The Breach News

BlueBravo Targets European Diplomats with GraphicalProton Backdoor July 28, 2023 Cyber Espionage / Malware The Russian state-sponsored group known as BlueBravo has been detected attacking diplomatic entities in Eastern Europe with the intent of deploying a new backdoor malware dubbed GraphicalProton. This move highlights the ongoing evolution of cyber threats, according to a recent report from Recorded Future. The phishing campaign, active from March to May 2023, employs legitimate internet services (LIS) to obscure command-and-control (C2) activities. BlueBravo, also referred to as APT29, Cloaked Ursa, and Midnight Blizzard (formerly Nobelium), is linked to Russia’s Foreign Intelligence Service (SVR) and has historically utilized platforms like Dropbox, Firebase, Google Drive, Notion, and Trello to bypass detection and maintain covert communication with compromised systems. GraphicalProton marks the latest in a series of malware targeting diplomatic organizations, following GraphicalNeutrino (SNOWYAMBER), HALFRIG, and QUARTERRIG.

BlueBravo Deploys GraphicalProton Backdoor Targeting European Diplomatic Entities On July 28, 2023, reports emerged detailing a sophisticated cyber espionage campaign orchestrated by the Russian state-sponsored group known as BlueBravo. This threat actor has turned its focus towards diplomatic institutions located in Eastern Europe, utilizing a newly developed backdoor named GraphicalProton.…

Read MoreBlueBravo Targets European Diplomats with GraphicalProton Backdoor July 28, 2023 Cyber Espionage / Malware The Russian state-sponsored group known as BlueBravo has been detected attacking diplomatic entities in Eastern Europe with the intent of deploying a new backdoor malware dubbed GraphicalProton. This move highlights the ongoing evolution of cyber threats, according to a recent report from Recorded Future. The phishing campaign, active from March to May 2023, employs legitimate internet services (LIS) to obscure command-and-control (C2) activities. BlueBravo, also referred to as APT29, Cloaked Ursa, and Midnight Blizzard (formerly Nobelium), is linked to Russia’s Foreign Intelligence Service (SVR) and has historically utilized platforms like Dropbox, Firebase, Google Drive, Notion, and Trello to bypass detection and maintain covert communication with compromised systems. GraphicalProton marks the latest in a series of malware targeting diplomatic organizations, following GraphicalNeutrino (SNOWYAMBER), HALFRIG, and QUARTERRIG.

Escalating Risks of Malware and DDoS Attacks Targeting Government Agencies

In July 2024, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued stark warnings regarding a surge in Distributed Denial of Service (DDoS) attacks on election-related infrastructure. SonicWall, a cybersecurity firm, reports a significant escalation in such attacks throughout the year, forecasting a 32% increase in incidents compared…

Read MoreEscalating Risks of Malware and DDoS Attacks Targeting Government Agencies

Potential Responses of Global Threat Actors to a Second Trump Administration

Cybercrime, Fraud Management & Cybercrime, Government Experts Anticipate Escalating Cyber Threats as Trump Eyes Second Term Chris Riotta (@chrisriotta) • November 11, 2024 Experts warn of intensified Russian attacks on countries aligning with the European Union. (Image: Shutterstock) As speculation grows around a potential second term for former President Donald…

Read MorePotential Responses of Global Threat Actors to a Second Trump Administration

Financial Market Updates: Stock & Share News, Economy Insights, Sensex, Nifty, Global Market Trends, and Live IPO Highlights on NSE and BSE

Major Cybersecurity Incident Targets Agricultural Sector in the U.S. In a recent worrying development, a significant cyber attack has struck a company in the agricultural sector based in the United States. This incident highlights the growing vulnerability of organizations that play a critical role in food production and supply, especially…

Read MoreFinancial Market Updates: Stock & Share News, Economy Insights, Sensex, Nifty, Global Market Trends, and Live IPO Highlights on NSE and BSE

Title: Exploring a Data Exfiltration Attack: Insights from the Porsche Experience Date: July 28, 2023 Category: Cyber Attack / Vulnerability In line with Checkmarx’s mission to enhance secure software development, our Security Research team examined the security measures of prominent car manufacturers. Given Porsche’s comprehensive Vulnerability Reporting Policy, we chose to focus our research there. Our investigation uncovered a potential attack scenario stemming from the combination of security vulnerabilities identified across various Porsche assets, including a website and a GraphQL API, which could facilitate data exfiltration. Data exfiltration poses a significant threat to any business or organization, regardless of its size, as it can lead to severe consequences when malicious individuals gain unauthorized access to sensitive data. Porsche maintains a varied online presence, featuring numerous microsites, websites, and web applications, with The Porsche Experience being one such platform that caters to registered users.

