#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Hacktivism | Breaking Cybersecurity News | The Hacker News

Category — Hacktivism
Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore

Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore

Sep 05, 2024 Cyber Threat / Malware
Threat actors are likely employing a tool designated for red teaming exercises to serve malware, according to new findings from Cisco Talos. The program in question is a payload generation framework called MacroPack , which is used to generate Office documents, Visual Basic scripts, Windows shortcuts, and other formats for penetration testing and social engineering assessments. It was developed by French developer Emeric Nasi. The cybersecurity company said it found artifacts uploaded to VirusTotal from China, Pakistan, Russia, and the U.S. that were all generated by MacroPack and used to deliver various payloads such as Havoc, Brute Ratel , and a new variant of PhantomCore , a remote access trojan (RAT) attributed to a hacktivist group named Head Mare. "A common feature in all the malicious documents we dissected that caught our attention is the existence of four non-malicious VBA subroutines," Talos researcher Vanja Svajcer said . "These subroutines appeared
Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus

Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus

Sep 03, 2024 Ransomware / Malware
A hacktivist group known as Head Mare has been linked to cyber attacks that exclusively target organizations located in Russia and Belarus. "Head Mare uses more up-to-date methods for obtaining initial access," Kaspersky said in a Monday analysis of the group's tactics and tools. "For instance, the attackers took advantage of the relatively recent CVE-2023-38831 vulnerability in WinRAR, which allows the attacker to execute arbitrary code on the system via a specially prepared archive. This approach allows the group to deliver and disguise the malicious payload more effectively." Head Mare, active since 2023, is one of the hacktivist groups attacking Russian organizations in the context of the Russo-Ukrainian conflict that began a year before. It also maintains a presence on X , where it has leaked sensitive information and internal documentation from victims. Targets of the group's attacks include governments, transportation, energy, manufacturing,
SANS Institute Unveils Critical Infrastructure Strategy Guide for 2024: A Call to Action for Securing ICS/OT Environments

SANS Institute Unveils Critical Infrastructure Strategy Guide for 2024: A Call to Action for Securing ICS/OT Environments

Aug 30, 2024ICS Security / OT Security
A comprehensive guide authored by Dean Parsons, SANS Certified Instructor and CEO / Principal Consultant of ICS Defense Force, emphasizes the growing need for specialized ICS security measures in the face of rising cyber threats. With a staggering 50% increase in ransomware attacks targeting industrial control systems (ICS) in 2023, the SANS Institute is taking decisive action by announcing the release of its essential new strategy guide, " ICS Is the Business: Why Securing ICS/OT Environments Is Business-Critical in 2024 ." Authored by Dean Parsons, CEO of ICS Defense Force and a SANS Certified Instructor, this guide offers a comprehensive analysis of the rapidly evolving threat landscape and provides critical steps that organizations must take to safeguard their operations and ensure public safety. As cyber threats grow in both frequency and sophistication, this guide is an indispensable resource for securing the vital systems that underpin our world. Key Insights from t
Unpacking Slack Hacks: 6 Ways to Protect Sensitive Data with Secure Collaboration

Unpacking Slack Hacks: 6 Ways to Protect Sensitive Data with Secure Collaboration

Aug 26, 2024 Data Security / Compliance
Nowadays, sensitive and critical data is traveling in everyday business channels that offer only the basic level of security and encryption, and companies are often oblivious to the risk. A case in point: Disney suffered a devastating data leak by a hacktivist group known as NullBulge that got hold of over 1.2 terabytes of data from Disney's internal Slack messaging channels. The breach exposed sensitive information, including: details about unreleased projects, computer code, login details and passwords, and Intellectual Property (IP) and corporate secrets. Slack breaches have also impacted companies like Uber, Rockstar, and Electronic Arts (EA). Cisco Webex used by the German Bundeswehr leaked data from hundreds of meetings, some classified. Outlook was breached by Chinese hackers last year. We have nothing against any of the tools above. They are all great collaboration tools. However, just like companies don't allow developers to use just any old tool to push code to p
cyber security

