#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

Cyber Attack | Breaking Cybersecurity News | The Hacker News

Category — Cyber Attack
Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts

Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts

Feb 14, 2025 Enterprise Security / Cyber Attack
Microsoft is calling attention to an emerging threat cluster it calls Storm-2372 that has been attributed to a new set of cyber attacks aimed at a variety of sectors since August 2024. The attacks have targeted government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas sectors in Europe, North America, Africa, and the Middle East.  The threat actor, assessed with medium confidence to be aligned with Russian interests, victimology, and tradecraft, has been observed targeting users via messaging apps like WhatsApp, Signal, and Microsoft Teams by falsely claiming to be a prominent person relevant to the target in an attempt to build trust. "The attacks use a specific phishing technique called 'device code phishing' that tricks users to log into productivity apps while Storm-2372 actors capture the information from the log in (tokens) that they can us...
Gcore DDoS Radar Reveals 56% YoY Increase in DDoS Attacks

Gcore DDoS Radar Reveals 56% YoY Increase in DDoS Attacks

Feb 11, 2025 IoT Security / Cloud Security
Gcore's latest DDoS Radar report analyzes attack data from Q3–Q4 2024, revealing a 56% YoY rise in the total number of DDoS attacks with the largest attack peaking at a record 2 Tbps. The financial services sector saw the most dramatic increase, with a 117% rise in attacks, while gaming remained the most-targeted industry. This period's findings emphasize the need for robust, adaptive DDoS mitigation as attacks become more precise and frequent. Let's dive into the numbers. Key takeaways: the future of DDoS defense Here are the four key takeaways from Gcore Radar: DDoS attacks are increasing in volume and sophistication. The 17% growth in total attacks and new peak volume of 2 Tbps highlight the need for advanced protection. Financial services face growing risks. With a 117% increase in attacks, this sector requires heightened security measures. Shorter, high-intensity attacks are now the norm. Traditional mitigation approaches must adapt to rapid burst attacks that can evad...
Protecting Your Software Supply Chain: Assessing the Risks Before Deployment

Protecting Your Software Supply Chain: Assessing the Risks Before Deployment

Feb 11, 2025Software Security / Threat Intelligence
Imagine you're considering a new car for your family. Before making a purchase, you evaluate its safety ratings, fuel efficiency, and reliability. You might even take it for a test drive to ensure it meets your needs. The same approach should be applied to software and hardware products before integrating them into an organization's environment. Just as you wouldn't buy a car without knowing its safety features, you shouldn't deploy software without understanding the risks it introduces. The Rising Threat of Supply Chain Attacks Cybercriminals have recognized that instead of attacking an organization head-on, they can infiltrate through the software supply chain—like slipping counterfeit parts into an assembly line. According to the 2024 Sonatype State of the Software Supply Chain report , attackers are infiltrating open-source ecosystems at an alarming rate, with over 512,847 malicious packages detected last year alone—a 156% increase from the previous year. Traditional sec...
Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks

Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks

Feb 11, 2025 Malware / Cyber Attack
Threat actors have observed the increasingly common ClickFix technique to deliver a remote access trojan named NetSupport RAT since early January 2025. NetSupport RAT, typically propagated via bogus websites and fake browser updates, grants attackers full control over the victim's host, allowing them to monitor the device's screen in real-time, control the keyboard and mouse, upload and download files, and launch and execute malicious commands. Originally known as NetSupport Manager, it was developed as a legitimate remote IT support program, but has since been repurposed by malicious actors to target organizations and capture sensitive information, including screenshots, audio, video, and files. "ClickFix is a technique used by threat actors to inject a fake CAPTCHA webpage on compromised websites, instructing users to follow certain steps to copy and execute malicious PowerShell commands on their host to download and run malware payloads," eSentire said in an...
cyber security

Webinar: 5 Ways New AI Agents Can Automate Identity Attacks | Register Now

websitePush SecurityAI Agents / Identity Security
Learn how CUAs like OpenAI Operator can be used by attackers to automate account takeover and exploitation.
Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking

Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking

Feb 06, 2025 Cyber Attack / Malware
Bogus websites advertising Google Chrome have been used to distribute malicious installers for a remote access trojan called ValleyRAT. The malware, first detected in 2023, is attributed to a threat actor tracked as Silver Fox, with prior attack campaigns primarily targeting Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China. "This actor has increasingly targeted key roles within organizations—particularly in finance, accounting, and sales department — highlighting a strategic focus on high-value positions with access to sensitive data and systems," Morphisec researcher Shmuel Uzan said in a report published earlier this week. Early attack chains have been observed delivering ValleyRAT alongside other malware families such as Purple Fox and Gh0st RAT, the latter of which has been extensively used by various Chinese hacking groups . As recently as last month, counterfeit installers for legitimate software have served as a distribution mechanism for t...
E.U. Sanctions 3 Russian Nationals for Cyber Attacks Targeting Estonia’s Key Ministries

E.U. Sanctions 3 Russian Nationals for Cyber Attacks Targeting Estonia's Key Ministries

Jan 28, 2025 Cybersecurity / Cyber Espionage
The Council of the European Union has sanctioned three individuals for allegedly carrying out "malicious cyber activities" against Estonia. The three Russian nationals – Nikolay Alexandrovich Korchagin, Vitaly Shevchenko, and Yuriy Fedorovich Denisov – are officers of the General Staff of the Armed Forces of the Russian Federation (GRU) Unit 29155, it said. Per the council decision, all the individuals are said to be responsible for cyber attacks against computer systems with the aim of collecting data from the data systems of multiple institutions with an aim to gain insights into the cyber security policy of Estonia. "The cyber-attacks granted attackers unauthorized access to classified information and sensitive data stored within several government ministries — including Economic Affairs and Communications, Social Affairs, and Foreign Affairs — leading to the theft of thousands of confidential documents," per the Council . This included business secrets, h...
Trump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity Review

Trump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity Review

Jan 23, 2025 Cybersecurity / National Security
The new Trump administration has terminated all memberships of advisory committees that report to the Department of Homeland Security (DHS).  "In alignment with the Department of Homeland Security's (DHS) commitment to eliminating the misuse of resources and ensuring that DHS activities prioritize our national security, I am directing the termination of all current memberships on advisory committees within DHS, effective immediately," Acting Secretary Benjamine C. Huffman said in a January 20, 2025, memo. "Future committee activities will be focused solely on advancing our critical mission to protect the homeland and support DHS's strategic priorities." This includes members of the Cybersecurity and Infrastructure Security Agency's (CISA) Cyber Safety Review Board (CSRB), which last year issued a scathing report excoriating Microsoft for a "cascade" of avoidable errors that led to its infrastructure being abused by a China-based nation-st...
PNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers

PNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers

Jan 21, 2025 Cyber Attack / Windows Security
Cybersecurity researchers are calling attention to a series of cyber attacks that have targeted Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China with a known malware called ValleyRAT. The attacks leverage a multi-stage loader dubbed PNGPlug to deliver the ValleyRAT payload, Intezer said in a technical report published last week. The infection chain commences with a phishing page that's designed to encourage victims to download a malicious Microsoft Installer (MSI) package disguised as legitimate software.  Once executed, the installer deploys a benign application to avoid arousing suspicion, while also stealthily extracting an encrypted archive containing the malware payload. "The MSI package uses the Windows Installer's CustomAction feature, enabling it to execute malicious code, including running an embedded malicious DLL that decrypts the archive (all.zip) using a hardcoded password 'hello202411' to extract the core malware components,...
DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection

DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection

Jan 20, 2025 Android / Malware
The Threat actor known as DoNot Team has been linked to a new Android malware as part of highly targeted cyber attacks. The artifacts in question, named Tanzeem (meaning "organization" in Urdu) and Tanzeem Update, were spotted in October and December 2024 by cybersecurity company Cyfirma. The apps in question have been found to incorporate identical functions, barring minor modifications to the user interface. "Although the app is supposed to function as a chat application, it does not work once installed, shutting down after the necessary permissions are granted," Cyfirma noted in a Friday analysis. "The app's name suggests that it is designed to target specific individuals or groups both inside and outside the country." DoNot Team, also tracked as APT-C-35, Origami Elephant, SECTOR02, and Viceroy Tiger, is a hacking group believed to be of Indian origin, with historical attacks leveraging spear-phishing emails and Android malware families to...
U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Salt Typhoon

