WIP26 is characterized by the abuse of public Cloud infrastructure – Microsoft 365 Mail, Microsoft Azure, Google Firebase, and Dropbox – for malware delivery, data exfiltration, and C2 purposes.

Group-IB researchers have identified two malicious campaigns from 2020 and 2021, respectively, carried out by SideWinder APT that were designed to steal cryptocurrency. The researchers found two new home-grown tools used by SideWinder APT during the ca…

The attackers use the same commercial online services that sales and marketing teams rely on to identify prospects and personalize communications. They also use Google Translate to translate their malicious emails into multiple languages.

Since January 2022, Trend Micro has been observing Earth Yako as it targets researchers in academic institutions and think tanks in Japan. They also observed a small number of attacks that appear to have targeted organizations in Taiwan.

Microsoft attributed the Chinese cyberespionage group DEV-0147 to a wave of attacks targeting diplomatic entities in South America. The group is also using the ShadowPad backdoor to maintain persistence. Experts suspect that the group uses phishing and…

Chinese 8220 Gang has been found enhancing its attack techniques, such as involving using malicious Docker images and exploiting Struts2, Redis, and Weblogic servers, to launch cryptomining attacks. Some of these attacks leveraged vulnerable Oracle Web…

Lookout Security published a report describing the activities of a new APT actor dubbed Dark Caracal that has claimed hundreds of infections in more than a dozen countries since March of 2022. The APT is currently using a new version of Bandook spyware…

The North Korean Lazarus APT group has laundered over $100 million in cryptocurrency since October 2022, through a new single crypto mixer, named Sinbad – found blockchain analysts. Last year, the U.S. Treasury’s Office of Foreign Assets Control (OFAC)…

A new joint advisory warns of North Korean hackers that are involved in ongoing ransomware attacks against healthcare systems in South Korea and the U.S. According to the advisory, the modus operandi of the attacks includes North Korean hackers acquiri…

North Korean hackers have found a way around U.S.-imposed sanctions to launder the cryptocurrency proceeds from their heists, according to evidence discovered by blockchain analysts.