Infostealers: How Attackers Are Stealing Your Cookies and Bypassing MFA

websitePush SecuritySaaS Security / Offensive Security
Join our webinar for a live demo of infostealer tools, showcasing session cookie theft and session hijacking to compromise MFA-protected M365 accounts and downstream SaaS apps.
Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities

Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities

May 04, 2024 Cyber Espionage / Network Security
Czechia and Germany on Friday revealed that they were the target of a long-term cyber espionage campaign conducted by the Russia-linked nation-state actor known as  APT28 , drawing condemnation from the European Union (E.U.), the North Atlantic Treaty Organization (NATO), the U.K., and the U.S. The Czech Republic's Ministry of Foreign Affairs (MFA), in a statement, said some unnamed entities in the country have been attacked using a security flaw in Microsoft Outlook that came to light early last year. "Cyber attacks targeting political entities, state institutions and critical infrastructure are not only a threat to national security, but also disrupt the democratic processes on which our free society is based," the MFA  said . The security flaw in question is  CVE-2023-23397 , a now-patched critical privilege escalation bug in Outlook that could allow an adversary to access Net-NTLMv2 hashes and then use them to authenticate themselves by means of a relay attack. G
A New Age of Hacktivism

A New Age of Hacktivism

Feb 22, 2024 Hacktivism / Information Warfare
In the past 2 years, we have observed a significant surge in hacktivism activity due to ongoing wars and geopolitical conflicts in various regions. Since the war against Ukraine began, we have witnessed a notable mobilization of non-state and state-backed actors alike, forming new groups or joining existing hacker collectives.  We understand hacktivism as a form of computer hacking that is done to further the goals of political or social  activism 1 . While  activism  describes a normal, non-disruptive use of the Internet in order to support a specific cause (online petitions, fundraising, coordinating activities),  hacktivism  includes operations that use hacking techniques with the intent to disrupt but not to cause serious harm (e.g., data theft, website defacements, redirects, Denial-of-Service attacks). Cyber operations that inherit a willingness or intent to cause harm to physical property, severe economic damage or loss of life would be referred to as  cyberterrorism, 2, 3  Th
Major Cyber Attack Paralyzes Kyivstar - Ukraine's Largest Telecom Operator

Major Cyber Attack Paralyzes Kyivstar - Ukraine's Largest Telecom Operator

Dec 13, 2023 Cyber Attack / Geopolitics
Ukraine's biggest telecom operator Kyivstar has  become  the victim of a " powerful hacker attack ," disrupting customer access to mobile and internet services. "The cyberattack on Ukraine's #Kyivstar telecoms operator has impacted all regions of the country with high impact to the capital, metrics show, with knock-on impacts reported to air raid alert network and banking sector as work continues to restore connectivity," NetBlocks  said  in a series of posts on X (formerly Twitter). Kyivstar, which is owned by Dutch-domiciled multinational telecommunication services company VEON,  serves  nearly 25 million mobile subscribers and more than 1 million home internet customers. The company said the attack was "a result of" the war with Russia and that it has notified law enforcement and special state services. While Kyivstar is working to restore the services, the internet watchdog noted that the telco is largely offline. That said, Kyivstar has yet t
U.S. Treasury Sanctions Russian Money Launderer in Cybercrime Crackdown

U.S. Treasury Sanctions Russian Money Launderer in Cybercrime Crackdown

Nov 06, 2023
The U.S. Department of the Treasury imposed sanctions against a 37-year-old Russian woman for taking part in the laundering of virtual currency for the country's elites and cybercriminal crews, including the Ryuk ransomware group. Ekaterina Zhdanova, per the department, is said to have facilitated large cross border transactions to assist Russian individuals to gain access to Western financial markets and circumvent international sanctions. "Zhdanova utilizes entities that lack Anti-Money Laundering/Combatting the Financing of Terrorism (AML/CFT) controls, such as OFAC-designated Russian cryptocurrency exchange Garantex Europe OU (Garantex)," the treasury department  said  last week.  "Zhdanova relies on multiple methods of value transfer to move funds internationally. This includes the use of cash and leveraging connections to other international money laundering associates and organizations." It's worth noting that Garantex was  previously sanctioned
Both Sides in Russia-Ukraine War Heavily Using Telegram for Disinformation and Hacktivism

