OPSEC | Breaking Cybersecurity News | The Hacker News

North Korean nation-state actors affiliated with the Reconnaissance General Bureau (RGB) have been attributed to the  JumpCloud hack  following an operational security (OPSEC) blunder that exposed their actual IP address. Google-owned threat intelligence firm Mandiant attributed the activity to a threat actor it tracks under the name UNC4899, which likely shares overlaps with clusters already being monitored as Jade Sleet and TraderTraitor, a group with a history of striking blockchain and cryptocurrency sectors. UNC4899 also overlaps with  APT43 , another hacking crew associated with the Democratic People's Republic of Korea (DPRK) that was unmasked earlier this March as conducting a series of campaigns to gather intelligence and siphon cryptocurrency from targeted companies. The adversarial collective's modus operandi is characterized by the use of Operational Relay Boxes ( ORBs ) using L2TP IPsec tunnels along with commercial VPN providers to disguise the attacker's

A financially motivated threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards. Threat intelligence and incident response firm Mandiant is tracking the cluster under the moniker UNC2891, with some of the group's tactics, techniques, and procedures sharing overlaps with that of another cluster dubbed  UNC1945 . The intrusions staged by the actor involve "a high degree of OPSEC and leverage both public and private malware, utilities, and scripts to remove evidence and hinder response efforts," Mandiant researchers  said  in a new report published this week. Even more concerningly, the attacks spanned several years in some cases, during the entirety of which the actor remained undetected by taking advantage of a rootkit called CAKETAP, whic is designed to c