Cyberint, a Check Point Company’s Post

Talos Intelligence has uncovered a sophisticated cyber campaign orchestrated by the threat actor SneakyChef. This operation utilizes the SugarGh0st RAT and other malware to target government agencies, research institutions, and organizations globally. The campaign, which started in early August 2023 targeting users in Uzbekistan and South Korea, has now expanded to include a broader geographical area, encompassing: 1. EMEA: Angola, Turkmenistan, Kazakhstan, India, Saudi Arabia, and Latvia 2. Asia: India, Uzbekistan, and Kazakhstan 3. Europe: Latvia and Lithuania The attackers employ decoy documents designed to impersonate government agencies and research institutions, enticing victims with: 1. Government-themed lures: Circulars, reports, and announcements purportedly from ministries and embassies. 2. Research conference-themed lures: Abstracts, application forms, and invitations to conferences. ~First Hackers News To Continue reading this article, click on this link >>> https://lnkd.in/giHe5YRM #talos #cybercampaign #threatactor #sneakychef #sugargh0st #malware #attackers #cyberdefense #cyberattack #cybersecurity #fhn #firsthackersnews #informationsecurity #latestnews

Talos Intelligence has uncovered a sophisticated cyber campaign orchestrated by the threat actor SneakyChef. This operation utilizes the SugarGh0st RAT and other malware to target government agencies, research institutions, and organizations globally. The campaign, which started in early August 2023 targeting users in Uzbekistan and South Korea, has now expanded to include a broader geographical area, encompassing: 1. EMEA: Angola, Turkmenistan, Kazakhstan, India, Saudi Arabia, and Latvia 2. Asia: India, Uzbekistan, and Kazakhstan 3. Europe: Latvia and Lithuania The attackers employ decoy documents designed to impersonate government agencies and research institutions, enticing victims with: 1. Government-themed lures: Circulars, reports, and announcements purportedly from ministries and embassies. 2. Research conference-themed lures: Abstracts, application forms, and invitations to conferences. ~First Hackers News To Continue reading this article, click on this link >>> https://lnkd.in/gayWejmG #talos #cybercampaign #threatactor #sneakychef #sugargh0st #malware #attackers #cyberdefense #cyberattack #cybersecurity #fhn #firsthackersnews #informationsecurity #latestnews

Talos Intelligence has uncovered a sophisticated cyber campaign orchestrated by the threat actor SneakyChef. This operation utilizes the SugarGh0st RAT and other malware to target government agencies, research institutions, and organizations globally. The campaign, which started in early August 2023 targeting users in Uzbekistan and South Korea, has now expanded to include a broader geographical area, encompassing: 1. EMEA: Angola, Turkmenistan, Kazakhstan, India, Saudi Arabia, and Latvia 2. Asia: India, Uzbekistan, and Kazakhstan 3. Europe: Latvia and Lithuania The attackers employ decoy documents designed to impersonate government agencies and research institutions, enticing victims with: 1. Government-themed lures: Circulars, reports, and announcements purportedly from ministries and embassies. 2. Research conference-themed lures: Abstracts, application forms, and invitations to conferences. ~First Hackers News To Continue reading this article, click on this link >>> https://lnkd.in/g2J_UFwU #talos #cybercampaign #threatactor #sneakychef #sugargh0st #malware #attackers #cyberdefense #cyberattack #cybersecurity #fhn #firsthackersnews #informationsecurity #latestnews

GoldenJackal, a cyber threat actor, has been targeting embassies and government organizations, particularly aiming to breach air-gapped systems with custom malware delivered via infected USB drives. Victims include a South Asian embassy in Belarus and an E.U. government body. Using tools like JackalWorm and GoldenDealer, the group exfiltrates data from high-security networks, showcasing a sophisticated understanding of network segmentation and persistence in targeting isolated systems. https://lnkd.in/eNZ_M-Xt

