#1 Trusted Cybersecurity News Platform Followed by 3.45+ million
The Hacker News Logo
Subscribe to Newsletter
CrowdSec

Recorded Future | Breaking Cybersecurity News | The Hacker News

Russian Hackers Spotted Targeting U.S. Military Weapons and Hardware Supplier

Russian Hackers Spotted Targeting U.S. Military Weapons and Hardware Supplier
Dec 07, 2022 Password Security / Cyber Threat
A state-sponsored hacking group with links to Russia has been linked to attack infrastructure that spoofs the Microsoft login page of Global Ordnance, a legitimate U.S.-based military weapons and hardware supplier. Recorded Future attributed the new infrastructure to a threat activity group it tracks under the name  TAG-53 , and is broadly known by the cybersecurity community as Blue Callisto , Callisto, COLDRIVER, SEABORGIUM, and TA446. "Based on historical public reporting on overlapping TAG-53 campaigns, it is likely that this credential harvesting activity is enabled in part through phishing," Recorded Future's Insikt Group  said  in a report published this week. The cybersecurity firm said it discovered 38 domains, nine of which contained references to companies like UMO Poland, Sangrail LTD, DTGruelle, Blue Sky Network, the Commission for International Justice and Accountability (CIJA), and the Russian Ministry of Internal Affairs. It's suspected that the t

Hackers Exploiting Abandoned Boa Web Servers to Target Critical Industries

Hackers Exploiting Abandoned Boa Web Servers to Target Critical Industries
Nov 23, 2022
Microsoft on Tuesday disclosed the intrusion activity aimed at Indian power grid entities earlier this year likely involved the exploitation of security flaws in a now-discontinued web server called Boa . The tech behemoth's cybersecurity division  said  the vulnerable component poses a "supply chain risk that may affect millions of organizations and devices." The findings build on a prior report  published  by Recorded Future in April 2022, which delved into a sustained campaign orchestrated by suspected China-linked adversaries to strike critical infrastructure organizations in India. The cybersecurity firm attributed the attacks to a previously undocumented threat cluster called Threat Activity Group 38. While the Indian government described the attacks as unsuccessful "probing attempts," China denied it was behind the campaign. The connections to China stem from the use of a modular backdoor dubbed  ShadowPad , which is known to be shared among several

external linkSay Goodbye to SaaS Blind Spots: Wing Security Unveils Free Discovery Tool

SaaS
websitewww.wing.securitySaaS Security / Attack Surface
Wing Security finds and ranks all SaaS applications completely for free, removing unnecessary risk.

New Chinese Cyberespionage Group Targeting IT Service Providers and Telcos

New Chinese Cyberespionage Group Targeting IT Service Providers and Telcos
Oct 14, 2022
Telecommunications and IT service providers in the Middle East and Asia are being targeted by a previously undocumented Chinese-speaking threat group dubbed WIP19 . The espionage-related attacks are characterized by the use of a stolen digital certificate issued by a Korean company called DEEPSoft to sign malicious artifacts deployed during the infection chain to evade detection. "Almost all operations performed by the threat actor were completed in a 'hands-on keyboard' fashion, during an interactive session with compromised machines," SentinelOne researchers Joey Chen and Amitai Ben Shushan Ehrlich  said  in a report this week. "This meant the attacker gave up on a stable [command-and-control] channel in exchange for stealth." WIP, short for work-in-progress, is the moniker assigned by SentinelOne to emerging or hitherto unattributed activity clusters,  similar  to the UNC####, DEV-####, and TAG-## designations given by Mandiant, Microsoft, and Reco

FIN7 Hackers Leveraging Password Reuse and Software Supply Chain Attacks

FIN7 Hackers Leveraging Password Reuse and Software Supply Chain Attacks
Apr 05, 2022
The notorious cybercrime group known as FIN7 has diversified its initial access vectors to incorporate software supply chain compromise and the use of stolen credentials, new research has revealed. "Data theft extortion or ransomware deployment following FIN7-attributed activity at multiple organizations, as well as technical overlaps, suggests that FIN7 actors have been associated with various ransomware operations over time," incident response firm Mandiant  said  in a Monday analysis. The cybercriminal group, since its emergence in the mid-2010s, has gained notoriety for large-scale malware campaigns targeting the point-of-sale (POS) systems aimed at restaurant, gambling, and hospitality industries with credit card-stealing malware. FIN7's shift in monetization strategy towards ransomware follows an October 2021 report from Recorded Future's Gemini Advisory unit, which  found  the adversary setting up a fake front company named Bastion Secure to recruit unwitt
Cybersecurity Resources