Both Sides in Russia-Ukraine War Heavily Using Telegram for Disinformation and Hacktivism

Mar 04, 2022
Cyber criminals and hacktivist groups are increasingly using the Telegram messaging app to coordinate their activities, leak data, and spread disinformation, as the Russia-Ukraine conflict enters its eighth day. A new analysis by Israeli cybersecurity company Check Point Research has  found  that "user volume grew a hundred folds daily on Telegram related groups, peaking at 200,000 per group." Prominent among the groups are anti-Russian cyber attack groups, including the Ukraine government-backed IT Army, which has urged its more 270,000 members to conduct distributed denial-of-service (DDoS) attacks against Russian entities. Other hacktivist-oriented Telegram groups used to coordinate the attacks on Russian targets via DDoS, SMS or call-based attacks are Anna_ and Mark_, Check Point researchers noted. That said, there may be more to these attacks than meets the eye. "It seems that many of the hacktivist groups are more focused on building self-reputation and recei
PandaLabs Predicts Major Cybersecurity Trends for 2011

PandaLabs Predicts Major Cybersecurity Trends for 2011

Dec 23, 2010
PandaLabs, the antimalware laboratory of Panda Security, has predicted several major cybersecurity threats for 2011. These include hacktivism, cyber warfare, profit-driven malware, social engineering, and adaptive malicious codes. Additionally, there will be increased threats to Mac users, new attacks on 64-bit systems, and more zero-day exploits. Here is a summary of PandaLabs' top ten security trends for 2011: Malware Creation : In 2010, PandaLabs observed significant growth in malware, identifying 20 million new strains, more than in 2009. Currently, Panda's Collective Intelligence database contains over 60 million classified threats. Although the year-on-year growth rate has peaked, it was 50% in 2010, down from over 100% in previous years. Cyber Warfare : Incidents like Stuxnet and the WikiLeaks cables, which suggested Chinese government involvement in cyber-attacks on Google, marked a turning point in cyber conflicts. Stuxnet targeted uranium centrifuges in nuclear pla
Vigilance Urged After Anti-Islamist Group Members' Details Leaked Online

Vigilance Urged After Anti-Islamist Group Members' Details Leaked Online

Dec 20, 2010
A controversial anti-Islamist group has advised its members to stay vigilant following a leak of their details online. Hundreds of names and addresses linked to the English Defence League (EDL) were exposed after hackers breached one of the organization's websites. The group warned its members about potential reprisals and advised them to "remain extra vigilant regarding their home and personal safety." The security breach occurred last weekend when hackers accessed a clothing website connected to the EDL. The attackers, identifying themselves as the "Mujahideen Hacking Unit," obtained lists of individuals who had recently purchased items from the site or donated money to the group. The EDL has gained attention over the past year by organizing protests against what it terms the "Islamification" of Britain. Although the group claims it is neither racist nor anti-Muslim, opponents like United Against Fascism argue that the EDL's agenda is clearly I
Anonymous Claims Responsibility for Moneybookers Attack

Anonymous Claims Responsibility for Moneybookers Attack

Dec 16, 2010
Anonymous, a loosely affiliated group of Internet vigilantes, has claimed responsibility for various Internet attacks against organizations perceived as hostile to WikiLeaks. Today, the group sought to portray itself as more focused on symbolic protest rather than outright disruption. These claims come amid reports that the online payment site Moneybookers was taken offline by a distributed denial of service (DDoS) attack launched by Anonymous members. In a statement released today, Anonymous organizers contended that they are not a group of hackers but a "gathering" of average Internet citizens. "We do not want to steal your personal information or credit card numbers. We also do not seek to attack critical infrastructure of companies such as Mastercard, Visa, PayPal, or Amazon," the statement read. Instead, the focus has been on attacking corporate websites or the online "public face" of companies seen as anti-WikiLeaks. The group described these acti
Anonymous Launches Fax-Based Attack on WikiLeaks Opponents

