SafePay Claims Ingram Micro Breach, Sets Ransom Deadline In a recent cybersecurity incident, SafePay has publicly accused Ingram Micro of suffering a significant data breach. The company, known for its global technology distribution, appears to be under threat after SafePay set a ransom deadline, escalating the urgency of the situation.…
Feb 25, 2025
Malware / Cyber Espionage
A new campaign targeting opposition activists in Belarus and Ukrainian military and government entities is using malware-laden Microsoft Excel documents to spread a new variant of PicassoLoader. This operation appears to be an extension of an ongoing effort by the Belarus-aligned threat actor known as Ghostwriter (also referred to as Moonscape, TA445, UAC-0057, and UNC1151), which has been active since 2016. Ghostwriter is believed to align with Russian security interests and promote anti-NATO narratives.
“Preparation for the campaign began in July-August 2024, with active operations starting in November-December 2024,” stated SentinelOne researcher Tom Hegel in a technical report shared with The Hacker News. “Recent findings regarding malware samples and command-and-control (C2) infrastructure suggest that the operation continues to be active.” The attack chain, as analyzed by the cybersecurity firm, is initiated via a Google Drive shared link.
Belarus-Linked Ghostwriter Exploits Obfuscated Excel Macros to Distribute Malware February 25, 2025 Malware / Cyber Espionage A newly uncovered cyber campaign has emerged, targeting opposition activists in Belarus alongside military and governmental entities in Ukraine. This operation utilizes malware-infused Microsoft Excel documents to disseminate a variant of PicassoLoader, a malicious…
Feb 25, 2025
Malware / Cyber Espionage
A new campaign targeting opposition activists in Belarus and Ukrainian military and government entities is using malware-laden Microsoft Excel documents to spread a new variant of PicassoLoader. This operation appears to be an extension of an ongoing effort by the Belarus-aligned threat actor known as Ghostwriter (also referred to as Moonscape, TA445, UAC-0057, and UNC1151), which has been active since 2016. Ghostwriter is believed to align with Russian security interests and promote anti-NATO narratives.
“Preparation for the campaign began in July-August 2024, with active operations starting in November-December 2024,” stated SentinelOne researcher Tom Hegel in a technical report shared with The Hacker News. “Recent findings regarding malware samples and command-and-control (C2) infrastructure suggest that the operation continues to be active.” The attack chain, as analyzed by the cybersecurity firm, is initiated via a Google Drive shared link.
The Everest ransomware group has publicly claimed responsibility for a significant breach of Mailchimp, a widely used marketing platform for email campaigns and newsletters. This incident highlights ongoing vulnerabilities in the landscape of cybersecurity, particularly for companies reliant on digital marketing services. In a recent announcement on its dark web…
In Brief: ToolShell’s Impact in South Africa and Rise of Online Fraud in the U.S. Anviksha More (AnvikshaMore) • July 31, 2025 Every week, Information Security Media Group compiles notable cybersecurity incidents from around the globe. This week’s report dives into claims that the Chinese government may have accessed ToolShell…
Understanding Data Exfiltration Risks: A Wake-Up Call for Law Firms In a rapidly evolving digital landscape, law firms are facing increasing threats from data exfiltration. Recently, a comprehensive analysis highlighted critical vulnerabilities within this sector, exposing them to significant cybersecurity risks. With sensitive client information at stake, the ramifications of…
New Variants of SparrowDoor Backdoor Discovered in Cyberattacks on U.S. and Mexican Organizations
March 26, 2025
Malware / Vulnerability
The Chinese threat actor known as FamousSparrow has been implicated in a cyberattack targeting a U.S. trade group and a research institute in Mexico, leveraging its primary backdoor, SparrowDoor, along with ShadowPad. This activity, observed in July 2024, marks the first deployment of ShadowPad by the group, a malware commonly associated with Chinese state-sponsored attackers. ESET reported that “FamousSparrow introduced two new, undocumented versions of the SparrowDoor backdoor, one of which is modular.” These iterations show significant advancements, including the ability to execute commands in parallel. FamousSparrow was first identified by the Slovak cybersecurity firm in September 2021 during a series of attacks against hotels, governments, engineering firms, and law practices, utilizing the exclusive SparrowDoor implant. Subsequent reports have highlighted the adversarial group’s expanding footprint…
New Variants of SparrowDoor Backdoor Discovered in Cyberattacks on U.S. and Mexican Entities March 26, 2025 A notable cyber incident has linked the Chinese threat actor known as FamousSparrow to an attack on a U.S.-based trade organization and a research institute in Mexico. The attack, which occurred in July 2024,…
New Variants of SparrowDoor Backdoor Discovered in Cyberattacks on U.S. and Mexican Organizations
March 26, 2025
Malware / Vulnerability
The Chinese threat actor known as FamousSparrow has been implicated in a cyberattack targeting a U.S. trade group and a research institute in Mexico, leveraging its primary backdoor, SparrowDoor, along with ShadowPad. This activity, observed in July 2024, marks the first deployment of ShadowPad by the group, a malware commonly associated with Chinese state-sponsored attackers. ESET reported that “FamousSparrow introduced two new, undocumented versions of the SparrowDoor backdoor, one of which is modular.” These iterations show significant advancements, including the ability to execute commands in parallel. FamousSparrow was first identified by the Slovak cybersecurity firm in September 2021 during a series of attacks against hotels, governments, engineering firms, and law practices, utilizing the exclusive SparrowDoor implant. Subsequent reports have highlighted the adversarial group’s expanding footprint…
Cyberattacks on U.S. Cities Increasingly Disruptive: Recent Incidents in Abilene and St. Paul In recent months, U.S. cities have been facing a surge in hacking incidents, many of which involve ransomware attacks that disrupt essential services and carry significant financial burdens. Abilene, Texas, recently experienced a serious breach wherein 477…
3rd Party Risk Management, Data Breach Notification, Data Security Firm Confirms Ransom Payment for Assurance of Data Deletion Following Cyber Incident Marianne Kolbasuk McGee (HealthInfoSec) • July 30, 2025 Image: Getty Images Two law firms situated in Florida, with additional offices across the U.S., are alerting 282,100 individuals about potential…
Irish Supreme Court Eases Path for Data Breach Claims: A Shift Towards Mass Litigation? In a landmark decision, the Irish Supreme Court has eliminated a critical procedural obstacle in the pursuit of data breach claims, potentially paving the way for an increase in mass claims across the nation. This ruling…
