News

Latest news on the subject of B2B cyber security >>> PR agencies: Add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Day: group

Iran, North Korea, Russia: State hackers rely on ClickFix 
9 May 2025
| No comments
| Short news
B2B Cyber ​​Security ShortNews

State-sponsored hacking groups are increasingly adopting new social engineering techniques originally developed by commercially motivated cybercriminals. For example, ClickFix is ​​now also increasingly being used by North Korean, Iranian, and Russian groups in espionage campaigns. The ClickFix method uses fake error messages or supposed security warnings to trick unsuspecting users into manually entering malicious PowerShell commands into their systems. This direct user interaction helps criminals bypass conventional defenses such as automatic malware scans. ClickFix integrated into cyberattacks At the turn of the year, Proofpoint researchers observed for the first time how groups from North Korea (TA427), Iran (TA450), and Russia (UNK_RemoteRogue…

Read more

Rising star 2024: Ransomware group 8Base
June 18, 2024
| No comments
| Short news, TrendMicro
Trend Micro News

In a new analysis, Trend Micro focuses on the ransomware group 8Base. In the first months of 2024, it took second place on the list of the "most successful" ransomware actors - just behind LockBit. With the successful operation by international law enforcement agencies against Lockbit earlier this year, 8Base is expected to further expand its importance in the ransomware landscape. The 8Base group presents itself as a penetration tester in its external presentation and claims on its leak site that it is exclusively targeting companies that "underestimate the privacy and importance of their users' data".

Read more

Campaigns by cybercriminal group TA4903
March 17, 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Cybersecurity experts have identified new campaigns by cybercriminal group TA4903, which specializes in phishing and business email compromise (BEC, also known as CEO fraud). The group is a group of financially motivated cyber criminals who have recently made a name for themselves through large-scale email campaigns. US organizations in particular find themselves in the crosshairs of attackers, and occasionally companies from other parts of the world too. Proofpoint's key takeaways from TA4903: TA4903 has two main goals: credential phishing and BEC. The group regularly runs campaigns where they present themselves as…

Read more

CosmicBeetle attacks European organizations 
September 16, 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The hacker group CosmicBeetle attacks organizations worldwide, especially European ones. The group uses the Spacecolon toolset to spread ransomware among its victims and extort ransoms. The attackers exploit the zero-logon vulnerability in web servers for their attacks. Alternatively, hackers resort to classic brute force attacks on RDP credentials to break into organizations. Spacecolon has been active since at least May 2020 to date. CosmicBeetle also operates globally The specialists at ESET were able to track CosmicBeetle and its tools worldwide. Countries in the European Union such as Spain, France, Belgium, etc. are particularly affected.

Read more

Microsoft discovers Storm-0978 spying phishing
July 16, 2023
| No comments
| PR News
Microsoft discovers Storm-0978 spying phishing

Microsoft has identified a phishing campaign by Russian threat actor Storm-0978 targeting defense and government agencies in Europe and North America. It's about financial data and espionage in the attack. Storm-0978 (DEV-0978; also referred to by other vendors as RomCom, the name of their backdoor) is a Russia-based cybercriminal group known for conducting opportunistic ransomware and extortion operations, as well as credential-targeting attacks. Storm-0978 operates, develops and distributes the RomCom backdoor. The actor also deploys the underground ransomware, which is closely related to the Industrial Spy ransomware, which first appeared in the wild in May 2022…

Read more

Lazarus Group Unleashes Backdoor DTrack on Businesses
18 December 2022
| No comments
| Kaspersky, Short news
Kaspersky_news

Notorious APT actor Lazarus is expanding its attacks and is now targeting companies in Europe, including Germany and Switzerland. The Kaspersky experts were able to identify attacks with the backdoor DTrack on two German chemical processing and manufacturing companies and one on a Swiss chemical processing company. Lazarus has been active since at least 2009 and has been blamed for cyber espionage, cyber sabotage and ransomware attacks. Initially, the group was focused on implementing what appeared to be a geopolitical agenda centered primarily on South Korea….

Read more

ESET: Cyber ​​espionage group Worok exposed
September 25, 2022
| No comments
| ESET, Short news
Eset_News

The targets of Worok cyber espionage are high-ranking institutions in the telecommunications, banking, energy, military, government and shipping sectors. The group is currently still targeting Asia, Africa and the Middle East. The Worok hacker group uses targeted attacks to spy on high-ranking institutions in Asia, Africa and the Middle East. Researchers from the European security manufacturer ESET have succeeded in uncovering the activities of the actors and analyzing their previously unknown tools. The group has been active since 2020, but has been on the road again since February 2022 after a longer break. Worok uses in-house developments The arsenal…

Read more

Findings on the Black Basta ransomware group
September 21, 2022
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Unit 42, Palo Alto Networks' malware analysis team, has released a report detailing the Black Basta ransomware group, which first appeared in April 2022 and has been on the rise ever since. Since the emergence of ransomware, members of the group have been very active in distributing and extorting companies. The attackers run a cybercrime marketplace and blog where the group lists their victims' names, descriptions, publication percentage, number of visits, and any data exfiltrated. Black Basta runs its own leak page Although the…

Read more

Lorenz ransomware slips through VoIP phone vulnerability 
September 18, 2022
| No comments
| PR News
Lorenz ransomware slips through VoIP phone vulnerability

Arctic Wolf recently investigated a Lorenz ransomware attack that used a vulnerability in the Mitel MiVoice VoIP appliance (CVE-2022-29499) for first access and Microsoft's BitLocker Drive Encryption for data encryption. Users of the VoIO solution should urgently run the security patches. Lorenz is a ransomware group that has been active since February 2021 at the latest and, like many ransomware groups, exfiltrates data from its attack target before encrypting the systems. In the most recent quarter, the group primarily targeted small and medium-sized businesses in the United States, but organizations in China and Mexico were also hit. SMEs…

Read more

Luna ransomware group uses OS-independent programming language 
August 19, 2022
| No comments
| Kaspersky, Short news
Kaspersky_news

Kaspersky researchers have identified a new ransomware group that further underlines the trend towards using cross-platform functionalities. The Luna group uses ransomware written in Rust. It allows malware to be easily adapted from one operating system to another. Using malware written in Rust, Luna can attack Windows, Linux, and ESXi systems at once. The Dark Web ad spotted by Kaspersky states that Luna only works with Russian-speaking partners. Additionally, the ransom note hard-coded in the binary contains some typos, which suggests…

Read more

© 2025 MedPressIT Selinger
Cookie Settings