Recent cyber activities linked to North Korean threat actors, particularly the Kimsuky group, demonstrate a notable evolution in their techniques. They are increasingly leveraging living-off-the-land (LotL) strategies, relying on common services to remain undetected. A recent operation, identified as “DEEP#DRIVE” by Securonix, exemplifies this trend, utilizing PowerShell scripts and Dropbox…
A recent phishing attack known as DEEP#DRIVE has emerged as a significant threat to entities in South Korea, with thousands of victims reported. Cybersecurity experts suspect the Kimsuky group, a North Korean hacking collective, is behind this extensive cyber espionage campaign aimed primarily at South Korean businesses, government agencies, and…
Financially Motivated Threat Actor Targets PrivatBank Customers with Sophisticated Phishing Scheme A recent investigation by cybersecurity researchers at CloudSEK has uncovered a sophisticated phishing campaign orchestrated by the financially motivated group UAC-0006, aimed specifically at clients of PrivatBank, the largest state-owned bank in Ukraine. This alarming activity highlights the persistent…
Security Breach Exposes Vulnerabilities in Azure Key Vault Access Policies In a recent analysis, cybersecurity professionals uncovered significant vulnerabilities associated with Azure Key Vault’s access policies following the compromise of Entra ID (formerly Azure Active Directory) credentials. The detailed walkthrough illustrates how attackers can manipulate these access policies to retrieve…
Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime, Government Secret Blizzard Utilizes Third-Party Amadey Bots to Compromise Ukrainian Military Devices Jayant Chakravarti (@JayJay_Tech) • December 12, 2024 A Ukrainian soldier operating a drone on the battlefield in 2023. (Image: Shutterstock) A state-sponsored hacking group from Russia, identified as Center 16…
Microsoft has reported on a sophisticated cyber operation attributed to the group known as Secret Blizzard, which has utilized the Amadey malware to execute targeted attacks against specific entities. The nature of the attacks suggests that Secret Blizzard either employed Amadey as a malware-as-a-service or engaged with its command-and-control panels…
In a troubling revelation, the cyber espionage group codenamed MoustachedBouncer, which has remained undocumented until now, has been linked to a series of attacks targeting foreign embassies in Belarus. ESET security researcher Matthieu Faou notes that this group has likely been active since 2014 and has continuously improved its techniques,…
Phishing Attack Uncovered Using Fake CAPTCHA to Execute Malicious Scripts In a recent security analysis by ANY.RUN, an interactive malware analysis platform, a sophisticated phishing campaign has been identified that utilizes deceptive fake CAPTCHA prompts to lure victims into executing harmful scripts on their systems. This evolving threat exemplifies the…
North Korean State-Sponsored Group Partners with Ransomware Actors in Recent Cyberattack A recent report from Palo Alto Networks’ Unit 42 highlights alarming developments in the cybersecurity landscape, revealing a collaboration between the North Korean state-sponsored threat group known as Jumpy Pisces and the financially motivated Play ransomware group. This incident…
