#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

cyber espionage | Breaking Cybersecurity News | The Hacker News

South Korean Citizen Detained in Russia on Cyber Espionage Charges

South Korean Citizen Detained in Russia on Cyber Espionage Charges

Mar 12, 2024 Cyber Espionage / Threat
Russia has detained a South Korean national for the first time on cyber espionage charges and transferred from Vladivostok to Moscow for further investigation. The development was  first reported  by Russian news agency TASS. "During the investigation of an espionage case, a South Korean citizen Baek Won-soon was identified and detained in Vladivostok, and put into custody under a court order," an unnamed source was quoted as saying. Won-soon has been accused of handing over classified "top secret" information to unnamed foreign intelligence agencies. According to the agency, Won-soon was detained in Vladivostok earlier this year and shifted to Moscow late last month. He is said to be currently at the Lefortovo pretrial detention center. His arrest has been extended for another three months, until June 15, 2024. The  detention center  is currently also the  place  where American journalist Evan Gershkovich is  being held , awaiting trial on suspicion of espionage. Gershkovich ha
Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets

Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets

Mar 09, 2024 Cyber Attack / Threat Intelligence
Microsoft on Friday revealed that the Kremlin-backed threat actor known as  Midnight Blizzard  (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal systems following a  hack that came to light  in January 2024. "In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access," the tech giant  said . "This has included access to some of the company's source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised." Redmond, which is continuing to investigate the extent of the breach, said the Russian state-sponsored threat actor is attempting to leverage the different types of secrets it found, including those that were shared between customers and Microsoft in email. It, however, did not disclose what the
How to Find and Fix Risky Sharing in Google Drive

How to Find and Fix Risky Sharing in Google Drive

Mar 06, 2024Data Security / Cloud Security
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be challenging to differentiate between typical business practices and potential risks without fully understanding the context and intent.  Material Security, a company renowned for its innovative method of protecting sensitive data within employee mailboxes, has recently launched  Data Protection for Google Drive  to safeguard the sprawl of confidential information scattered throughout Google Drive with a powerful discovery and remediation toolkit. How Material Security helps organ
Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks

Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks

Mar 07, 2024 Cyber Espionage / Software Security
The China-linked threat actor known as  Evasive Panda  orchestrated both watering hole and supply chain attacks targeting Tibetan users at least since September 2023. The end goal of the attacks is to deliver malicious downloaders for Windows and macOS that deploy a known backdoor called MgBot and a previously undocumented Windows implant known as Nightdoor. The findings come from ESET, which said the attackers compromised at least three websites to carry out watering-hole attacks as well as a supply-chain compromise of a Tibetan software company. The operation was discovered in January 2024. Evasive Panda, active since 2012 and also known as Bronze Highland and Daggerfly, was  previously disclosed  by the Slovak cybersecurity firm in April 2023 as having targeted an international non-governmental organization (NGO) in Mainland China with MgBot. Another report from Broadcom-owned Symantec around the same time  implicated  the adversary to a cyber espionage campaign aimed at infil
cyber security

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.
U.S. Cracks Down on Predatory Spyware Firm for Targeting Officials and Journalists

U.S. Cracks Down on Predatory Spyware Firm for Targeting Officials and Journalists

Mar 06, 2024 Privacy / Spyware
The U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) sanctioned two individuals and five entities associated with the Intellexa Alliance for their role in "developing, operating, and distributing" commercial spyware designed to target government officials, journalists, and policy experts in the country. "The proliferation of commercial spyware poses distinct and growing security risks to the United States and has been misused by foreign actors to enable human rights abuses and the targeting of dissidents around the world for repression and reprisal," the agency  said . "The Intellexa Consortium, which has a global customer base, has enabled the proliferation of commercial spyware and surveillance technologies around the world, including to authoritarian regimes." The Intellexa Alliance is a consortium of several companies, including Cytrox, linked to a mercenary spyware solution called Predator . In July 2023, the U.S. government  added  Cytrox and Intellexa, a
New Backdoor Targeting European Officials Linked to Indian Diplomatic Events

New Backdoor Targeting European Officials Linked to Indian Diplomatic Events

Feb 29, 2024 Cyber Espionage / Malware
A previously undocumented threat actor dubbed  SPIKEDWINE  has been observed targeting officials in European countries with Indian diplomatic missions using a new backdoor called WINELOADER . The adversary, according to a  report  from Zscaler ThreatLabz, used a PDF file in emails that purported to come from the Ambassador of India, inviting diplomatic staff to a wine-tasting event on February 2, 2024. The  PDF document  was uploaded to VirusTotal from Latvia on January 30, 2024. That said, there is evidence to suggest that this campaign may have been active at least since July 6, 2023, going by the discovery of  another similar PDF file  uploaded from the same country. "The attack is characterized by its very low volume and the advanced tactics, techniques, and procedures (TTPs) employed in the malware and command-and-control (C2) infrastructure," security researchers Sudeep Singh and Roy Tay said. Central to the novel attack is the PDF file that comes embedded with a malicious
Cybersecurity Resources