A Zero-Day Vulnerability Found in Barracuda Email Security Gateway
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Zero-day Vulnerability Exploited in Barracuda Email Security Gateway Appliances, Promptly Patched, and a Subset of Customers Notified; Other Barracuda Products are Unaffected. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn. …
GUI-Vil Threat Group Exploits AWS for Crypto Mining
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary GUI-Vil (p0-LUCR-1), an Indonesian threat group, conducts unauthorized cryptocurrency mining using personalized infiltration tactics. They exploit AWS, leveraging compromised credentials and vulnerabilities like CVE-2021-22205. To receive real-time threat advisories, please follow …
Unveiling the Stealthy Operations of GoldenJackal APT Group
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary GoldenJackal is an APT group targeting government and diplomatic entities in the Middle East and South Asia. Their advanced capabilities include a range of .NET malware tools for gaining control, stealing …
WINTAPIX Kernel Driver Targeting Middle Eastern Nations
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The WINTAPIX driver, protected by VMProtect, targets Saudi Arabia and other Gulf countries, possibly linked to Iranian threat actors exploiting Exchange servers for malware deployment. To receive real-time threat advisories, please …
Advanced BlackCat Ransomware Using Triple Extortion Tactics and Signed Kernel Driver
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The BlackCat ransomware operation is a highly sophisticated and customizable threat targeting corporate environments, featuring advanced encryption, spreading capabilities, and triple extortion tactics. It utilizes a signed kernel driver for defense …
APT28’s Cyber Espionage Campaigns Targeting Ukraine
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The APT28 intrusion group, linked to the Russian GRU and renowned for its cyber espionage and sabotage endeavors, was observed employing various phishing methodologies to target the Ukrainian civic community. To …
MichaelKors Ransomware Targets Linux and VMware ESXi Systems with Hypervisor Jackpotting
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary MichaelKors ransomware, a new RaaS operation, has been targeting Linux and VMware ESXi systems since April 2023, utilizing the tactic of “hypervisor jackpotting” to gain unrestricted access and encrypt files, posing …
CryptNet A Novel Ransomware-as-a-Service
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary CryptNet is a new ransomware-as-a-service group that employs data exfiltration and .NET code. Currently, it has two victims listed on its data leak site. To receive real-time threat advisories, please follow …
Camaro Dragon Targets European Foreign Affairs with Malicious Firmware Implant
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Camaro Dragon is a Chinese state-sponsored advanced persistent threat (APT) group that has been targeting European foreign affairs entities. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn. …
Apple Patches Three Exploited Zero-Day Vulnerabilities in macOS
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Apple addresses three exploited zero-day vulnerabilities in macOS, fixing sandbox escape and code execution issues in the WebKit browser engine. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn. …