Anonymous Launches Fax-Based Attack on WikiLeaks Opponents

Dec 14, 2010
"Operation Payback" is evolving, as attackers have initiated a fax-based campaign against companies that severed ties with WikiLeaks. Hacktivists from the group "Anonymous" are urging members to send faxes to Amazon, MasterCard, PayPal, Visa, Tableau Software, and Moneybookers. This action aims to create a fax-based version of denial-of-service attacks, according to Netcraft. Over the past few days, the group has launched distributed-denial-of-service (DDoS) attacks against websites of several companies and organizations, including MasterCard and Visa. Paul Mutton from Netcraft blogged, "This latest campaign by the Anonymous group is analogous to the distributed denial of service attacks it has been carrying out against websites over the past week. In essence, this has turned into a DDoS attack against fax machines. The group started the fax-attacks on Dec. 13 at 13:00 GMT and published a list of target fax numbers in their call to arms." "The Anon
Dutch Teens Arrested for Cyberattacks on Mastercard and Visa

Dutch Teens Arrested for Cyberattacks on Mastercard and Visa

Dec 14, 2010
A Dutch hacker collective called Revspace aims to "re-educate" Dutch teens suspected of cyberattacks against Mastercard, Visa, and the Dutch National Prosecutors Office, transforming them into "ethical hackers." Last week, Dutch police arrested a 16-year-old boy for participating in web attacks against MasterCard and Visa as part of a grassroots effort to support WikiLeaks. On Saturday, another teenager was arrested in Hoogezand-Sappemeer for admitting to flooding the website of the Dutch prosecutor. The 19-year-old, known online as Awinee, reportedly encouraged others to join the attack. The teen was released today. Martijn Gonlag, who admitted to using the tool, claimed he only wanted to test software and did not support Wikileaks. Both arrests were straightforward because the teenagers used LOIC (Low Orbit Ion Cannon), a tool that lacks security features like anonymization. The attackers' IP addresses were visible in all packets sent during the attacks, as
Anonymous Clarifies Its Identity and Mission in Recent Statement

Anonymous Clarifies Its Identity and Mission in Recent Statement

Dec 11, 2010
On December 10, 2010, Anonymous released a press statement to clarify its identity and objectives. Who is Anonymous? Anonymous, often misunderstood, is not a conventional group. Instead, it is an internet gathering without formal structure. Both Anonymous and the media acknowledge the perceived internal disagreements within the group. However, this does not imply a failure in their command structure. The decentralized nature of Anonymous is based on shared ideas rather than hierarchical directives. Unique in its form, Anonymous learns through trial and error. The collective is now working on better communication of core values to its members. They also aim to inform the public and media about their identity and principles. Contrary to popular belief, Anonymous is not a group of hackers. Members are average internet citizens driven by frustration over daily injustices. They do not seek to steal personal information or credit card details, nor do they intend to attack critical infras
Anonymous Targets WikiLeaks Critics in Operation Payback Campaign

Anonymous Targets WikiLeaks Critics in Operation Payback Campaign

Dec 11, 2010
Do you support WikiLeaks? Are you angry at critics trying to suppress it? Maybe you're considering joining online protests to shut down the websites of its opponents. Don't. A group of vigilantes named Anonymous has turned their Operation Payback campaign, previously targeting antipiracy organizations, on PayPal, Visa, MasterCard, Senator Joe Lieberman, Sarah Palin, and others who have criticized WikiLeaks or stopped doing business with the document-sharing project. The fallout from WikiLeaks has reached a fever pitch since the site began releasing diplomatic cables last month, causing embarrassment for U.S. diplomatic efforts. Launching denial-of-service (DOS) attacks against target websites to send a message and disrupt their operations is the modern-day equivalent of walking the picket line with a sign. However, the electronic version is illegal. "Participating in a botnet with the intention of shutting down a website violates the Computer Fraud and Abuse Act,"
Expert Insights
Cybersecurity Resources