News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

I-Soon: China's state-run foreign hackers exposed 
I-Soon: China's state-run foreign hackers exposed - MS KI

Internally, it is certainly the biggest betrayal of China: an employee of the company I-Soon revealed data and services that were used to attack foreign companies and governments. China denies the issue of foreign hackers, but the leaked data is overwhelming and the disclosure of the tools' capabilities is reminiscent of the day of the Snoden leaks. Now China has its own Snowden. According to research by specialists at Malwarebytes and SentinelOne, this is what happened: Data from a Chinese cybersecurity provider working for the Chinese government revealed a number of hacking tools and services. Although the…

Read more

Pawn Storm under the microscope
Pawn Storm under the microscope

Pawn Storm (also APT28 or Forest Blizzard) is a group of APT actors characterized by persistent repetition in their tactics, techniques and procedures (TTPs). The group is known for still using its decade-old phishing email campaigns targeting high-value targets around the world. Although campaign methods and infrastructure gradually change over time, they still provide valuable information about Pawn Storm's infrastructure, including those used in more advanced campaigns. Trend Micro has the…

Read more

Russian APT group attacked Microsoft 
B2B Cyber ​​Security ShortNews

According to its own information, Microsoft was attacked by Midnight Blizzard on January 12, 2024. The Russian-sponsored actors apparently had access to email accounts of high-ranking employees. However, the attackers are said to have had no access to the customer environments. On January 12, 2024, the Microsoft security team said it recognized an attack by a nation state on its corporate systems. A response process was then activated to disrupt the malicious activity, mitigate the attack, and deny further access to the threat actor. Microsoft has identified the threat actor as Midnight Blizzard, also known as Nobelium,…

Read more

Raid on ALPHV or BlackCat group?
B2B Cyber ​​Security ShortNews

The ALPHV and BlackCat leak sites have been disrupted for days. Some of them cannot be accessed or do not show any content. In darknet forums, admins from other APT groups claim that the servers have been taken over by ALPHV. The Advanced Persistent Threat (APT) group ALPHV, also known as BlackCat, is a ransomware group that first emerged in November 2021. The group is known for carrying out sophisticated ransomware attacks on companies and organizations around the world. But for a few days now, the ransomware group's leak pages have either not been accessible or show no content. Darknet admins talk about…

Read more

EU and Ukraine in the attackers' sights
B2B Cyber ​​Security ShortNews

The APT Activity Report shows that the EU, Israel and Ukraine are particularly affected by attacks by state-backed hacker groups. Cybercriminals pursue different goals with their actions: Russian hackers primarily want to support the war against Ukraine. Chinese groups particularly spy on government organizations and companies in the EU to obtain sensitive information. “Organizations around the world are facing increasingly frequent and sophisticated attacks,” said Jan-Ian Boutin, Director of ESET Threat Research, summarizing the report. “The ongoing cyber attacks on Ukraine and cyber espionage from China show that...

Read more

Hacker group exploits zero-day vulnerability
B2B Cyber ​​Security ShortNews

Government agencies and a think tank in Europe were attacked by the APT group Winter Vivern. Here, the hackers use so-called cross-site scripting attacks to exploit a zero day vulnerability in the Roundcube webmail servers used in order to then read (confidential) emails. Roundcube is an open source webmail software used by many government departments and organizations such as universities and research institutes. ESET recommends that users update to the latest available version of the software as soon as possible. ESET discovered the vulnerability on October 12, 2023 and immediately reported it to the Roundcube team, who reported the vulnerability two…

Read more

DE is most affected by ransomware compared to the EU
DE is most affected by ransomware compared to the EU

More and more small and medium-sized companies (SMEs) are increasingly the focus of cyber extortionists. The APT groups Lockbit, BlackCat and Clop (or Cl0p) are particularly active with the number of their attacks. Compared to the EU, Germany is particularly badly attacked. Trend Micro has released new analysis showing that a majority of recent ransomware attacks can be traced back to three major threat actors: Lockbit, BlackCat and Clop. The report also indicates that the number of new victims has increased by 2022 percent since the second half of 47. APT groups Lockbit, BlackCat…

Read more

APT Akira: Extremely active ransomware demands a large ransom 
B2B Cyber ​​Security ShortNews

The Akira ransomware group quickly gained notoriety. The group emerged in March 2023 and was already the fourth most active group in August, demanding millions of dollars in ransom from its victims. Logpoint analyzed the tactics, techniques and processes. Akira primarily focuses on companies across a range of industries in the UK and US, including education, finance, real estate, manufacturing and consulting. “Akira has proven to be extremely active and has amassed an extensive list of victims in a short period of time. With each attack, the group evolves with additional capabilities,” says Swachchhanda Shrawan Poudel, Logpoint Security…

Read more

New malware WikiLoader targets businesses
B2B Cyber ​​Security ShortNews

Experts have uncovered a new piece of malware, which they dubbed “WikiLoader”. Experts first observed the new malware when it was distributed by TA544 (Threat Actor 544), a group of cybercriminals that typically use Ursnif malware in their attacks to target companies primarily in Italy. As a result, Proofpoint was able to observe further cyber campaigns. WikiLoader is a sophisticated downloader designed to install another malware payload. The newly discovered malware includes remarkable obfuscation techniques and custom code implementations designed to make detection and analysis by cyber forensic scientists more difficult. The developers rent…

Read more

APT: Cooperation of Hive, Royal and Black Basta Ransomware
SophosNews

In its Clustering Attacker Behavior Reveals Hidden Patterns report, Sophos publishes new insights into connections between the most prominent ransomware groups of the past year: Hive, Black Basta and Royal. Recent attacks suggest that the three ransomware groups share playbooks or partners. As of January 2023, Sophos X-Ops had investigated four different ransomware attacks over a three-month period, one originating from Hive, two from Royal and one from Black Basta. Clear similarities between the attacks were found. Although Royal is considered a very closed group with no visible partners from underground forums...

Read more