The Breach News

APT-C-60 Hackers Target StatCounter and Bitbucket in SpyGlace Malware Campaign

On November 27, 2024, JPCERT/CC reported that the APT-C-60 threat group has executed a cyberattack against an undisclosed organization in Japan, utilizing a job application guise to deploy the SpyGlace backdoor. This operation, which took place in August 2024, exploited legitimate platforms such as Google Drive, Bitbucket, and StatCounter.

The phishing scheme involved an email disguised as correspondence from a potential employee, which was sent to the organization’s recruitment team, ultimately leading to malware infiltration. APT-C-60, believed to be aligned with South Korea, commonly targets East Asian nations. During the attack, the group exploited a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262) to introduce the SpyGlace backdoor. JPCERT/CC’s findings detail how the attack chain unfolded, beginning with a phishing email linking to a file on Goo…

APT-C-60 Hackers Target Japanese Organization with SpyGlace Malware Campaign On November 27, 2024, cybersecurity experts at JPCERT/CC reported a sophisticated cyber attack tied to the APT-C-60 hacker group, which has gained notoriety for its ties to South Korean cyber espionage activities. This recent intrusion specifically targeted an unnamed organization based…

Read More

APT-C-60 Hackers Target StatCounter and Bitbucket in SpyGlace Malware Campaign

On November 27, 2024, JPCERT/CC reported that the APT-C-60 threat group has executed a cyberattack against an undisclosed organization in Japan, utilizing a job application guise to deploy the SpyGlace backdoor. This operation, which took place in August 2024, exploited legitimate platforms such as Google Drive, Bitbucket, and StatCounter.

The phishing scheme involved an email disguised as correspondence from a potential employee, which was sent to the organization’s recruitment team, ultimately leading to malware infiltration. APT-C-60, believed to be aligned with South Korea, commonly targets East Asian nations. During the attack, the group exploited a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262) to introduce the SpyGlace backdoor. JPCERT/CC’s findings detail how the attack chain unfolded, beginning with a phishing email linking to a file on Goo…

“IBM Report Reveals India’s Average Data Breach Cost Reaches ₹220 Million in 2025, Highlights AI Security Vulnerabilities” – Business Today

India’s Cybersecurity Landscape: Average Data Breach Costs Reach ₹220 Million by 2025, IBM Report Reveals A recent report released by IBM reveals alarming trends in the cybersecurity landscape of India, indicating that the average cost of data breaches is projected to escalate to ₹220 million by the year 2025. This…

Read More“IBM Report Reveals India’s Average Data Breach Cost Reaches ₹220 Million in 2025, Highlights AI Security Vulnerabilities” – Business Today

Hackers Exploit Microsoft Teams to Distribute Enhanced Matanbuchus 3.0 Malware to Targeted Companies

July 16, 2025
Threat Intelligence / Vulnerability

Cybersecurity researchers have identified a new variant of the established malware loader Matanbuchus, which boasts enhanced stealth features to evade detection. Matanbuchus, a malware-as-a-service (MaaS) offering, serves as a launchpad for various next-stage payloads, including Cobalt Strike beacons and ransomware. Initially advertised in February 2021 on Russian-speaking cybercrime forums for a rental fee of $2,500, the malware has been utilized in ClickFix-like schemes to deceive users into visiting compromised yet legitimate sites. Over time, Matanbuchus’ delivery methods have evolved, incorporating phishing emails with malicious Google Drive links, drive-by downloads from compromised websites, harmful MSI installers, and malvertising. It has been instrumental in deploying numerous secondary payloads such as DanaBot, QakBot, and Cobalt Strike, all of which are precursors to ransomware attacks.

Hackers Exploit Microsoft Teams to Distribute Matanbuchus 3.0 Malware Targeting Businesses August 16, 2025 In a concerning development within the realm of cybersecurity, researchers have identified a new variant of the Matanbuchus malware loader, which has been refined to enhance its stealth and evade detection by security systems. Matanbuchus represents…

Read More

Hackers Exploit Microsoft Teams to Distribute Enhanced Matanbuchus 3.0 Malware to Targeted Companies