Data Exfiltration Attack Scenario: The Porsche Experience July 28, 2023 In recent investigations aimed at assessing the security frameworks of major automotive manufacturers, the Security Research team at Checkmarx has focused its attention on Porsche. Recognized for its robust Vulnerability Reporting Policy, Porsche was deemed a crucial candidate for analysis.…

Read MoreTitle: Exploring a Data Exfiltration Attack: Insights from the Porsche Experience Date: July 28, 2023 Category: Cyber Attack / Vulnerability In line with Checkmarx’s mission to enhance secure software development, our Security Research team examined the security measures of prominent car manufacturers. Given Porsche’s comprehensive Vulnerability Reporting Policy, we chose to focus our research there. Our investigation uncovered a potential attack scenario stemming from the combination of security vulnerabilities identified across various Porsche assets, including a website and a GraphQL API, which could facilitate data exfiltration. Data exfiltration poses a significant threat to any business or organization, regardless of its size, as it can lead to severe consequences when malicious individuals gain unauthorized access to sensitive data. Porsche maintains a varied online presence, featuring numerous microsites, websites, and web applications, with The Porsche Experience being one such platform that caters to registered users.

Malicious Python Package Steals AWS Credentials

Security Operations Developers’ Credentials Compromised Through Typosquatted ‘Fabric’ Library Prajeet Nair (@prajeetspeaks) • November 11, 2024 Image: Shutterstock A deceptive Python package, masquerading as a popular SSH automation library, has been active on the PyPi repository since 2021. This malicious package is designed to distribute payloads that compromise user credentials…

Read MoreMalicious Python Package Steals AWS Credentials

Amazon Confirms Data Breach Exposes 2.8 Million Lines of Employee Information

Amazon has confirmed that 2.8 million lines of employee data were compromised in a recent data breach. AFP via Getty Images In a troubling revelation highlighting the ongoing repercussions of the MOVEit vulnerability discovered in 2023, Amazon has acknowledged that sensitive employee data was exposed via a breach associated with…

Read MoreAmazon Confirms Data Breach Exposes 2.8 Million Lines of Employee Information

STARK#MULE Cyber Campaign Targets Korean Speakers with U.S. Military-Themed Malware Documents

July 28, 2023
Cyber Attack / Malware

A persistent cyber attack campaign identified as STARK#MULE is aimed at Korean-speaking individuals, using U.S. Military-themed documents to lure victims into executing malware on compromised systems. Cybersecurity firm Securonix has been monitoring this activity, though the full extent of the attacks remains unclear and it is unknown if any of them have successfully compromised systems. Security researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov noted in a report shared with The Hacker News that these attacks are reminiscent of previous ones linked to North Korean groups like APT37, which has historically targeted South Korea, particularly its government officials. APT37, also known by various aliases including Nickel Foxcroft, Reaper, Ricochet Chollima, and ScarCruft, is recognized as a North Korean state-sponsored actor focused on southern targets.

STARK#MULE Targets Koreans with U.S. Military-Themed Document Lures In a notable development in cyber threats, a new campaign has emerged targeting Korean-speaking individuals through the use of U.S. military-themed documents designed to deliver malware. Cybersecurity experts from Securonix have named the campaign STARK#MULE and are actively monitoring its activities. While…

Read More

STARK#MULE Cyber Campaign Targets Korean Speakers with U.S. Military-Themed Malware Documents

July 28, 2023
Cyber Attack / Malware

A persistent cyber attack campaign identified as STARK#MULE is aimed at Korean-speaking individuals, using U.S. Military-themed documents to lure victims into executing malware on compromised systems. Cybersecurity firm Securonix has been monitoring this activity, though the full extent of the attacks remains unclear and it is unknown if any of them have successfully compromised systems. Security researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov noted in a report shared with The Hacker News that these attacks are reminiscent of previous ones linked to North Korean groups like APT37, which has historically targeted South Korea, particularly its government officials. APT37, also known by various aliases including Nickel Foxcroft, Reaper, Ricochet Chollima, and ScarCruft, is recognized as a North Korean state-sponsored actor focused on southern targets.