admin

admin

  • Joined: September 10, 2024
  • Articles: 4644

Czech Republic Accuses China-Linked APT31 Hackers in 2022 Cyberattack on Foreign Ministry

May 28, 2025
Cybersecurity / Cyber Espionage

On Wednesday, the Czech Republic officially charged a threat actor connected to the People’s Republic of China (PRC) with a cyber intrusion targeting its Ministry of Foreign Affairs. In a public announcement, the government revealed that it identified China as responsible for a malicious campaign affecting one of the Ministry’s unclassified networks. The full scope of the breach remains unclear. “The malicious activity […] began in 2022 and impacted an institution designated as critical infrastructure in the Czech Republic,” the statement said. The attack has been linked to the state-sponsored group APT31, which overlaps with threat clusters known as Altaire, Bronze Vinewood, Judgement Panda, PerplexedGoblin, RedBravo, Red Keres, and Violet Typhoon (formerly Zirconium). This hacking group, publicly associated with the Ministry of State Security (MSS) and the Hubei State Security Department, has been active since at least 2010, according to the U.S. Department of…

Czech Republic Accuses China-Linked APT31 of 2022 Cyberattack On May 28, 2025, the Czech Republic’s government officially attributed a cyberattack that took place in 2022 to a state-sponsored actor linked to the People’s Republic of China (PRC). The targeted entity…

CISA Updates KEV Catalog with 3 New Vulnerabilities Affecting AMI MegaRAC, D-Link, and Fortinet

On June 26, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added three security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, all of which are subject to active exploitation. These vulnerabilities affect AMI MegaRAC, D-Link DIR-859 routers, and Fortinet FortiOS. The details of the vulnerabilities are as follows:

  • CVE-2024-54085 (CVSS score: 10.0): An authentication bypass vulnerability in the Redfish Host Interface of AMI MegaRAC SPx, which could enable a remote attacker to gain control.
  • CVE-2024-0769 (CVSS score: 5.3): A path traversal vulnerability in D-Link DIR-859 routers that facilitates privilege escalation and unauthorized control (currently unpatched).
  • CVE-2019-6693 (CVSS score: 4.2): A hard-coded cryptographic key issue in FortiOS, FortiManager, and FortiAnalyzer used for encrypting password data in CLI configurations, potentially allowing an attacker with access to the CLI configuration or backup file to decrypt sensitive information.

CISA Updates KEV Catalog with Three Critical Vulnerabilities Affecting AMI MegaRAC, D-Link, and Fortinet On June 26, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) expanded its Known Exploited Vulnerabilities (KEV) catalog to include three significant security flaws. These…

New HTML Smuggling Scheme Distributes DCRat Malware to Russian-Speaking Users

On September 27, 2024

GenAI / Cybercrime

A recent campaign is specifically targeting Russian-speaking users by spreading the DCRat malware (also known as DarkCrystal RAT) through a method known as HTML smuggling. This marks the first instance of this malware being delivered via this technique, shifting away from traditional methods such as compromised websites or phishing emails that included malicious PDF attachments or Excel documents with macros. “HTML smuggling serves primarily as a means of delivering the payload,” explained Netskope researcher Nikhil Hegde in an analysis released Thursday. “The payload can either be embedded directly within the HTML or fetched from an external source.” The HTML files can be distributed via fake websites or malicious spam emails. When victims open the file in their web browser, the hidden payload is decoded and downloaded to their system. The success of this attack relies significantly on social engineering tactics to persuade the victim to execute the file.

New HTML Smuggling Campaign Targets Russian-Speaking Users with DCRat Malware September 27, 2024 GenAI / Cybercrime A recent cybersecurity development highlights a targeted campaign aimed at Russian-speaking users, delivering the commodity trojan known as DCRat, also referred to as DarkCrystal…

Iranian Hacker Admits Guilt in $19 Million Robbinhood Ransomware Attack Targeting Baltimore

Date: May 28, 2025
Category: Ransomware / Data Breach

An Iranian national has acknowledged his involvement in a major ransomware and extortion operation linked to the Robbinhood ransomware in the U.S. Sina Gholinejad (also known as Sina Ghaaf), 37, along with his accomplices, infiltrated the computer networks of multiple U.S. organizations, encrypting files and demanding Bitcoin ransoms. Arrested in North Carolina in early January, Gholinejad pleaded guilty to charges of computer fraud and abuse, as well as conspiracy to commit wire fraud. He faces up to 30 years in prison, with his sentencing set for August 2025. The U.S. Department of Justice reported that these cyberattacks led to significant disruptions and financial losses exceeding $19 million for cities like Greenville, North Carolina, and Baltimore, Maryland.

Iranian Hacker Pleads Guilty in $19 Million Robbinhood Ransomware Attack on Baltimore May 28, 2025 In a significant development in the realm of cybersecurity, an Iranian national, Sina Gholinejad, has entered a guilty plea in the United States for his…

Severe RCE Vulnerabilities in Cisco ISE and ISE-PIC Enable Unauthenticated Attackers to Obtain Root Access

Jun 26, 2025
Vulnerability, Network Security

Cisco has issued updates to resolve two critical security vulnerabilities in the Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that may allow unauthenticated attackers to execute arbitrary commands with root privileges. These vulnerabilities, identified as CVE-2025-20281 and CVE-2025-20282, both carry a maximum CVSS score of 10.0. Here’s a detailed overview of the vulnerabilities:

  • CVE-2025-20281: A remote code execution flaw impacting Cisco ISE and ISE-PIC versions 3.3 and later, enabling an unauthenticated attacker to execute arbitrary code on the system as root.

  • CVE-2025-20282: A remote code execution vulnerability in Cisco ISE and ISE-PIC version 3.4 that allows an unauthenticated attacker to upload arbitrary files to the device and execute them as root.

Cisco has indicated that CVE-2025-20281 stems from inadequate…

Cisco Addresses Critical RCE Vulnerabilities in ISE and ISE-PIC On June 26, 2025, Cisco issued urgent updates to mitigate two severe vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). These flaws could allow unauthenticated remote…

Microsoft Flags Storm-0501 as a Significant Threat in Hybrid Cloud Ransomware Operations

September 27, 2024
Ransomware / Cloud Security

Microsoft has identified the cyber group Storm-0501 as a noteworthy threat, targeting key sectors such as government, manufacturing, transportation, and law enforcement in the United States. Their sophisticated, multi-stage attack strategy is designed to infiltrate hybrid cloud environments, allowing attackers to move laterally from on-premises systems to the cloud. This approach leads to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. According to Microsoft’s threat intelligence team, Storm-0501 operates as a financially driven cybercriminal organization, utilizing both commodity and open-source tools for their ransomware activities. Active since 2021, they initially focused on educational institutions with the Sabbath ransomware before transitioning to a ransomware-as-a-service (RaaS) model, distributing various ransomware variants including Hive, BlackCat (ALPHV), Hunters International, LockBit, and Embargo ransomware.

Microsoft Flags Storm-0501 as Significant Threat in Hybrid Cloud Ransomware Incidents On September 27, 2024, Microsoft announced a notable increase in ransomware attacks orchestrated by the threat actor known as Storm-0501, which has predominantly targeted integral sectors such as government,…