threat groups – Experimental News Clipping Site

The Register: Malware variants that target operational tech systems are very rare – but 2 were found last year

Feb 25, 2025

—

by

Source URL: https://www.theregister.com/2025/02/25/new_ics_malware_dragos/ Source: The Register Title: Malware variants that target operational tech systems are very rare – but 2 were found last year Feedly Summary: Fuxnet and FrostyGoop were both used in the Russia-Ukraine war Two new malware variants specifically designed to disrupt critical industrial processes were set loose on operational technology networks last…

Slashdot: Encrypted Messages Are Being Targeted, Google Security Group Warns

Feb 22, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://it.slashdot.org/story/25/02/22/0724228/encrypted-messages-are-being-targeted-google-security-group-warns?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Encrypted Messages Are Being Targeted, Google Security Group Warns Feedly Summary: AI Summary and Description: Yes **Summary:** The text discusses emerging threats to secure messaging applications, particularly focusing on Signal, WhatsApp, and Telegram, as they are actively targeted by Russian-aligned threat groups. It emphasizes the evolving tactics being used…

Cloud Blog: Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger

Feb 19, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/russia-targeting-signal-messenger/ Source: Cloud Blog Title: Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger Feedly Summary: Written by: Dan Black Google Threat Intelligence Group (GTIG) has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia’s intelligence services. While this…

Cloud Blog: Cybercrime: A Multifaceted National Security Threat

Feb 12, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/cybercrime-multifaceted-national-security-threat/ Source: Cloud Blog Title: Cybercrime: A Multifaceted National Security Threat Feedly Summary: Executive Summary Cybercrime makes up a majority of the malicious activity online and occupies the majority of defenders’ resources. In 2024, Mandiant Consulting responded to almost four times more intrusions conducted by financially motivated actors than state-backed intrusions. Despite this…

Unit 42: CL-STA-0048: An Espionage Operation Against High-Value Targets in South Asia

Jan 29, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/?p=138128 Source: Unit 42 Title: CL-STA-0048: An Espionage Operation Against High-Value Targets in South Asia Feedly Summary: A Chinese-linked espionage campaign targeted entities in South Asia using rare techniques like DNS exfiltration, with the aim to steal sensitive data. The post CL-STA-0048: An Espionage Operation Against High-Value Targets in South Asia appeared first…

Cloud Blog: ScatterBrain: Unmasking the Shadow of PoisonPlug’s Obfuscator

Jan 28, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/scatterbrain-unmasking-poisonplug-obfuscator/ Source: Cloud Blog Title: ScatterBrain: Unmasking the Shadow of PoisonPlug’s Obfuscator Feedly Summary: Written by: Nino Isakovic Introduction Since 2022, Google Threat Intelligence Group (GTIG) has been tracking multiple cyber espionage operations conducted by China-nexus actors utilizing POISONPLUG.SHADOW. These operations employ a custom obfuscating compiler that we refer to as “ScatterBrain," facilitating…

The Register: Ransomware scum make it personal for <i>Reg</i> readers by impersonating tech support

Jan 22, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/01/22/ransomware_crews_abuse_microsoft_teams/ Source: The Register Title: Ransomware scum make it personal for <i>Reg</i> readers by impersonating tech support Feedly Summary: That invitation to a Teams call on which IT promises to mop up a spamstorm may not be what it seems Two ransomware campaigns are abusing Microsoft Teams to infect organizations and steal data,…

Cloud Blog: Backscatter: Automated Configuration Extraction

Jan 14, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/backscatter-automated-configuration-extraction/ Source: Cloud Blog Title: Backscatter: Automated Configuration Extraction Feedly Summary: Written by: Josh Triplett Executive Summary Backscatter is a tool developed by the Mandiant FLARE team that aims to automatically extract malware configurations. It relies on static signatures and emulation to extract this information without dynamic execution, bypassing anti-analysis logic present in…

The Register: How Androxgh0st rose from Mozi’s ashes to become ‘most prevalent malware’

Dec 24, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/12/24/androxgh0st_botnet_mozi/ Source: The Register Title: How Androxgh0st rose from Mozi’s ashes to become ‘most prevalent malware’ Feedly Summary: Botnet’s operators ‘driven by similar interests as that of the Chinese state’ After the Mozi botnet mysteriously disappeared last year, a new and seemingly more powerful botnet, Androxgh0st, rose from its ashes and has quickly…

Microsoft Security Blog: Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine

Dec 13, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2024/12/11/frequent-freeloader-part-ii-russian-actor-secret-blizzard-using-tools-of-other-groups-to-attack-ukraine/ Source: Microsoft Security Blog Title: Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine Feedly Summary: Since January 2024, Microsoft has observed Secret Blizzard using the tools or infrastructure of other threat groups to attack targets in Ukraine and download its custom backdoors Tavdig and…

Tag: threat groups