U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Salt Typhoon

Jan 18, 2025 Cyber Espionage / Telecom Security
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has imposed sanctions against a Chinese cybersecurity company and a Shanghai-based cyber actor for their alleged links to the Salt Typhoon group and the recent compromise of the federal agency. "People's Republic of China-linked (PRC) malicious cyber actors continue to target U.S. government systems, including the recent targeting of Treasury's information technology (IT) systems, as well as sensitive U.S. critical infrastructure," the Treasury said in a press release. The sanctions target Yin Kecheng, who is assessed to have been a cyber actor for over a decade and affiliated with China's Ministry of State Security (MSS). Kecheng, per the Treasury, was associated with the breach of its own network that came to light earlier this month. The incident involved a hack of BeyondTrust's systems that allowed the threat actors to infiltrate some of the company's Remote Support SaaS inst...
RedDelta Deploys PlugX Malware to Target Mongolia and Taiwan in Espionage Campaigns

RedDelta Deploys PlugX Malware to Target Mongolia and Taiwan in Espionage Campaigns

Jan 10, 2025 Cyber Espionage / Cyber Attack
Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia have been targeted by the China-nexus RedDelta threat actor to deliver a customized version of the PlugX backdoor between July 2023 and December 2024. "The group used lure documents themed around the 2024 Taiwanese presidential candidate Terry Gou, the Vietnamese National Holiday, flood protection in Mongolia, and meeting invitations, including an Association of Southeast Asian Nations (ASEAN) meeting," Recorded Future's Insikt Group said in a new analysis. It's believed that the threat actor compromised the Mongolian Ministry of Defense in August 2024 and the Communist Party of Vietnam in November 2024. It's also said to have targeted various victims in Malaysia, Japan, the United States, Ethiopia, Brazil, Australia, and India from September to December 2024. RedDelta, active since at least 2012, is the moniker assigned to a state-sponsored threat actor from China. It's also tracked by the cybersecurity co...
Top 5 Malware Threats to Prepare Against in 2025

Top 5 Malware Threats to Prepare Against in 2025

Jan 08, 2025 Malware Analysis / Threat Intelligence
2024 had its fair share of high-profile cyber attacks, with companies as big as Dell and TicketMaster falling victim to data breaches and other infrastructure compromises. In 2025, this trend will continue. So, to be prepared for any kind of malware attack, every organization needs to know its cyber enemy in advance. Here are 5 common malware families that you can start preparing to counter right now. Lumma Lumma is a widely available malware designed to steal sensitive information. It has been openly sold on the Dark Web since 2022. This malware can effectively collect and exfiltrate data from targeted applications, including login credentials, financial information, and personal details. Lumma is regularly updated to enhance its capabilities. It can log detailed information from compromised systems, such as browsing history and cryptocurrency wallet data. It can be used to install other malicious software on infected devices. In 2024, Lumma was distributed through various methods...
CISA: No Wider Federal Impact from Treasury Cyber Attack, Investigation Ongoing

CISA: No Wider Federal Impact from Treasury Cyber Attack, Investigation Ongoing

Jan 07, 2025 Critical Infrastructure / Cyber Attack
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday said there are no indications that the cyber attack targeting the Treasury Department impacted other federal agencies. The agency said it's working closely with the Treasury Department and BeyondTrust to get a better understanding of the breach and mitigate its impacts. "The security of federal systems and the data they protect is of critical importance to our national security," CISA said . "We are working aggressively to safeguard against any further impacts and will provide updates, as appropriate." The latest statement comes a week after the Treasury Department said it was the victim of a "major cybersecurity incident" that allowed Chinese state-sponsored threat actors to remotely access some computers and unclassified documents. The cyber attack, which came to light in early December 2024, involved a breach of BeyondTrust's systems that allowed the adversary to in...
Expert Insights / Articles Videos
Cybersecurity Resources