North Korean hackers pave the way for Play ransomware

North Korean state-sponsored hackers – Jumpy Pisces, aka Andariel, aka Onyx Sleet – have been spotted burrowing into enterprise systems, then seemingly handing matters over to the Play ransomware group. Timeline of the attack (Source: Palo … Continue reading North Korean hackers pave the way for Play ransomware

Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes

A threat actor specializing in establishing initial access to target organizations’ computer systems and networks is using booby-trapped email attachments to steal employees’ NTLM hashes. Why are they after NTLM hashes? NT LAN Manager (NTLM… Continue reading Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes

Microsoft Teams phishing: Enterprises targeted by ransomware access broker

A threat actor known for providing ransomware gangs with initial access to enterprise systems has been phishing employees via Microsoft Teams. “For this activity, Storm-0324 most likely relies on a publicly available tool called TeamsPhisher,&#82… Continue reading Microsoft Teams phishing: Enterprises targeted by ransomware access broker

Attackers use portable executables of remote management software to great effect

Tricking users at targeted organizations into installing legitimate remote monitoring and management (RMM) software has become a familiar pattern employed by financially motivated attackers. No organization is spared, not even agencies of the US federa… Continue reading Attackers use portable executables of remote management software to great effect

Russian hacktivists hit Ukrainian orgs with ransomware – but no ransom demands

The Ukrainian CERT (CERT-UA) has uncovered an attack campaign aimed at compromising Ukrainian organizations and irretrievably encrypting their files. To do that, they are leveraging a specific version of the Somnia ransomware that, “according to … Continue reading Russian hacktivists hit Ukrainian orgs with ransomware – but no ransom demands

Cisco has been hacked by a ransomware gang

U.S. networking giant Cisco Systems has been hacked, the company confirmed on Wednesday, after Yanluowang ransomware operators claimed the attack on their leak site. #Yanluowang #ransomware is claiming to have breached #Cisco ! Without any further info… Continue reading Cisco has been hacked by a ransomware gang

Critical flaw in Zyxel firewalls grants access to corporate networks (CVE-2022-30525)

A critical vulnerability (CVE-2022-30525) affecting several models of Zyxel firewalls has been publicly revealed, along with a Metasploit module that exploits it. Discovered by Rapid 7 researcher Jake Baines and disclosed to Zyxel on April 13, it was f… Continue reading Critical flaw in Zyxel firewalls grants access to corporate networks (CVE-2022-30525)

The TTPs of Conti’s initial access broker

Automation might be the way to go for many things, but a recently published report by Google’s Threat Analysis Group (TAG) shows why targeted phishing campaigns performed by human operators are often successful, and how the Conti ransomware gang … Continue reading The TTPs of Conti’s initial access broker