Tracking the Malicious Email Campaigns of Russia-Aligned TA499
Threat Level Actor Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary TA499 is a group of threat actors aligned with the Russian state that engages in impersonation-based, patriotically motivated misinformation campaigns. They use email to target …
Threat Actors Exploit Microsoft OneNote for Malware Delivery via Phishing Attacks
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary Cybercriminals are using Microsoft OneNote’s ability to embed files to deliver malware to users via social engineering techniques. OneNote allows users to organize information and …
SYS01 Stealer Targets Government and Manufacturing Industry
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The SYS01 stealer has been targeting critical government infrastructure employees, manufacturing companies, and other industries, and using various delivery techniques, including DLL side-loading, to steal …
ImBetter Stealer Malware Targets Cryptocurrency Wallets
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary ImBetter Stealer malware steals sensitive data and cryptocurrency wallets by tricking users into downloading it through phishing websites that mimic popular crypto wallets and online …
RedLine Stealer Used in Spear-Phishing Campaign Targeting Hospitality Industry
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary A spear-phishing campaign targeting the hospitality industry used subject lines and text to trick hotel staff into clicking on malicious links that led to the …
Hiatus Hacking Campaign Targets DrayTek Vigor Routers to Steal Data
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary A malware campaign called “Hiatus” that targets business-grade routers, specifically DrayTek Vigor models 2960 and 3900 running an i386 architecture. The campaign started in July …
Multiple Vulnerabilities Found in Cisco IP Phones Web-Based Management Interface
Threat Level Vulnerability Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary Cisco has disclosed two high-severity vulnerabilities affecting its IP phones, with one causing remote code execution (RCE) and the other enabling denial-of-service (DoS) attacks. Both …
Unveiling the Malicious Tactics of LokiBot Malware
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary LokiBot is a constantly evolving information-stealing malware that creates a backdoor on infected machines to collect sensitive data, and it uses ISO files and API …
Two New Vulnerabilities Discovered in TPM 2.0 Library
Threat Level Vulnerability Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The Trusted Platform Module (TPM) 2.0 specification, a hardware-based technology used to provide tamper-resistant secure cryptographic functions, is affected by two buffer overflow vulnerabilities. These …
Royal Ransomware Targets Organizations with Custom Encryption and Double Extortion Tactics
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary Since September 2022, threat actors have been attacking both US and international organizations using a version of ransomware called Royal. This ransomware is unique because …