March 4, 2024

NTLM authentication hashes are stolen during phishing attacks by hackers

As a result of a recent shift in tactics, the hacking group known as TA577 has employed phishing emails to steal the authentication hashes of NT LAN Manager (NTLM) accounts in order to use them for account hijackings. The NTLM hash is a key component of Windows authentication and session security and can be used for offline password cracking to […]
February 29, 2024

Suspected Iranian Threat Actor UNC1549 Targets Israeli and Middle East Aerospace and Defense Sectors

Suspected Iran-nexus espionage activity targeting the aerospace, aviation and defense industries in Middle East countries, including Israel and the United Arab Emirates (UAE) and potentially Turkey, India, and Albania. Mandiant attributes this activity with moderate confidence to the Iranian actor UNC1549, which overlaps with Tortoiseshell—a threat actor that has been publicly linked to Iran’s Islamic Revolutionary Guard Corps (IRGC). Tortoiseshell […]
February 29, 2024

CISA: Admin Credentials of a Former Employee Leveraged to Compromise a State Government Organization

Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing & Analysis Center (MS-ISAC) conducted an incident response assessment of a state government organization’s network environment after documents with host and user information, including metadata, were posted on a dark web brokerage site. An analysis confirmed that an unknown threat actor compromised network administrator credentials through the account of a […]
February 29, 2024

A North Korean-linked APT group exploited a zero-day vulnerability in the Windows AppLocker driver (appid.sys) to gain kernel-level access to a target system

An APT group linked to North Korea is exploiting a zero-day vulnerability in the appid.sys AppLocker driver using an admin-to-kernel exploit. A zero-day exploit, identified as CVE-2024-21338, was addressed by Microsoft in February. The flaw CVE-2024-21338 resides within the IOCTL (Input and Output Control) dispatcher of the driver appid.sys. In the AppLocker application, this driver controls which apps and files […]
February 29, 2024

Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware

At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances. CVE-2024-21893 is actively exploited. As part of the attack chain, CVE-2024-21893 is combined with a previously disclosed command injection vulnerability tracked as CVE-2024-21887 to gain unauthorized access to vulnerable devices. In […]
February 29, 2024

Black Basta ransomware attacks ZircoDATA company

ZircoDATA is the leading provider of secure document storage and records management (RIM) solutions from information governance and digital conversion to storage, language services and secure shredding since 1995.ZircoDATA has been attacked by the Black Basta Group, claiming 395 GB of data, including financial documents, personal user folders, and confidentiality agreements. There are at least 46 passport scans and 12 […]
June 9, 2023

HWL Ebsworth declare they won’t meet APLHV ransomware gang’s demands

On Friday 9th of June 2023, one of Australia’s largest law firms HWL Ebsworth confirmed to local media outlets that its network was hacked after the ALPHV ransomware gang began leaking data they claim was stolen from the company. The ALPHV ransomware gang has published 1.45 terabytes of data containing over a million documents allegedly stolen from the law firm’s […]
June 8, 2023

MOVEit extortion attacks claimed by Clop ransomware gang

The Clop ransomware gang has confirmed that they are behind the MOVEit Transfer attacks where they have been exploiting a zero-day vulnerability to breach servers belonging to “hundreds of companies” and steal data. It has been revealed that the gang had started exploiting the vulnerability on Saturday 27th of May 2023, during the US Memorial Day holiday. At this time, the […]
June 8, 2023

Japanese pharmaceutical giant Eisai discloses ransomware attack

On Tuesday 6th of June 2023, Eisai, a Tokyo-based pharmaceutical company Eisai disclosed it suffered a ransomware incident over the weekend that impacted its operations following the threat actors encrypting some of its servers. In response to the attack, Eisai has taken many of its IT systems offline to contain the damage and prevent the spread of the locker to […]
Prev page
123456789101112131415161718192021222324252627282930313233343536373839404142
Next page

Collaboration can mitigate the effects of Ransomware Attacks

Archives
Categories
Privacy Policy
RSS NCSC Threat Reports Feed

© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.