July 16, 2025
Threat Intelligence / Vulnerability

Cybersecurity researchers have identified a new variant of the established malware loader Matanbuchus, which boasts enhanced stealth features to evade detection. Matanbuchus, a malware-as-a-service (MaaS) offering, serves as a launchpad for various next-stage payloads, including Cobalt Strike beacons and ransomware. Initially advertised in February 2021 on Russian-speaking cybercrime forums for a rental fee of $2,500, the malware has been utilized in ClickFix-like schemes to deceive users into visiting compromised yet legitimate sites. Over time, Matanbuchus’ delivery methods have evolved, incorporating phishing emails with malicious Google Drive links, drive-by downloads from compromised websites, harmful MSI installers, and malvertising. It has been instrumental in deploying numerous secondary payloads such as DanaBot, QakBot, and Cobalt Strike, all of which are precursors to ransomware attacks.

THN Weekly Update: Key Cybersecurity Threats, Tools, and Insights (Nov 25 – Dec 1)

Dec 02, 2024
Cyber Threats / Weekly Summary

Curious about the constant activity in the digital realm? Here’s a startling fact: hackers launch around 2,200 attacks daily, meaning there’s an attempt to breach a system every 39 seconds. While we typically focus on conventional hackers, sophisticated AI now creates phishing emails so realistic that even seasoned cybersecurity experts struggle to identify them. Even more alarming, some new malware acts like a digital chameleon, adapting to evade detection by monitoring efforts to eliminate it. This week’s recap is filled with captivating insights that will change how you view technology.

Threat Highlight:
T-Mobile Detects Unauthorized Access Attempts: The U.S. telecom giant uncovered unusual activity within its network, revealing that there were attempts to infiltrate their systems…

Cybersecurity Threats in Review: Key Developments from Nov 25 – Dec 1, 2024 Hackers are relentless in their pursuit of vulnerabilities within digital infrastructures, launching approximately 2,200 cyberattacks daily. This startling statistic translates to an intrusion attempt every 39 seconds, emphasizing the constant threat faced by organizations today. Compounding this…

Read More

THN Weekly Update: Key Cybersecurity Threats, Tools, and Insights (Nov 25 – Dec 1)

Dec 02, 2024
Cyber Threats / Weekly Summary

Curious about the constant activity in the digital realm? Here’s a startling fact: hackers launch around 2,200 attacks daily, meaning there’s an attempt to breach a system every 39 seconds. While we typically focus on conventional hackers, sophisticated AI now creates phishing emails so realistic that even seasoned cybersecurity experts struggle to identify them. Even more alarming, some new malware acts like a digital chameleon, adapting to evade detection by monitoring efforts to eliminate it. This week’s recap is filled with captivating insights that will change how you view technology.

Threat Highlight:
T-Mobile Detects Unauthorized Access Attempts: The U.S. telecom giant uncovered unusual activity within its network, revealing that there were attempts to infiltrate their systems…

Leak Uncovers Daily Lives of North Korean IT Scammers

Targeted Data Exploitation of IT Workers Revealed in Recent Findings Recent investigations have unveiled a concerning scheme targeting IT professionals, highlighting a structured operation that gathers and exploits sensitive information. Documented evidence includes detailed listings of potential job opportunities within the IT sector, alongside personal data that suggests a deliberate…

Read MoreLeak Uncovers Daily Lives of North Korean IT Scammers

Vulnerabilities in Axis Security Cameras Allow for Remote Control Access

Endpoint Security, Governance & Risk Management, Internet of Things Security Four Vulnerabilities Expose Over 6,500 Camera Servers to Pre-Authentication Attacks Prajeet Nair (@prajeetspeaks) • August 7, 2025 An Axis 360-degree surveillance camera mounted on a brick wall in Barcelona, dated Nov. 14, 2017. (Image: Hadrian/Shutterstock) Recent research has identified four…

Read MoreVulnerabilities in Axis Security Cameras Allow for Remote Control Access

Air France-KLM Data Breach Exposes Passenger Information, Raising Concerns Over Phishing and Identity Theft

Home » AIRLINE NEWS » Data Breach at Air France-KLM: Passenger Information Compromised, Raising Phishing and Identity Theft Concerns Published on August 8, 2025 | By: TTW News Desk Image Credit: KLM In a troubling development, the Air France-KLM Group has disclosed a data breach affecting its customer base. The…

Read MoreAir France-KLM Data Breach Exposes Passenger Information, Raising Concerns Over Phishing and Identity Theft