ALERTS OPERATION
HOME APT BOTNET CAMPAIGN CRIME CRYPTOCURRENCY EXPLOIT HACKING GROUP OPERATION PHISHING RANSOM SPAM VIRUS VULNEREBILITY
DATE | NAME | CATEGORY | SUBCATE | INFO |
|
1.11.24 | HeptaX Cyberattack Operations | ALERTS | OPERATION | A researcher recently identified a multi-stage cyberattack targeting the healthcare industry, initiated through a ZIP file containing a malicious shortcut (.lnk) file, likely spread via phishing emails. When executed, the LNK file runs a PowerShell command that downloads additional payloads including scripts and BAT files from a remote server. These scripts create a new administrative user account and alter RDP settings to reduce authentication requirements, allowing attackers to gain remote access for further malicious actions such as data theft and malware installation. |
| 14.6.24 | Operation Celestial Force | ALERTS | OPERATION | A new malicious campaign dubbed 'Operation Celestial Force' has been reported by the researchers from Cisco Talos. The campaign has been active since at least 2018 and targeting Indian organizations from the defense, government and technology sectors. According to the published research, 'Operation Celestial Force' has been attributed to the threat group known as Cosmic Leopard. The attackers have been leveraging Android malware variant - GravityRAT as well as Electron-based Windows loader called HeavyLift. The attacks carried out by this APT group have been managed by a standalone custom tool called GravityAdmin, that centralizes execution of malicious actions on the compromised systems. |
| 8.4.24 | Operation HamsaUpdate | ALERTS | Operation | Operation HamsaUpdate is a recently identified campaign targeting Israeli customers using F5’s network devices. The attackers have been reported to leverage wiper malware targeting Windows servers (variant called Hatef) as well as Linux platform (variant called Hamsa). |