#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Cyber Attack | Breaking Cybersecurity News | The Hacker News

Category — Cyber Attack
North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack

North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack

Oct 30, 2024 Ransomware / Threat Intelligence
Threat actors linked to North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, underscoring their financial motivations. The activity, observed between May and September 2024, has been attributed to a threat actor tracked as Jumpy Pisces , which is also known as Andariel, APT45, DarkSeoul, Nickel Hyatt, Onyx Sleet (formerly Plutonium), Operation Troy, Silent Chollima, and Stonefly. "We believe with moderate confidence that Jumpy Pisces, or a faction of the group, is now collaborating with the Play ransomware group," Palo Alto Networks Unit 42 said in a new report published today. "This incident is significant because it marks the first recorded collaboration between the Jumpy Pisces North Korean state-sponsored group and an underground ransomware network." Andariel, active since at least 2009, is affiliated with North Korea's Reconnaissance General Bureau (RGB). It has been previously observed deploying
Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services

Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services

Oct 28, 2024 Cloud Security / Cyber Attack
A government entity and a religious organization in Taiwan were the target of a China-linked threat actor known as Evasive Panda that infected them with a previously undocumented post-compromise toolset codenamed CloudScout. "The CloudScout toolset is capable of retrieving data from various cloud services by leveraging stolen web session cookies," ESET security researcher Anh Ho said . "Through a plugin, CloudScout works seamlessly with MgBot, Evasive Panda's signature malware framework." The use of the .NET-based malware tool, per the Slovak cybersecurity company, was detected between May 2022 and February 2023. It incorporates 10 different modules, written in C#, out of which three are meant for stealing data from Google Drive, Gmail, and Outlook. The purpose of the remaining modules remains unknown. Evasive Panda, also tracked as Bronze Highland, Daggerfly, and StormBamboo, is a cyber espionage group that has a track record of striking various entitie
Permiso State of Identity Security 2024: A Shake-up in Identity Security Is Looming Large

Permiso State of Identity Security 2024: A Shake-up in Identity Security Is Looming Large

Oct 23, 2024Identity Security / Data Protection
Identity security is front, and center given all the recent breaches that include Microsoft, Okta, Cloudflare and Snowflake to name a few. Organizations are starting to realize that a shake-up is needed in terms of the way we approach identity security both from a strategic but also a technology vantage point.  Identity security is more than just provisioning access  The conventional view of viewing identity security as primarily concerned with provisioning and de-provisioning access for applications and services, often in a piecemeal manner, is no longer sufficient. This view was reflected as a broad theme in the Permiso Security State of Identity Security Report (2024) , which finds that despite growing levels of confidence in the ability to identify security risk, nearly half of organizations (45%) remain "concerned" or "extremely concerned" about their current tools being able to detect and protect against identity security attacks.  The Permiso commissioned survey conducted o
CERT-UA Identifies Malicious RDP Files in Latest Attack on Ukrainian Entities

CERT-UA Identifies Malicious RDP Files in Latest Attack on Ukrainian Entities

Oct 26, 2024 Cyber Attack / Threat Intelligence
The Computer Emergency Response Team of Ukraine (CERT-UA) has detailed a new malicious email campaign targeting government agencies, enterprises, and military entities. "The messages exploit the appeal of integrating popular services like Amazon or Microsoft and implementing a zero-trust architecture," CERT-UA said . "These emails contain attachments in the form of Remote Desktop Protocol ('.rdp') configuration files." Once executed, the RDP files establish a connection with a remote server, enabling the threat actors to gain remote access to the compromised hosts, steal data, and plant additional malware for follow-on attacks. Infrastructure preparation for the activity is believed to have been underway since at least August 2024, with the agency stating that it's likely to spill out of Ukraine to target other countries. CERT-UA has attributed the campaign to a threat actor it tracks as UAC-0215. Amazon Web Services (AWS), in an advisory of its own
cyber security

How To Comply With The Cyber Insurance MFA Checklist

websiteSilverfortCyber Insurance / Authentication
Learn how to comply with the checklist of resources requiring MFA coverage in cyber insurance policies.
Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices

Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices

Oct 24, 2024 Vulnerability / Cyber Attack
The North Korean threat actor known as Lazarus Group has been attributed to the zero-day exploitation of a now-patched security flaw in Google Chrome to seize control of infected devices. Cybersecurity vendor Kaspersky said it discovered a novel attack chain in May 2024 that targeted the personal computer of an unnamed Russian national with the Manuscrypt backdoor. This entails triggering the zero-day exploit simply upon visiting a fake game website ("detankzone[.]com") that was aimed at individuals in the cryptocurrency sector. The campaign is estimated to have commenced in February 2024. "On the surface, this website resembled a professionally designed product page for a decentralized finance (DeFi) NFT-based (non-fungible token) multiplayer online battle arena (MOBA) tank game, inviting users to download a trial version," Kaspersky researchers Boris Larin and Vasily Berdnikov said . "But that was just a disguise. Under the hood, this website had a hid
THN Cybersecurity Recap: Top Threats, Tools and News (Oct 14 - Oct 20)

THN Cybersecurity Recap: Top Threats, Tools and News (Oct 14 - Oct 20)

Oct 21, 2024 Cybersecurity / Weekly Recap
Hi there! Here's your quick update on the latest in cybersecurity. Hackers are using new tricks to break into systems we thought were secure—like finding hidden doors in locked houses. But the good news? Security experts are fighting back with smarter tools to keep data safe. Some big companies were hit with attacks, while others fixed their vulnerabilities just in time. It's a constant battle. For you, staying protected means keeping your devices and apps up to date. In this newsletter, we'll break down the top stories. Whether you're protecting personal data or managing security for a business, we've got tips to help you stay safe. Let's get started! ⚡ Threat of the Week China Calls Volt Typhoon an Invention of the U.S. : China's National Computer Virus Emergency Response Center (CVERC) has claimed that the threat actor tracked Volt Typhoon is an invention of U.S. intelligence agencies and their allies. It also accused the U.S. of carrying out false flag operations in
Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks

Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks

Oct 19, 2024 Network Security / Data Breach
A nascent threat actor known as Crypt Ghouls has been linked to a set of cyber attacks targeting Russian businesses and government agencies with ransomware with the twin goals of disrupting business operations and financial gain. "The group under review has a toolkit that includes utilities such as Mimikatz, XenAllPasswordPro, PingCastle, Localtonet, resocks, AnyDesk, PsExec, and others," Kaspersky said . "As the final payload, the group used the well-known ransomware LockBit 3.0 and Babuk." Victims of the malicious attacks span government agencies, as well as mining, energy, finance, and retail companies located in Russia. The Russian cybersecurity vendor said it was able to pinpoint the initial intrusion vector in only two instances, with the threat actors leveraging a contractor's login credentials to connect to the internal systems via VPN. The VPN connections are said to have originated from IP addresses associated with a Russian hosting provider'
Russian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT Variant

Russian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT Variant

Oct 17, 2024 Threat Intelligence / Malware
The Russian threat actor known as RomCom has been linked to a new wave of cyber attacks aimed at Ukrainian government agencies and unknown Polish entities since at least late 2023. The intrusions are characterized by the use of a variant of the RomCom RAT dubbed SingleCamper (aka SnipBot or RomCom 5.0), said Cisco Talos, which is monitoring the activity cluster under the moniker UAT-5647. "This version is loaded directly from the registry into memory and uses a loopback address to communicate with its loader," security researchers Dmytro Korzhevin, Asheer Malhotra, Vanja Svajcer, and Vitor Ventura noted . RomCom, also tracked as Storm-0978, Tropical Scorpius, UAC-0180, UNC2596, and Void Rabisu, has engaged in multi-motivational operations such as ransomware, extortion, and targeted credential gathering since its emergence in 2022. It's been assessed that the operational tempo of their attacks has increased in recent months with an aim to set up long-term persisten
SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack

SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack

Oct 17, 2024 Malware / Cyber Espionage
An advanced persistent threat (APT) actor with suspected ties to India has sprung forth with a flurry of attacks against high-profile entities and strategic infrastructures in the Middle East and Africa. The activity has been attributed to a group tracked as SideWinder , which is also known as APT-C-17, Baby Elephant, Hardcore Nationalist, Leafperforator, Rattlesnake, Razor Tiger, and T-APT-04. "The group may be perceived as a low-skilled actor due to the use of public exploits, malicious LNK files and scripts as infection vectors, and the use of public RATs, but their true capabilities only become apparent when you carefully examine the details of their operations," Kaspersky researchers Giampaolo Dedola and Vasily Berdnikov said . Targets of the attacks include government and military entities, logistics, infrastructure and telecommunications companies, financial institutions, universities, and oil trading companies located in Bangladesh, Djibouti, Jordan, Malaysia, the
Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack

Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack

Oct 16, 2024 Cyber Attack / Banking Trojan
A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) by making use of obfuscated JavaScript to slip past security guardrails. "The spear-phishing campaign's impact has targeted various industries, with manufacturing companies, retail firms, and government agencies being the most affected," Trend Micro said in a new analysis. "The malicious emails often impersonate official tax documents, using the urgency of personal income tax filings to trick users into downloading the malware." The cybersecurity company is tracking the threat activity cluster under the name Water Makara. It's worth pointing out that Google's Threat Analysis Group (TAG) has assigned the moniker PINEAPPLE to a similar intrusion set that delivers the same malware to Brazilian users. Both these campaigns share a point of commonality in that they commence with phishing messages that impersonate official entities su
New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT

New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT

Oct 15, 2024 Malware / Cybercrime
Cybersecurity researchers have disclosed a new malware campaign that leverages a malware loader named PureCrypter to deliver a commodity remote access trojan (RAT) called DarkVision RAT. The activity, observed by Zscaler ThreatLabz in July 2024, involves a multi-stage process to deliver the RAT payload. "DarkVision RAT communicates with its command-and-control (C2) server using a custom network protocol via sockets," security researcher Muhammed Irfan V A said in an analysis. "DarkVision RAT supports a wide range of commands and plugins that enable additional capabilities such as keylogging, remote access, password theft, audio recording, and screen captures." PureCrypter, first publicly disclosed in 2022, is an off-the-shelf malware loader that's available for sale on a subscription basis, offering customers the ability to distribute information stealers, RATs, and ransomware. The exact initial access vector used to deliver PureCrypter and, by extensio
China Accuses U.S. of Fabricating Volt Typhoon to Hide Its Own Hacking Campaigns

China Accuses U.S. of Fabricating Volt Typhoon to Hide Its Own Hacking Campaigns

Oct 15, 2024 National Security / Cyber Attack
China's National Computer Virus Emergency Response Center (CVERC) has doubled down on claims that the threat actor known as Volt Typhoon is a fabrication of the U.S. and its allies. The agency, in collaboration with the National Engineering Laboratory for Computer Virus Prevention Technology, went on to accuse the U.S. federal government, intelligence agencies, and Five Eyes countries of conducting cyber espionage activities against China, France, Germany, Japan, and internet users globally. It also said there's "ironclad evidence" indicating that the U.S. carries out false flag operations in an attempt to conceal its own malicious cyber attacks, adding it's inventing the "so-called danger of Chinese cyber attacks" and that it has established a "large-scale global internet surveillance network." "And the fact that the U.S. adopted supply chain attacks, implanted backdoors in internet products and 'pre-positioned' has completely
THN Cybersecurity Recap: Top Threats, Tools and Trends (Oct 7 - Oct 13)

THN Cybersecurity Recap: Top Threats, Tools and Trends (Oct 7 - Oct 13)

Oct 14, 2024 Recap / Cybersecurity
Hey there, it's your weekly dose of " what the heck is going on in cybersecurity land " – and trust me, you NEED to be in the loop this time. We've got everything from zero-day exploits and AI gone rogue to the FBI playing crypto kingpin – it's full of stuff they don't 🤫 want you to know. So let's jump in before we get FOMO. ⚡ Threat of the Week GoldenJackal Hacks Air-Gapped Systems: Meet GoldenJackal, the hacking crew you've probably never heard of – but should definitely know about now. They're busting into super-secure, air-gapped computer systems with sneaky worms spread through infected USB drives (yes, really!), proving that even the most isolated networks aren't safe. ESET researchers caught them red-handed using two different custom-made tools to target high-profile victims, including a South Asian embassy in Belarus and a European Union government organization. 🔔 Top News Mozilla Patches Firefox 0-Day: Mozilla patched a
N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware

N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware

Oct 09, 2024 Phishing Attack / Malware
Threat actors with ties to North Korea have been observed targeting job seekers in the tech industry to deliver updated versions of known malware families tracked as BeaverTail and InvisibleFerret. The activity cluster, tracked as CL-STA-0240, is part of a campaign dubbed Contagious Interview that Palo Alto Networks Unit 42 first disclosed in November 2023. "The threat actor behind CL-STA-0240 contacts software developers through job search platforms by posing as a prospective employer," Unit 42 said in a new report. "The attackers invite the victim to participate in an online interview, where the threat actor attempts to convince the victim to download and install malware." The first stage of infection involves the BeaverTail downloader and information stealer that's designed for targeting both Windows and Apple macOS platforms. The malware acts as a conduit for the Python-based InvisibleFerret backdoor. There is evidence to suggest that the activity
Expert Insights / Articles Videos
Cybersecurity Resources