Security News

A Chinese state-sponsored threat activity group named RedAlpha has been attributed to a multi-year mass credential theft campaign aimed at global humanitarian, think tank, and government organizations. The adversary's consistent targeting of think tanks and humanitarian organizations over the past three years falls in line with the strategic interests of the Chinese government, the report added.

The Chinese Winnti hacking group, also known as 'APT41' or 'Wicked Spider,' targeted at least 80 organizations last year and successfully breached the networks of at least thirteen. One of Wintti's unique deployment methods for the Cobalt Strike beacons involved obfuscating the payload on the host to evade detection by software.

The Chinese Winnti hacking group, also known as 'APT41' or 'Wicked Spider,' targeted at least 80 organizations last year and successfully breached the networks of at least thirteen. One of Wintti's unique deployment methods for the Cobalt Strike beacons involved obfuscating the payload on the host to evade detection by software.

The malware loader known as Bumblebee is being increasingly co-opted by threat actors associated with BazarLoader, TrickBot, and IcedID in their campaigns to breach target networks for post-exploitation activities. "Bumblebee operators conduct intensive reconnaissance activities and redirect the output of executed commands to files for exfiltration," Cybereason researchers Meroujan Antonyan and Alon Laufer said in a technical write-up.

The North Korea-backed Lazarus Group has been observed targeting job seekers with malware capable of executing on Apple Macs with Intel and M1 chipsets. Slovak cybersecurity firm ESET linked it to a campaign dubbed "Operation In(ter)ception" that was first disclosed in June 2020 and involved using social engineering tactics to trick employees working in the aerospace and military sectors into opening decoy job offer documents.

North Korean hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase and lure in employees in the financial technology sector. Lazarus hackers have used fake job offers in the past and in a recent operation they used malware disguised as a PDF file with details about a position at Coinbase.

Microsoft on Monday revealed it took steps to disrupt phishing operations undertaken by a "Highly persistent threat actor" whose objectives align closely with Russian state interests. "SEABORGIUM intrusions have also been linked to hack-and-leak campaigns, where stolen and leaked data is used to shape narratives in targeted countries," Microsoft's threat hunting teams said.

They have the world's largest community of ethical hackers working to stay ahead of cybercriminals, going on the offense, searching for bugs and vulnerabilities before attackers do. Two years ago, Forbes reported that more than 700,000 ethical hackers were already part of the HackerOneBounty program.

A company supplying 330 million liters of drinking water to 1.6 consumers daily, has issued a statement confirming IT disruption from a cyberattack. As the announcement explains, the safety and water distribution systems are still operational, so the disruption of the IT systems doesn't impact the supply of safe water to its customers or those of its subsidiaries, Cambridge Water and South Staffs Water.

As the announcement explains, the safety and water distribution systems are still operational, so the disruption of the IT systems doesn't impact the supply of safe water to its customers or those of its subsidiaries, Cambridge Water and South Staffs Water. The Clop ransomware gang claimed Thames Water as their victim via an announcement on their onion site today, alleging to have accessed SCADA systems they could manipulate to cause harm to 15 million customers.