Medusa group steps up ransomware activities
A fast rising ransomware outfit is escalating its activities and has launched a new blog offering victims a variety of payoff options, according to a report released Thursday by Palo Alto Networks’ Unit 42. The new Medusa Blog is used by the group to post stolen data with the threat of exposing the data if…
Turkish APT ‘Sea Turtle’ Resurfaces to Spy on Kurdish Opposition
A group aligned with the interests of the government of Turkey has been turning up its politically motivated cyber espionage lately, targeting Kurdish opposition groups through high-value supply chain targets in Europe, the Middle East, and North Africa. Following some years out of the limelight, Sea Turtle (aka Teal Kurma, Marbled Dust, Silicon, or Cosmic…
North Korea Debuts ‘SpectralBlur’ Malware Amid macOS Onslaught
The prolific North Korean state-backed threat actor known as TA444 is back with shiny new malware for targeting macOS users, dubbed “SpectralBlur.” The custom tool is the latest in a string of proprietary malware that the advanced persistent threat (APT) group has been consistently generating — a trait that sets it apart from other DPRK-sponsored…
Hacked Mandiant X Account Abused for Cryptocurrency Theft
The account of Mandiant, which is part of Google Cloud, was renamed to ‘Phantom’ and its profile image and description were updated to appear affiliated with the legitimate Phantom cryptocurrency wallet. Messages posted on the hijacked account promoted a website hosted at claim-phntm.com, which claimed to distribute cryptocurrency tokens through an airdrop. In reality, the…
Microsoft disables online Windows App Installer after attackers abuse it
Microsoft has disabled the App Installer functionality that allowed Windows 10 apps to be installed directly from a web page by clicking on a link that used the ms-appinstaller URI scheme. This functionality has been heavily abused in recent months by different threat actors to deploy ransomware and other malicious implants. “Threat actors have likely…
Cyberattackers Target Nuclear Waste Company via LinkedIn
Last week, a group of hackers targeted Radioactive Waste Management (RWM), a UK government-owned company behind the country’s multibllion-dollar Geological Disposal Facility (GDF) nuclear waste-storage project, using social engineering and LinkedIn. RWM merged last year with two other companies to create Nuclear Waste Services (NWS), which also administers the Low Level Waste Repository in Cumbria,…
New Rugmi Malware Loader Surges with Hundreds of Daily Detections
A new malware loader is being used by threat actors to deliver a wide range of information stealers such as Lumma Stealer (aka LummaC2), Vidar, RecordBreaker (aka Raccoon Stealer V2), and Rescoms. Cybersecurity firm ESET is tracking the trojan under the name Win/TrojanDownloader.Rugmi. “This malware is a loader with three types of components: a downloader…
Chameleon Android Malware Can Bypass Biometric Security
Active since early 2023, the malware initially targeted mobile banking applications in Australia and Poland, but has since expanded its reach to the UK and Italy. When initially uncovered, ThreatFabric explains, Chameleon used multiple loggers, had limited malicious functionality, and contained various unused commands, suggesting that it was still under development. Employing a proxy feature…
Chinese ‘Volt Typhoon’ hackers take aim at US critical infrastructure
Hackers allegedly connected to the People’s Liberation Army in China are responsible for a series of recent attacks on critical infrastructure in the USA, according to a report first published in the Washington Post. The attacks on tens of sensitive sites were on locations of extreme importance. Locations such as Hawaii, Guam, the West Coast,…
BlackCat Ransomware ‘Unseizing’ a Dark Web Stunt
The BlackCat ransomware-as-a-service operation’s putative “unseizing” of its leak site from the FBI is a stunt made possible by way the dark web handles address resolution, security researchers said Monday. The stunt was a “tactical error” that could alienate affiliates. U.S. authorities as part of an international law enforcement operation announced Monday morning that they…