Russia-linked Vermin hackers target Ukraine with new malware strain. Key takeaways: 1. Using deceptive tactics, the pro-Russian hacker group Vermin is using imagery related to Ukraine's recent offensive to distribute malware, heightening concerns over cyber warfare. It is believed to act on behalf of the Kremlin, indicative of state-sponsored cyber attacks escalating in geopolitical unrest. 2. Vermin has deployed the previously known Spectr spyware and a new malware called Firmachagent, showcasing an evolving offensive strategy against Ukraine. Given Spectr's past use in spying on Ukraine's defense, this signals a potentially increased interest in state secrets. 3. Amid false news reports and disinformation campaigns targeting the beleaguered region, the role of cyberattacks in influencing political narratives becomes evident—highlighting the necessity of robust cyber defenses in preserving information integrity and national security. Learn more by visiting The Record from Recorded Future News: https://lnkd.in/dVqzsmCT

A new report from Mandiant revealed the increasing cyber threats faced by Mexico, with a complex mix of global espionage and local cybercrime targeting both users and enterprises. As the world’s 12th largest economy, Mexico is an attractive target for cyber actors from nations like China, North Korea, and Russia, as well as financially motivated cybercriminals. Since 2020, cyber espionage groups from over 10 nations have been detected attempting to infiltrate Mexican organizations. Among these, actors linked to the People’s Republic of China (PRC), North Korea, and Russia have been the most active, with China accounting for a third of government-backed phishing activity. Chinese actors are particularly focused on Mexico’s government agencies, education institutions, and news organizations, mirroring similar targeting patterns seen in regions where China has significant investments. https://lnkd.in/e8M_R_7m

Iranian National Charged for Multi-Year Hacking Campaign Targeting U.S. Defense Contractors and Private Sector Companies. Defendant Conducted Cyberattacks While Employed by Iranian Company that Purported to Provide Cybersecurity Services. "The Justice Department unsealed an indictment charging an Iranian national with involvement in a cyber-enabled campaign to compromise U.S. governmental and private entities, including the U.S. Departments of the Treasury and State, defense contractors, and two New York-based companies. According to court documents, from at least in or about 2016 through in or about April 2021, Alireza Shafie Nasab, 39, of Iran, and other co-conspirators were members of a hacking organization that participated in a coordinated multi-year campaign to conduct and attempt to conduct computer intrusions. These intrusions targeted more than a dozen U.S. companies and the U.S. Departments of the Treasury and State. Nasab remains at large." https://lnkd.in/e32M5_nn

According to Reuters: The Biden administration on Thursday announced plans to ban the sale of antivirus software made by Russia's Kaspersky Lab in the United States, with Commerce Secretary Gina Raimondo saying that Russia's influence over the company poses a significant security risk. "Russia has shown it has the capacity and ... the intent to exploit Russian companies like Kaspersky to collect and weaponize the personal information of Americans and that is why we are compelled to take the action that we are taking today," Raimondo said on a briefing call with reporters. May I ask, do any serious companies rely on russian anti-virus systems? Well knowing that most attacks come from russian state funded hacker groups.... #security #IT #cyber #antivirus #stoprussia #Ukraine #US Source: https://lnkd.in/d47MJQVg

Google's Threat Analysis Group (TAG) has reported that an Iranian state-sponsored hacking group, Charming Kitten, has targeted the 2024 US presidential campaigns of Donald Trump, Joe Biden, and Kamala Harris. The group, also known as APT35, "consistently targets high-profile users in Israel and the US," the TAG writes. Associated with the Islamic Revolutionary Guard Corps, APT35 uses #malware, #phishing websites and #MaliciousLinkRedirects among many other techniques. "Today, TAG continues to observe unsuccessful attempts from APT42 to compromise the personal accounts of individuals affiliated with President Biden, Vice President Harris and former President Trump, including current and former government officials and individuals associated with the campaigns.” More at #Proactive #ProactiveInvestors #TechBytes #CyberSecurity #CyberAttack #DataBreach #ThreatAnalysisGroup #Espionage #IranCampaignHack #CharmingKitten http://ow.ly/nHWm105FzZR

#SmokeLoader, an #infostealer, has been used by threat group UAC-0006 in #SpearPhishing campaigns against Ukrainian government and its finance sector. A collaborative report by Palo Alto Networks Unit 42 and Ukraine dive into geopolitical aspects of cybersecurity. #Malware #Dofoil #Sharik #infostealer #backdoor #Russia