Microsoft has recently sounded the alarm over a notably active cyber-crime syndicate identified as ONNX Marketing Services, which has been implicated in distributing advanced phishing email kits. This sophisticated operation poses a significant risk to Microsoft Customer Accounts, potentially leading to unauthorized access across various online platforms and jeopardizing both…
Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime US Cyber Command Reports Over 85 Deployments of National Mission Force in 2024 Chris Riotta ( @chrisriotta) • November 22, 2024 A Marine with Marine Corps Forces Cyberspace Command operates in the cyber operations center at Fort Meade, Maryland, on February 5,…
In anticipation of the 2024 U.S. elections, the U.S. intelligence community and law enforcement agencies are on heightened alert due to emerging foreign influence operations seeking to undermine electoral integrity. Major technology firms, including Microsoft, have proactively engaged with government entities, offering their expertise and insights on disinformation campaigns tied…
In a notable testimony before the US Senate in September, Microsoft President Brad Smith highlighted an increase in digital interference in global elections attributed to Russia, China, and Iran, including efforts directed at the United States. This alarming trend underscores the heightened cyber risks current digital infrastructures face amid geopolitical…
In a recent cybersecurity incident, Volexity uncovered significant insights into a sophisticated intrusion that targeted one of its clients. The investigation initiated after a subsequent breach allowed Volexity to gather more comprehensive logs of the hackers’ activities, ultimately leading to the identification of the source of the attack. Analysts determined…
Breach Notification, Fraud Management & Cybercrime, Healthcare Ransomware Attack Exposes Personal Data of Over 133,000 at Small Oklahoma Hospital Marianne Kolbasuk McGee (HealthInfoSec) • November 19, 2024 Image: Great Plains Regional Medical Center Great Plains Regional Medical Center, a 62-bed facility in Elk City, Oklahoma, experienced a significant ransomware attack…
Identity & Access Management, Security Operations CEOs Jeff Shiner and David Faugno Collaborate to Enhance Access Management on an Enterprise Level Michael Novinson (MichaelNovinson) • November 13, 2024 David Faugno and Jeff Shiner, co-CEOs, 1Password (Images: 1Password) 1Password has appointed a former executive from Qualtrics and Barracuda to the co-CEO…
Turla’s New ‘DeliveryCheck’ Backdoor Compromises Ukrainian Defense Sector
On July 20, 2023, reports emerged of a sophisticated .NET-based backdoor known as DeliveryCheck (also referred to as CAPIBAR or GAMEDAY) targeting the defense sector in Ukraine and Eastern Europe. Attributed to the Russian nation-state actor Turla—also recognized by aliases such as Iron Hunter, Secret Blizzard (formerly Krypton), Uroburos, Venomous Bear, and Waterbug—this malware is associated with Russia’s Federal Security Service (FSB). According to the Microsoft threat intelligence team, in partnership with the Computer Emergency Response Team of Ukraine (CERT-UA), DeliveryCheck is distributed through malicious email attachments containing harmful macros. The backdoor maintains persistence via a scheduled task that downloads and executes it in memory. Additionally, it connects to a command-and-control (C2) server to receive instructions, which may include deploying various payloads embedded within XSLT stylesheets. Successful initial accesses are sometimes accompanied by additional malicious activities.
New Threat Discovered: Turla’s DeliveryCheck Backdoor Targets Ukrainian Defense Infrastructure On July 20, 2023, cybersecurity experts revealed a new threat targeting the defense sector in Ukraine and Eastern Europe. The malware, identified as DeliveryCheck—also referred to by the codename CAPIBAR or GAMEDAY—is a .NET-based backdoor designed to facilitate the delivery…
Turla’s New ‘DeliveryCheck’ Backdoor Compromises Ukrainian Defense Sector
On July 20, 2023, reports emerged of a sophisticated .NET-based backdoor known as DeliveryCheck (also referred to as CAPIBAR or GAMEDAY) targeting the defense sector in Ukraine and Eastern Europe. Attributed to the Russian nation-state actor Turla—also recognized by aliases such as Iron Hunter, Secret Blizzard (formerly Krypton), Uroburos, Venomous Bear, and Waterbug—this malware is associated with Russia’s Federal Security Service (FSB). According to the Microsoft threat intelligence team, in partnership with the Computer Emergency Response Team of Ukraine (CERT-UA), DeliveryCheck is distributed through malicious email attachments containing harmful macros. The backdoor maintains persistence via a scheduled task that downloads and executes it in memory. Additionally, it connects to a command-and-control (C2) server to receive instructions, which may include deploying various payloads embedded within XSLT stylesheets. Successful initial accesses are sometimes accompanied by additional malicious activities.
Cybercrime, Fraud Management & Cybercrime, Standards, Regulations & Compliance U.S. to Push for Human Rights Protections in Support of Cybercrime Treaty Chris Riotta (@chrisriotta) • November 12, 2024 The United Nations cybercrime treaty has drawn strong objections from Western tech and cybersecurity firms during the negotiation process. (Image: Shutterstock) The…
