Microsoft Entra | Breaking Cybersecurity News | The Hacker News

Microsoft has shed light on a previously undocumented cluster of malicious activity originating from a Russia-affiliated threat actor dubbed Void Blizzard (aka Laundry Bear) that it said is attributed to "worldwide cloud abuse." Active since at least April 2024, the hacking group is linked to espionage operations mainly targeting organizations that are important to Russian government objectives, including those in government, defense, transportation, media, non-governmental organizations (NGOs), and healthcare sectors in Europe and North America. "They often use stolen sign-in details that they likely buy from online marketplaces to gain access to organizations," the Microsoft Threat Intelligence team said in a report published today. "Once inside, they steal large amounts of emails and files." Attacks mounted by Void Blizzard have been found to disproportionately single out NATO member states and Ukraine, suggesting that the adversary is looking to ...

Cybersecurity researchers are calling attention to a new Linux cryptojacking campaign that's targeting publicly accessible Redis servers. The malicious activity has been codenamed RedisRaider by Datadog Security Labs. "RedisRaider aggressively scans randomized portions of the IPv4 space and uses legitimate Redis configuration commands to execute malicious cron jobs on vulnerable systems," security researchers Matt Muir and Frederic Baguelin said . The end goal of the campaign is to drop a Go-based primary payload that's responsible for unleashing an XMRig miner on compromised systems. The activity entails using a bespoke scanner to identify publicly accessible Redis servers across the internet and then issuing an INFO command to determine if the instances are running on a Linux host. If it's found to be the case, the scanning algorithm proceeds to abuse Redis's SET command to inject a cron job. The malware then uses the CONFIG command to change the Redi...