Intelligence

Pierluigi Paganini July 28, 2023
Russian APT BlueBravo targets diplomatic entities with GraphicalProton backdoor

Russia-linked BlueBravo has been spotted targeting diplomatic entities in Eastern Europe with the GraphicalProton Backdoor. The Russia-linked threat-state actor BlueBravo (aka APT29, Cloaked Ursa, and Midnight Blizzard, Nobelium) has been observed targeting diplomatic entities throughout Eastern Europe. The group was observed conducting a spear-phishing campaign with the end goal of infecting recipients with a new backdoor […]

Pierluigi Paganini July 27, 2023
GROUP-IB Co-Founder ILYA SACHKOV SENTENCED TO 14 YEARS IN A STRICT PRISON COLONY

Ilya Sachkov, former CEO and co-founder of Group-IB was sentenced to 14 years in a high security prison colony according to the Moscow court announcement. As per the announcement from the Moscow court, Ilya Sachkov, the former CEO and co-founder of Group-IB, has been sentenced to 14 years in a high-security prison colony. Sachkov listened […]

Pierluigi Paganini July 21, 2023
Experts believe North Korea behind JumpCloud supply chain attack

SentinelOne researchers attribute the recent supply chain attacks on JumpCloud to North Korea-linked threat actors. JumpCloud is a cloud-based directory service platform designed to manage user identities, devices, and applications in a seamless and secure manner. It allows IT administrators to centralize and simplify their identity and access management tasks across various systems and applications. […]

Pierluigi Paganini July 19, 2023
Ukraine’s cyber police dismantled a massive bot farm spreading propaganda

The Cyber ​​Police Department of the National Police of Ukraine dismantled a massive bot farm and seized 150,000 SIM cards. A gang of more than 100 individuals used fake social network accounts to conduct disinformation and psychological operations in support of the Russian government and its narrative on the invasion of Ukraine. The gang used […]

Pierluigi Paganini July 19, 2023
US Gov adds surveillance firms Cytrox and Intellexa to Entity List for trafficking in cyber exploits

The U.S. government added surveillance technology vendors Cytrox and Intellexa to an economic blocklist for trafficking in cyber exploits. The Commerce Department’s Bureau of Industry and Security (BIS) added surveillance technology vendors Intellexa and Cytrox to the Entity List for trafficking in cyber exploits used to gain access to information systems. The Entity List maintained […]

Pierluigi Paganini July 15, 2023
Russia-linked APT Gamaredon starts stealing data from victims between 30 and 50 minutes after the initial compromise

Ukraine’s Computer Emergency Response Team (CERT-UA) states that Russia-linked APT Gamaredon starts stealing data 30 minutes after the initial compromise. Ukraine’s Computer Emergency Response Team (CERT-UA) is warning that the Russia-linked APT group Gamaredon (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa) use to steal data from victims’ networks in less than an hour after the initial compromise. Gamaredon has […]

Pierluigi Paganini July 13, 2023
Chinese hackers compromised emails of U.S. Government agencies

Chinese hackers have compromised the emails of an unnamed US Federal Civilian Executive Branch (FCEB) agency. In Mid-June a malicious email activity was reported by an unnamed US Federal Civilian Executive Branch (FCEB) agency. Microsoft experts who investigated the suspicious activity discovered that China-linked threat actors have targeted the agency as part of a cyberespionage […]

Pierluigi Paganini July 12, 2023
Microsoft mitigated an attack by Chinese threat actor Storm-0558

Microsoft announced it has mitigated a cyber attack by a China-linked threat actor, tracked as Storm-0558, which targeted customer emails. Microsoft announced it has mitigated an attack conducted by a China-linked threat actor, tracked as Storm-0558, which targeted customer emails. Storm-0558 threat actors focus on government agencies in Western Europe and were observed conducting cyberespionage, […]

Pierluigi Paganini July 10, 2023
RomCom RAT attackers target groups supporting NATO membership of Ukraine

Threat actors are targeting NATO and groups supporting Ukraine in a spear-phishing campaign distributing the RomCom RAT. On July 4, the BlackBerry Threat Research and Intelligence team uncovered a spear phishing campaign aimed at an organization supporting Ukraine abroad. The researchers discovered two lure documents submitted from an IP address in Hungary, both targeting upcoming NATO Summit guests who […]

Pierluigi Paganini July 08, 2023
Iran-linked APT TA453 targets Windows and macOS systems

Iran-linked APT group tracked TA453 has been linked to a new malware campaign targeting both Windows and macOS systems. The Iran-linked threat actor TA453 has been linked to a malware campaign that targets both Windows and macOS. TA453 is a nation-state actor that overlaps with activity tracked as Charming Kitten, PHOSPHORUS, and APT42. TA453 in May 2023 started […]