admin

admin

  • Joined: September 10, 2024
  • Articles: 8823

ShadowSilk Targets 35 Organizations Across Central Asia and APAC via Telegram Bots

August 27, 2025
Malware / Spyware

A threat cluster known as ShadowSilk is responsible for a new wave of attacks aimed at government entities in Central Asia and the Asia-Pacific region. Group-IB has identified nearly 35 victims, primarily focused on data exfiltration. This hacking group shares tools and infrastructure with other threat actors, including YoroTrooper, SturgeonPhisher, and Silent Lynx. The affected organizations are predominantly government bodies, with some incidents involving the energy, manufacturing, retail, and transportation sectors across Uzbekistan, Kyrgyzstan, Myanmar, Tajikistan, Pakistan, and Turkmenistan. “The operation is executed by a bilingual team—Russian-speaking developers linked to older YoroTrooper code and Chinese-speaking operatives leading the intrusions—creating a versatile, multi-regional threat,” state researchers Nikita Rostovcev and Sergei Turner.

ShadowSilk Launches Targeted Cyber Assaults on 35 Organizations Across Central Asia and APAC In a concerning development within the cybersecurity landscape, a threat activity cluster identified as ShadowSilk has executed a series of targeted cyberattacks against government organizations in Central…

Microsoft Alerts Users to Critical “PrintNightmare” Vulnerability Under Active Exploitation

On July 2, 2021, Microsoft confirmed that the “PrintNightmare” remote code execution (RCE) vulnerability in the Windows Print Spooler differs from a previously addressed issue in its recent Patch Tuesday update. The company has observed active attempts to exploit this flaw, tracked under CVE-2021-34527, with a severity rating of 8.8 on the CVSS scale. All Windows versions are affected by this vulnerability. Microsoft stated, “A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations.” Successful exploitation could allow attackers to execute arbitrary code with SYSTEM privileges, enabling them to install programs, manipulate data, or create accounts with full user rights.

Microsoft Alerts on Critical Vulnerability Exploited in the Wild On July 2, 2021, Microsoft confirmed a severe vulnerability, dubbed “PrintNightmare,” affecting the Windows Print Spooler. Unlike a previous issue resolved in its Patch Tuesday update, this vulnerability is distinct and…

Chinese Malware Breaches Reserve Bank of Australia

March 11, 2013

When it comes to computer network security, determined hackers will always find a way in. The Australian Financial Review reported on Monday that the Reserve Bank of Australia (RBA) experienced a breach wherein hackers infiltrated its systems and reportedly stole information using malware linked to China.

Investigations revealed multiple computers were compromised by malicious software aimed at gathering intelligence. Over two days, various RBA staff members, including department heads, received malicious emails. It remains unclear whether the malware was successful in extracting data from the affected systems. This malware included a web link to a compressed file containing a Trojan that previously evaded detection by the RBA’s antivirus software. A spokesperson from the Defence Department remarked, “The government does not discuss specific cyber incidents, activities, or capabilities…”

Reserve Bank of Australia Targeted by Chinese Malware Attack March 11, 2013 In a notable cybersecurity incident, the Reserve Bank of Australia (RBA) has reportedly been compromised by cybercriminals utilizing sophisticated Chinese malware. The attack highlights the vulnerabilities inherent in…

Anthropic Unveils Disruption of AI-Driven Cyberattacks Targeting Key Sectors for Data Theft and Extortion

Date: August 27, 2025
Categories: Cybersecurity / Artificial Intelligence

On Wednesday, Anthropic announced the successful disruption of a sophisticated cyber operation that leveraged its AI-powered chatbot, Claude, for extensive data theft and extortion activities in July 2025. “The perpetrator targeted at least 17 distinct organizations, including those in healthcare, emergency services, government, and religious sectors,” the company reported. Instead of using traditional ransomware to encrypt stolen information, the actor threatened to publicly disclose the data, attempting to coerce victims into paying hefty ransoms—sometimes exceeding $500,000. The attacker reportedly utilized Claude Code on Kali Linux as a comprehensive attack platform, embedding operational instructions in a CLAUDE.md file that maintained ongoing context for each interaction. This unknown threat actor is said to have employed AI with an “unprecedented degree,” utilizing Claude Code, Anthropic’s agentic coding tool, to automate various aspects of the attack.

Anthropic Disrupts AI-Driven Cybercrime Targeting Critical Sectors August 27, 2025 — Cybersecurity On Wednesday, Anthropic disclosed a major disruption of a sophisticated cyber operation that misused its AI-powered chatbot, Claude, to facilitate large-scale data theft and extortion in July 2025.…

Microsoft Releases Urgent Patch for Critical PrintNightmare Vulnerability in Windows

Microsoft has issued an emergency out-of-band security update to address a critical zero-day vulnerability, dubbed “PrintNightmare,” affecting the Windows Print Spooler service. This flaw, tracked as CVE-2021-34527 (with a CVSS score of 8.8), enables remote threat actors to execute arbitrary code and potentially seize control of affected systems. The issue impacts all supported versions of Windows, and the company recently reported active exploitation attempts targeting this vulnerability. According to the CERT Coordination Center, the Windows Print Spooler service does not adequately restrict access to functionalities that allow users to add printers and drivers, thus enabling a remote authenticated attacker to execute arbitrary code with SYSTEM privileges. Notably, PrintNightmare encompasses both remote code execution and local privilege escalation vectors that could be exploited in various attacks.

