CryptNet A Novel Ransomware-as-a-Service
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary CryptNet is a new ransomware-as-a-service group that employs data exfiltration and .NET code. Currently, it has two victims listed on its data leak site. To receive real-time threat advisories, please follow …
Camaro Dragon Targets European Foreign Affairs with Malicious Firmware Implant
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Camaro Dragon is a Chinese state-sponsored advanced persistent threat (APT) group that has been targeting European foreign affairs entities. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn. …
Apple Patches Three Exploited Zero-Day Vulnerabilities in macOS
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Apple addresses three exploited zero-day vulnerabilities in macOS, fixing sandbox escape and code execution issues in the WebKit browser engine. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn. …
Unveiling the Minas Miner’s Deceptive Tactics
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Minas is a multi-stage cryptocurrency miner with a concealed presence. It evades detection through encryption, randomization, and persistence techniques, showcasing determined network compromise. To receive real-time threat advisories, please follow HiveForce …
MEME#4CHAN The Unconventional Phishing Campaign Spreading XWorm
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A persistent cyber threat known as MEME#4CHAN has emerged, characterized by an intricate phishing campaign. This cluster of malicious activity employs a distinctive attack chain methodology, successfully infiltrating targeted systems and …
8220 Gang Exploiting Vulnerabilities in Cloud Environments for Cryptocurrency Mining
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The 8220 Gang is a cyber threat group that targets cloud and container environments, exploiting vulnerabilities in applications like Oracle WebLogic, Apache Log4j, and Atlassian Confluence. To receive real-time threat advisories, …
Rancoz Ransomware Employs Advanced Techniques to Encrypt Victims’ Files
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Rancoz ransomware demonstrates the growing danger of tailored ransomware strains, leveraging advanced encryption techniques. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn. …
Water Orthrus Targets Chinese Users with CopperStealth and CopperPhish
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Water Orthrus has recently launched two new campaigns, CopperStealth and CopperPhish, where CopperStealth employs rootkit techniques, while CopperPhish globally distributes a phishing kit through PPI networks. To receive real-time threat advisories, …
RA Group’s Custom Ransomware Hits US & South Korea
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The emergence of the RA ransomware group highlights the utilization of the recently leaked Babuk ransomware source code as they employ it to develop their variant of the malware. To receive …
Lancefly APT Group Deploys Custom Backdoor ‘Merdoor’ in Targeted Attacks
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Lancefly APT group targets South and Southeast Asia using the Merdoor backdoor and an updated ZXShell rootkit. Their attack chain involves credential theft, lateral movement, file staging, and encryption, and …