Tag: group
-
NSA warns that overlooked botnet technique threatens national security
by
in SecurityNewsUsed by nation-states and crime groups, fast flux bypasses many common defenses. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/04/nsa-warns-that-overlooked-botnet-technique-threatens-national-security/
-
Hunters International Dumps Ransomware, Goes Full-on Extortion
by
in SecurityNewsHunters International, the RaaS group that some believe evolved from Hive, appears to be rebranding and shifting operations, moving away from an unprofitable and risky ransomware business and focusing solely on exfiltrating data and extorting victims, say Group-IB researchers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/hunters-international-dumps-ransomware-goes-full-on-extortion/
-
Medusa Rides Momentum From Ransomware-as-a-Service Pivot
by
in SecurityNewsShifting to a RaaS business model has accelerated the group’s growth, and targeting critical industries like healthcare, legal, and manufacturing hasn’t hurt either. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/medusa-momentum-ransomware-as-a-service-pivot
-
Europcar GitLab breach exposes data of up to 200,000 customers
A hacker breached the GitLab repositories of multinational car-rental company Europcar Mobility Group and stole source code for Android and iOS applications, as well as some personal information belonging to up to 200,000 users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/europcar-gitlab-breach-exposes-data-of-up-to-200-000-customers/
-
China-Linked Threat Group Exploits Ivanti Bug
The vendor had originally assessed the flaw as low risk but now says it is a critical issue that enables remote code execution. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/china-linked-threat-group-exploits-ivanti-bug
-
China-backed espionage group hits Ivanti customers again
by
in SecurityNewsUNC5221 has a knack for exploiting defects in Ivanti products. The group has exploited at least four vulnerabilities in the vendor’s products since 2023, according to Mandiant. First seen on cyberscoop.com Jump to article: cyberscoop.com/china-espionage-group-ivanti-vulnerability-exploits/
-
China-linked group UNC5221 exploited Ivanti Connect Secure zero-day since mid-March
by
in SecurityNews
Tags: china, exploit, flaw, group, ivanti, remote-code-execution, threat, update, vulnerability, zero-dayIvanti addressed a critical remote code execution flaw in Connect Secure, which has been exploited since at least mid-March 2025. Ivanti released security updates to address a critical Connect Secure remote code execution vulnerability tracked as CVE-2025-22457. The vulnerability has been exploited by a China-linked threat actor since at least mid-March 2025. Ivanti did not disclose…
-
Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)
by
in SecurityNewsA suspected Chinese APT group has exploited CVE-2025-22457 a buffer overflow bug that was previously thought not to be exploitable to compromise appliances … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/03/ivanti-vpn-customers-targeted-via-unrecognized-rce-vulnerability-cve-2025-22457/
-
UAC-0219 Hackers Leverage WRECKSTEEL PowerShell Stealer to Extract Data from Computers
by
in SecurityNews
Tags: attack, computer, cyber, cyberattack, data, government, group, hacker, malware, powershell, tool, ukraineIn a concerning development, CERT-UA, Ukraine’s Computer Emergency Response Team, has reported a series of cyberattacks attributed to the hacker group identified as UAC-0219. These attacks, which have been ongoing since the fall of 2024, utilize an advanced PowerShell-based malware tool named WRECKSTEEL to infiltrate computers and extract sensitive data. The primary targets include government…
-
Hunters International Linked to Hive Ransomware in Attacks on Windows, Linux, and ESXi Systems
by
in SecurityNewsHunters International, a ransomware group suspected to be a rebrand of the infamous Hive ransomware, has been linked to widespread attacks targeting Windows, Linux, FreeBSD, SunOS, and ESXi systems. Emerging in October 2023, the group has gained notoriety for its sophisticated techniques in data exfiltration and extortion. Cybersecurity researchers have noted similarities between Hunters International’s…
-
