, published by Sysdig today, is the group’s use of a script capable of simultaneously deploying multiple cryptocurrency […]
Apr 09, 2024NewsroomBotnet / Crypto Mining A threat group of suspected Romanian origin called RUBYCARP has been observed maintaining a long-running botnet for carrying out crypto mining, distributed denial-of-service (DDoS), and phishing attacks. The group, believed to be active for at least 10 years, employs the botnet for financial gain, Sysdig said in a report […]