PowerExchange Backdoor and Web Shells Breach at UAE Government Agency
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A high-severity attack targeted a UAE government agency, utilizing a custom PowerShell backdoor named PowerExchange and web shells on Microsoft Exchange servers. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn. …
Pikabot A Stealthy Backdoor with Ingenious Evasion Tactics
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Pikabot, a sophisticated backdoor evades analysis with anti-analysis measures like the “sleep” function, uses NtContinue API, employs language-based execution cessation, and shows connections to Qakbot trojan. To receive real-time threat advisories, …
A Zero-Day Vulnerability Found in Barracuda Email Security Gateway
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Zero-day Vulnerability Exploited in Barracuda Email Security Gateway Appliances, Promptly Patched, and a Subset of Customers Notified; Other Barracuda Products are Unaffected. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn. …
GUI-Vil Threat Group Exploits AWS for Crypto Mining
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary GUI-Vil (p0-LUCR-1), an Indonesian threat group, conducts unauthorized cryptocurrency mining using personalized infiltration tactics. They exploit AWS, leveraging compromised credentials and vulnerabilities like CVE-2021-22205. To receive real-time threat advisories, please follow …
Unveiling the Stealthy Operations of GoldenJackal APT Group
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary GoldenJackal is an APT group targeting government and diplomatic entities in the Middle East and South Asia. Their advanced capabilities include a range of .NET malware tools for gaining control, stealing …
WINTAPIX Kernel Driver Targeting Middle Eastern Nations
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The WINTAPIX driver, protected by VMProtect, targets Saudi Arabia and other Gulf countries, possibly linked to Iranian threat actors exploiting Exchange servers for malware deployment. To receive real-time threat advisories, please …
Advanced BlackCat Ransomware Using Triple Extortion Tactics and Signed Kernel Driver
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The BlackCat ransomware operation is a highly sophisticated and customizable threat targeting corporate environments, featuring advanced encryption, spreading capabilities, and triple extortion tactics. It utilizes a signed kernel driver for defense …
Actors, Threats and Vulnerabilities 15 to 21 May 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made significant discoveries in the field of cybersecurity threats. In the past week, they uncovered a total of eight attacks that were executed, taking advantage of five different vulnerabilities across various systems. …
APT28’s Cyber Espionage Campaigns Targeting Ukraine
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The APT28 intrusion group, linked to the Russian GRU and renowned for its cyber espionage and sabotage endeavors, was observed employing various phishing methodologies to target the Ukrainian civic community. To …
MichaelKors Ransomware Targets Linux and VMware ESXi Systems with Hypervisor Jackpotting
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary MichaelKors ransomware, a new RaaS operation, has been targeting Linux and VMware ESXi systems since April 2023, utilizing the tactic of “hypervisor jackpotting” to gain unrestricted access and encrypt files, posing …