Qilin Operators Imitate ScreenConnect Login Page to Deploy Ransomware and Gain Admin Access
by
in SecurityNews
Tags: access, attack, cyber, cyberattack, exploit, group, login, monitoring, msp, phishing, ransomware, service, sophos, threatIn a recent cyberattack attributed to the Qilin ransomware group, threat actors successfully compromised a Managed Service Provider (MSP) by mimicking the login page of ScreenConnect, a popular Remote Monitoring and Management (RMM) tool. The attack, which occurred in January 2025, highlights the growing sophistication of phishing campaigns targeting MSPs to exploit downstream customers. Sophos’…
-
UAC-0219 Hackers Leverage WRECKSTEEL PowerShell Stealer to Extract Data from Computers
by
in SecurityNews
Tags: attack, computer, cyber, cyberattack, data, government, group, hacker, malware, powershell, tool, ukraineIn a concerning development, CERT-UA, Ukraine’s Computer Emergency Response Team, has reported a series of cyberattacks attributed to the hacker group identified as UAC-0219. These attacks, which have been ongoing since the fall of 2024, utilize an advanced PowerShell-based malware tool named WRECKSTEEL to infiltrate computers and extract sensitive data. The primary targets include government…
-
Hunters International Linked to Hive Ransomware in Attacks on Windows, Linux, and ESXi Systems
by
in SecurityNewsHunters International, a ransomware group suspected to be a rebrand of the infamous Hive ransomware, has been linked to widespread attacks targeting Windows, Linux, FreeBSD, SunOS, and ESXi systems. Emerging in October 2023, the group has gained notoriety for its sophisticated techniques in data exfiltration and extortion. Cybersecurity researchers have noted similarities between Hunters International’s…
-
Qilin Operators Imitate ScreenConnect Login Page to Deploy Ransomware and Gain Admin Access
by
in SecurityNews
Tags: access, attack, cyber, cyberattack, exploit, group, login, monitoring, msp, phishing, ransomware, service, sophos, threatIn a recent cyberattack attributed to the Qilin ransomware group, threat actors successfully compromised a Managed Service Provider (MSP) by mimicking the login page of ScreenConnect, a popular Remote Monitoring and Management (RMM) tool. The attack, which occurred in January 2025, highlights the growing sophistication of phishing campaigns targeting MSPs to exploit downstream customers. Sophos’…
-
Hunters International Ransomware Gang Rebranding, Shifting Focus
by
in SecurityNewsThe notorious cybercrime group Hunters International is dropping ransomware to focus on data theft and extortion. The post Hunters International Ransomware Gang Rebranding, Shifting Focus appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/hunters-international-ransomware-gang-rebranding-shifting-focus/
-
Russian Seashell Blizzard Targets Organizations Using Custom-Built Hacking Tools
by
in SecurityNewsSeashell Blizzard, also known as APT44, Sandworm, and Voodoo Bear, has emerged as a sophisticated adversary targeting critical sectors worldwide. Associated with Russia’s Military Intelligence Unit 74455 (GRU), this group has been active since at least 2009, focusing on sectors such as energy, telecommunications, government, military, manufacturing, and retail. Their operations often involve long-term access…
-
DPRK IT Workers: A Global Threat Expanding in Scope and Scale
by
in SecurityNewsA recent report by Google Threat Intelligence Group (GTIG) reveals that the threat posed by Democratic People’s Republic First seen on securityonline.info Jump to article: securityonline.info/dprk-it-workers-a-global-threat-expanding-in-scope-and-scale/
-
New advanced FIN7’s Anubis backdoor allows to gain full system control on Windows
by
in SecurityNewsFIN7 cybercrime group has been linked to Anubis, a Python-based backdoor that provides remote access to compromised Windows systems. The threat actor FIN7, also known as Savage Ladybug, has developed a new Python-based malware, named Anubis Backdoor, which allows attackers to gain full remote control over infected Windows systems. It executes shell commands and system…
-
Hacker Leaks 144GB of Royal Mail Group Data, Blames Supplier Spectos
