A recently identified strain of ransomware, dubbed “White Rabbit,” has emerged, likely linked to the financially motivated threat actor known as FIN8. This malware was reportedly employed in an attack against a U.S.-based local bank in December 2021. According to research by Trend Micro, the technical characteristics of White Rabbit…
Recent cybersecurity reports have surfaced detailing a series of SQL injection attacks attributed to a newly identified hacker group named GambleForce. This group has predominantly targeted organizations across the Asia-Pacific (APAC) region since September 2023, raising significant concerns regarding the vulnerabilities in web application security practices. According to Group-IB, a…
In an alarming series of spear-phishing attacks between October and November 2021, the Russia-linked advanced persistent threat group APT29 targeted European diplomatic missions and Ministries of Foreign Affairs. This activity showcases a troubling trend of cyberespionage aimed at sensitive political partners. ESET’s T3 2021 Threat Report, provided to The Hacker…
Targeted Attacks on Vulnerable Microsoft SQL Servers Uncovered Recent cybersecurity reports indicate that threat actors are actively exploiting vulnerable internet-facing Microsoft SQL (MS SQL) Servers as part of a disturbing new campaign. This effort aims to install the Cobalt Strike adversary simulation tool on compromised systems, revealing serious implications for…
The Emotet botnet, notorious for its insidious operations, resurged in November 2021 after a significant period of inactivity, accumulating over 100,000 compromised hosts. The botnet’s activities have demonstrated a steady increase, indicating a troubling return to form for this malware. According to researchers from Lumen’s Black Lotus Labs, since its…
Google’s Threat Analysis Group (TAG) has identified a new initial access broker known as “Exotic Lily,” linked to a notorious Russian cybercrime group famed for its participation in Conti and Diavol ransomware operations. The emergence of this threat actor raises serious concerns regarding cybersecurity practices across multiple sectors. Exotic Lily…
A Belarusian cyber group known as Ghostwriter (also referred to as UNC1151) has been identified exploiting the recently uncovered browser-in-the-browser (BitB) technique in ongoing credential phishing attacks linked to the persistent Russo-Ukrainian conflict. This method employs a deceptive simulation of a browser window that appears legitimate, allowing attackers to execute…
A Hive ransomware incident recently targeted an unspecified organization, leveraging vulnerabilities in Microsoft Exchange Server known as “ProxyShell” to conduct a swift attack that culminated in network encryption within 72 hours of initial compromise. This information was shared by Nadav Ovadia, a security researcher from Varonis, in a detailed post-mortem…
Recent research has revealed that the notorious ransomware group known as Conti continues to target various organizations despite experiencing a substantial data breach of its own earlier this year. This information underscores the resilience of Conti, which is believed to be orchestrated by a Russian cyber actor identified as Gold…
