Researchers from Symantec has identified a state sponsored hacking campaign targeting multiple organisations from Asian countries including Certificate authorities, and government agencies. The APT group named "Billbug" has been active atleast from 2009 has reoccured with primary motive of conducting espionage activity with the intention of stealing the sensitive data's. "The targeting of a certificate … Continue reading STATE SPONSORED APT GROUP TARGETS ORGANISATIONS FROM MULTIPLE ASIAN COUNTRIES.
Tiago Pereira and Caitlin Huey of Cisco Talos reported that "BlackCat appears to be a case of vertical business expansion .In essence, it's a way to gain control of the upstream supply chain by making a key service to their business (the RaaS operator) better suited to their needs and adding another source of revenue." … Continue reading Experts Track Down Some BlackMatter Affiliates Spreading BlackCat Ransomware.
TAG researchers Vlad Stolyarov reported that ," Initial access brokers are the opportunistic locksmiths of the security world .These groups specialise in breaching a target in order to provide the malicious actor with access to the doors or the Windows." TAG has launched a new initial access broker that it claims is closely associated with a … Continue reading Google Discovers A ‘Initial Access Broker’ Cooperating With The Conti Ransomware Gang.
Trend Micro researchers reported that ," The botnet's objective is to develop an infrastructure for additional attacks on high-value targets, given that none of the infected hosts belong to vital organisations or those that have an obvious value on economic, political or military espionage." Nearly a month after it was revealed that the malware used … Continue reading ASUS Routers Are Targeted By A New Variant Of The Russian Cyclops Blink Botnet.
According to Microsoft's Defender for IoT Research Team and Threat Intelligence Center (MSTIC) ," TrickBot adds another persistence layer that helps malicious IPs evade detection by standard security systems by using MikroTik routers as proxy servers for its C2 servers and redirecting traffic through non-standard ports." Microsoft stated on Wednesday that the TrickBot virus uses … Continue reading Hacked IoT Devices Are Used As Command- And Control Servers By The TrickBot Malware.