Microsoft Releases Critical Emergency Patch for PrintNightmare Vulnerability July 7, 2021 Microsoft has announced the urgent deployment of an out-of-band security update aimed at addressing a severe zero-day vulnerability identified as “PrintNightmare.” This flaw, which impacts the Windows Print Spooler…

Iran Intensifies Internet Control by Blocking Most VPN Services

March 11, 2013

For years, Iran has been fortifying its defenses against cyber threats while shielded from the global internet. Many citizens turned to virtual private networks (VPNs) to securely access sites like YouTube and Facebook by evading the country’s stringent internet filters. However, Iranian authorities have recently escalated their crackdown, blocking the majority of VPN services to prevent citizens from bypassing governmental restrictions on online content. Officially, the extensive internet filter aims to protect against what the government deems offensive or criminal material. Ramezanali Sobhani-Fard, chairman of the parliament’s information and communications technology committee, announced, “In recent days, illegal VPN ports have been blocked. From now on, only legal and registered VPNs may be used.” While registered VPN access is still available for purchase, typical usage conditions remain stringent.

Iran Intensifies Crackdown on VPN Access Amid Cybersecurity Concerns March 11, 2013 Iran has escalated its efforts to fortify its internet boundaries by restricting access to most virtual private network (VPN) services, a move that directly impacts citizens seeking to…

Storm-0501 Exploits Entra ID for Azure Data Exfiltration and Deletion in Hybrid Cloud Attacks

August 27, 2025
Ransomware / Cloud Security

The financially motivated threat actor known as Storm-0501 has been observed enhancing its tactics to carry out data exfiltration and extortion attacks in cloud environments. “Unlike traditional on-premises ransomware that relies on deploying malware to encrypt essential files across compromised network endpoints and negotiating for a decryption key, cloud-based ransomware represents a significant change,” noted the Microsoft Threat Intelligence team in a report shared with The Hacker News. “Utilizing cloud-native capabilities, Storm-0501 swiftly exfiltrates substantial data volumes, deletes data and backups within the victim’s environment, and demands ransom—all without conventional malware deployment.” Storm-0501 was initially documented by Microsoft nearly a year ago, focusing on its hybrid cloud ransomware attacks against sectors such as government, manufacturing, transportation, and law enforcement in the U.S.

Storm-0501 Leveraging Entra ID in Sophisticated Hybrid Cloud Attacks August 27, 2025 Ransomware / Cloud Security A financially motivated threat actor known as Storm-0501 has intensified its focus on cloud environments, employing advanced strategies for data exfiltration and extortion. Unlike…

Microsoft’s Emergency Patch Ineffective Against PrintNightmare RCE Vulnerability

July 8, 2021

Microsoft’s attempt to mitigate the notorious PrintNightmare vulnerability across Windows 10 version 1607, Windows Server 2012, and Windows Server 2016 has proven inadequate. Reports indicate that the fix for the remote code execution exploit within the Windows Print Spooler service can still be circumvented under certain conditions, allowing attackers to execute arbitrary code on compromised systems. The company released an emergency out-of-band update for CVE-2021-34527 (CVSS score: 8.8) after researchers from Hong Kong-based cybersecurity firm Sangfor unintentionally disclosed the flaw late last month. Notably, this vulnerability is distinct from another issue, CVE-2021-1675, which Microsoft addressed on June 8. “Several days ago, two security vulnerabilities were identified in Microsoft Windows’ existing printing mechanism,” explained Yaniv Balmas, head of cyber research at C…

Microsoft’s Emergency Patch Fails to Fully Resolve PrintNightmare RCE Vulnerability On July 8, 2021, Microsoft announced the release of an emergency out-of-band update intended to address the PrintNightmare vulnerability, officially identified as CVE-2021-34527. This flaw pertains to a remote code…

Chinese Hackers Breach Indian Defence Research Organisation’s Systems

March 13, 2013

An exclusive report from DNA news reveals a significant security breach within the Defence Research and Development Organisation (DRDO), with Chinese hackers reportedly compromising sensitive computer systems. This intrusion has led to the leak of thousands of classified documents related to the Cabinet Committee on Security, which were found uploaded to a server in Guangdong province, China. Indian Defence Minister A. K. Antony commented, “Intelligence agencies are currently investigating the situation, and I cannot provide further details.” The breach was identified in the first week of March when officials from India’s National Technical Research Organisation (NTRO), in collaboration with private cybersecurity experts, uncovered a file titled “army cyber policy.” This document, linked to hacked email accounts of senior DRDO officials, quickly spread throughout the organization’s network.

Chinese Hackers Breach Indian Defence Research Organisation: A Significant Security Incident March 13, 2013 In a striking revelation reported by DNA News, significant breaches have been detected within the Defence Research and Development Organisation (DRDO) of India, attributed to Chinese…

U.S. Treasury Imposes Sanctions on North Korean IT Worker Scheme, Uncovering $600K in Crypto Transfers and Over $1M in Profits

August 28, 2025
Artificial Intelligence / Malware

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has announced new sanctions against two individuals and two entities linked to North Korea’s remote IT worker scheme, which generates illicit revenue for the regime’s weapons of mass destruction and ballistic missile initiatives. “The North Korean regime continues to exploit American businesses through fraudulent schemes involving overseas IT workers who steal data and extort ransom,” stated John K. Hurley, Under Secretary of the Treasury for Terrorism and Financial Intelligence. “Under President Trump’s administration, the Treasury remains dedicated to safeguarding Americans from these schemes and holding those responsible accountable.” Key individuals targeted include Vitaliy Sergeyevich Andreyev, Kim Ung Sun, Shenyang Geumpungri Network Technology Co., Ltd, and Korea Sinjin Trading Corporation. This initiative broadens the sanctions previously imposed on Chinyong Informat…

U.S. Treasury Imposes Sanctions on North Korean IT Worker Scheme, Unveiling $600K in Cryptocurrency Transfers and Over $1M in Profits On August 28, 2025, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced new sanctions targeting…