LockBit ransomware group’s attempt to create a macOS version of their malware has been discovered by researchers. The malware is capable of encrypting files on Mac devices, but it does not seem to pose any real risk. Patrick Wardle, a security expert, has conducted an analysis of the macOS LockBit version and found that the…
Cybersecurity company Darktrace recently issued a statement after it was named on the leak website of the LockBit ransomware group. Darktrace reported that they had investigated the situation and found no evidence of compromise or any customer data being accessed. It appears that Darktrace was not hacked or even targeted by LockBit, but rather the…
Cybersecurity researchers have detailed the tactics of a “rising” cybercriminal gang called “Read The Manual” (RTM) Locker that functions as a private ransomware-as-a-service (RaaS) provider and carries out opportunistic attacks to generate illicit profit. The group started off in 2015 as a banking malware targeting businesses in Russia via drive-by downloads, spam, and phishing emails.…
The threat actor known as the Lazarus Group, believed to be based in North Korea, has shifted its focus and rapidly evolved its tools and tactics as part of a long-running activity called DeathNote. This nation-state adversary is known for its persistent attacks on the cryptocurrency sector, but has also targeted automotive, academic, and defense…
A Chinese hacking group that is likely state-sponsored and has been linked previously to attacks on U.S. state government computers is still “highly active” and is focusing on a broad range of targets that may be of strategic interest to China’s government and security services, according to a new report from a private American cybersecurity…
Mar 30, 2023 saw the uncovering of a custom Windows and Linux backdoor called KEYPLUG, attributed to the Chinese state-sponsored threat activity group RedGolf. The use of KEYPLUG by Chinese threat actors was first disclosed by Google-owned Manidant in March 2022 in attacks targeting multiple U.S. state government networks between May 2021 and February 2022.…
Mar 29, 2023 saw the attribution of a new North Korean nation-state cyber operator, APT43, to a series of campaigns designed to gather strategic intelligence and generate funds in alignment with Pyongyang’s geopolitical interests. Mandiant, tracking the group’s activity, revealed its primary mission is to collect strategic intelligence, while its attack campaigns are also financially-motivated.…
Threat hunters at Mandiant have uncovered yet another North Korean hacking group that is funding its cybercrime operations to support espionage campaigns against South Korean and U.S.-based government organizations. The Google-owned incident response forensics firm has flagged the group as APT43 and warns that it is a “moderately-sophisticated cyber operator that supports the interests of…
On Friday, the Australian Federal Police (AFP) announced the arrest of four individuals accused of being involved in business email compromise (BEC) and other types of online fraud. The cybercrime group is believed to have operated approximately 180 bank accounts to transfer stolen money out of Australia, and over the course of three years, the…