Security News

Law enforcement has detained a suspect believed to be a key member of the OPERA1ER cybercrime group, which has targeted mobile banking services and financial institutions in malware, phishing, and Business Email Compromise campaigns. The suspect was arrested by authorities in Côte d'Ivoire in early June following a joint law enforcement action dubbed Operation Nervone with the help of AFRIPOL, Interpol's Cybercrime Directorate, cybersecurity company Group-IB, and telecom carrier Orange.

A threat actor known as Muddled Libra is targeting the business process outsourcing industry with persistent attacks that leverage advanced social engineering ploys to gain initial access. "The attack style defining Muddled Libra appeared on the cybersecurity radar in late 2022 with the release of the 0ktapus phishing kit, which offered a prebuilt hosting framework and bundled templates," Palo Alto Networks Unit 42 said in a technical report.

Researchers at Korean anti-malware business AhnLab are warning about an old-school attack that they say they're seeing a lot of these days, where cybercriminals guess their way into Linux shell servers and use them as jumping-off points for further attacks, often against innocent third parties. These attackers are using the not-very-secret and not-at-all-complicated trick of finding Linux shell servers that are accepting SSH connections over the internet, and then simply guessing at common username/password combinations in the hope that at least one user has a poorly-secured account.

Threat actors, ransomware gangs, malware developers, and others are increasingly and rapidly moving off of the "Traditional" dark web and onto illicit Telegram channels specializing in cybercrime. Level of technical proficiency to find cybercrime channels and successfully make purchases is even lower than Tor, creating a democratization of cybercrime data.

Earlier this year, threat researchers at Cybersixgill released the annual report, The State of the Cybercrime Underground. Further below, I also discuss the need for a new security approach, combining attack surface management and cyber threat intelligence to combat threat actors' ever-changing methods.

Operated out of Japan by French expatriate Mark Karpelès, Mt. Gox rapidly became the biggest online Bitcoin exchange, but imploded in 2014 when the company was forced to admit that it had lost Bitcoins worth more than $0.5 billion at the time. In 2014, the Big Daddy of Bitcoin exchanges, Japan-based Mt. Gox, made a "So sorry, they seem to have vanished" announcement about a whopping 650,000 Bitcoins, worth approximately $800 each at the time.

The threat actor known as Asylum Ambuscade has been observed straddling cybercrime and cyber espionage operations since at least early 2020. "Asylum Ambuscade also does espionage against government entities in Europe and Central Asia.".

A hacking group tracked as 'Asylum Ambuscade' was observed in recent attacks targeting small to medium-sized companies worldwide, combining cyber espionage with cybercrime. ESET has published a new report on the actor today, disclosing more details about last year's Asylum Ambuscade operations and highlighting updates on its victimology and toolset.

Cybersecurity researchers have unmasked the identity of one of the individuals who is believed to be associated with the e-crime actor known as XE Group. According to Menlo Security, which pieced together the information from different online sources, "Nguyen Huu Tai, who also goes by the names Joe Nguyen and Thanh Nguyen, has the strongest likelihood of being involved with the XE Group."

How to do that efficiently and effectively is no small task - but with a small investment of time, you can master threat hunting and save your organization millions of dollars. This article offers a detailed explanation of threat hunting - what it is, how to do it thoroughly and effectively, and how cyber threat intelligence can bolster your threat-hunting efforts.