December 5, 2024

Key electricity distributor in Romania warns of ‘cyber attack in progress’

A leading energy services company in Romania has confirmed that it is currently dealing with an ongoing cyberattack. Electrica Group, a company listed on both the Bucharest and London stock exchanges that supplies electricity to over 3.8 million customers in Romania, stated to investors on Monday, alerting them to a “cyber attack in progress.”According to the company’s CEO, Alexandru Chirita, […]
December 3, 2024

Suspected Ukrainian hackers impersonating Russian ministries to spy on industry

According to researchers, a hacker group believed to be linked to Ukraine is conducting a new cyber espionage campaign against the Russian scientific and industrial sectors. The Russian cybersecurity company F.A.C.C.T. detected fraudulent emails that appeared to be from Russia’s Ministry of Industry and Trade. These emails, detailed in a report published on Wednesday, urged local defense industry firms to […]
November 12, 2024

Germany’s cybersecurity is on high alert ahead of elections

Germany is ramping up its cybersecurity efforts ahead of the upcoming elections, with Interior Minister Nancy Faeser emphasizing the importance of strong defenses against cyberattacks and disinformation. She cautioned about potential threats from Russia and other foreign entities, underscoring the need to protect democracy in the digital space.A report from the Federal Office for Information Security highlighted Germany’s susceptibility to […]
November 2, 2024

US continues investigation into Chinese cyber espionage campaign, as Volt Typhoon resurfaces

SecurityScorecard researchers revealed that the Chinese-affiliated threat group Volt Typhoon has rebuilt its botnet, which was disrupted by the FBI in January. In response, the U.S. government disclosed an ongoing cyber espionage campaign by China targeting commercial telecommunications infrastructure. The FBI and CISA confirmed that PRC-linked actors have compromised multiple telecom networks to steal customer call data, intercept private communications, […]
October 22, 2024

Mexican airport operator purportedly breached by RansomHub

Mexico’s Grupo Aeroportuario del Centro Norte (OMA), which manages over a dozen airports across the country, has reportedly fallen victim to the RansomHub ransomware operation. The threat actors have claimed responsibility for the breach, alleging possession of 3 TB of sensitive data and warning of its exposure should the company fail to comply with their ransom demands, according to The […]
October 2, 2024

Ukrainian pleads guilty to operating Raccoon Stealer malware

Ukrainian national Mark Sokolovsky has admitted guilt in connection with his participation in the Raccoon Stealer malware cybercrime scheme. Sokolovsky and his accomplices disseminated Raccoon Stealer through a Malware-as-a-Service (MaaS) model, enabling cybercriminals to lease the malware for $75 per week or $200 per month. The malware is designed to exfiltrate a broad spectrum of sensitive data from compromised devices, […]
September 24, 2024

Global infostealer malware operation targets crypto users, gamers

A large-scale information-stealing malware operation, comprising thirty distinct campaigns and targeting a wide range of user demographics and system platforms, has been identified and attributed to a cybercriminal group known as “Marko Polo.”The threat actors employ multiple distribution methods, including malicious advertising (malvertising), spearphishing, and brand impersonation within the online gaming, cryptocurrency, and software sectors, to disseminate fifty malware variants, […]
September 20, 2024

New Linux malware Hadooken targets Oracle WebLogic servers

Aqua Security’s Nautilus research team recently reported the emergence of a new Linux malware called Hadooken. This malware specifically targets Oracle WebLogic servers to deploy additional malicious software and extract credentials for lateral movement within compromised networks.The Hadooken malware is disseminated through attacks that exploit vulnerabilities associated with weak passwords to gain initial access. Once attackers infiltrate a WebLogic server, […]
August 29, 2024

China’s Volt Typhoon Hackers Caught Exploiting Zero-Day in Servers Used by ISPs, MSPs

Security researchers at Lumen Technologies have identified Chinese APT group Volt Typhoon leveraging a newly discovered zero-day vulnerability in Versa Director servers to compromise credentials and infiltrate downstream customer networks.The critical vulnerability, CVE-2024-39717, was recently added to the Cybersecurity and Infrastructure Security Agency’s (CISA) list of mandatory patches. Versa Networks confirmed the active exploitation of the zero-day and issued a […]