Hacker leaks 144GB of sensitive Royal Mail Group data, including customer info and internal files, claiming access came via supplier Spectos. Investigation underway! First seen on hackread.com Jump to article: hackread.com/hacker-leaks-royal-mail-group-data-supplier-spectos/
-
Over 1,500 PostgreSQL Servers Hit by Fileless Malware Attack
by
in SecurityNewsA sophisticated malware campaign has compromised over 1,500 PostgreSQL servers, leveraging fileless techniques to deploy cryptomining payloads. The attack, identified by Wiz Threat Research and attributed to the threat actor group JINX-0126, exploits publicly exposed PostgreSQL instances configured with weak or default credentials. The attackers utilize these vulnerabilities to execute XMRig-C3 cryptominers without leaving detectable…
-
Threat-informed defense for operational technology: Moving from information to action
by
in SecurityNews
Tags: access, ai, attack, automation, blueteam, cloud, control, crime, cyber, cyberattack, cybercrime, cybersecurity, data, defense, detection, exploit, finance, fortinet, framework, group, incident response, infrastructure, intelligence, law, malicious, malware, mitre, network, phishing, PurpleTeam, ransomware, RedTeam, resilience, risk, service, soar, strategy, tactics, technology, threat, tool, usaThe rise of cybercrime-as-a-service Today’s macro threat landscape is a flourishing ecosystem of cybercrime facilitated by crime-as-a-service (CaaS) models. Cybercriminal networks now operate like legitimate businesses, with specialized units dedicated to activities such as money laundering, malware development, and spear phishing. This ecosystem lowers the barrier to entry for cybercrime, enabling low-skilled adversaries to launch…
-
China’s FamousSparrow APT Hits Americas with SparrowDoor Malware
by
in SecurityNewsChina-linked APT group FamousSparrow hits targets in the Americas using upgraded SparrowDoor malware in new cyberespionage campaign, ESET reports. First seen on hackread.com Jump to article: hackread.com/china-famoussparrow-apt-americas-sparrowdoor-malware/
-
North Korea IT Workers Expand Their Employment Across Europe To Infiltrate the Company Networks
by
in SecurityNewsNorth Korean IT workers have intensified their global operations, expanding their employment footprint across Europe to infiltrate corporate networks and generate revenue for the regime. According to the latest report by Google Threat Intelligence Group (GTIG), these workers pose as legitimate remote employees, leveraging advanced technical skills and deceptive tactics to gain access to sensitive…
-
Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers
by
in SecurityNewsCybersecurity researchers have shed light on an “auto-propagating” cryptocurrency mining botnet called Outlaw (aka Dota) that’s known for targeting SSH servers with weak credentials.”Outlaw is a Linux malware that relies on SSH brute-force attacks, cryptocurrency mining, and worm-like propagation to infect and maintain control over systems,” Elastic Security Labs said in a new analysis First…
-
Group-IB veröffentlicht neuen Hightech-Crime-Report: Europa unter Druck
by
in SecurityNewsDer Bericht liefert umfassende Einblicke in die globale und regionale Bedrohungslandschaft und basiert auf eigenen Forschungsergebnissen, realen Cyberermittlungen sowie Erkenntnissen des internationalen Netzwerks der Digital Crime Resistance Centers (DCRCs) von Group-IB. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/group-ib-veroeffentlicht-neuen-hightech-crime-report-europa-unter-druck/a40366/
-
10 best practices for vulnerability management according to CISOs
by
in SecurityNews
Tags: api, attack, automation, best-practice, business, ceo, cio, ciso, control, cybersecurity, data, detection, framework, group, incident response, metric, mitre, penetration-testing, programming, ransomware, risk, risk-management, service, software, strategy, technology, threat, tool, update, vulnerability, vulnerability-management1. Culture Achieving a successful vulnerability management program starts with establishing a cybersecurity-minded culture across the organization. Many CISOs admitted to facing historical cultural problems, with one summing it up well. “Our cybersecurity culture was pretty laissez-faire until we got hit with Log4J and then a ransomware attack,” he told CSO. “These events were an…