Group Group
DATE | NAME | CATEGORY | SUBCATE | INFO |
|
28.10.24 |
UNC5812 | GROUP | GROUP | Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives |
|
28.10.24 | Crypt Ghouls | GROUP | GROUP | Analysis of the Crypt Ghouls group: continuing the investigation into a series of attacks on Russia |
|
27.10.24 | Water Makara | GROUP | GROUP | Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware |
|
27.10.24 | UAT-5647 | GROUP | APT | UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants |
27.9.24 | Embargo | GROUP | RANSOMWARE | Embargo Ransomware Group Strikes DME Delivers in Cyber Attack |
27.9.24 | DragonForce | GROUP | RANSOMWARE | Inside the Dragon: DragonForce Ransomware Group |
26.9.24 | BlackJack | GROUP | Hacktivist | BlackJack is a hacktivist group that emerged at the end of 2023, targeting companies based in Russia. In their Telegram channel, the group states that it aims to find vulnerabilities in the networks of Russian organizations and government institutions. |
22.9.24 | Marko Polo | GROUP | GROUP | “Marko Polo” Navigates Uncharted Waters With Infostealer Empire |
21.9.24 | TWELVE | GROUP | GROUP | -=TWELVE=- is back |
13.9.24 | DragonRank | GROUP | GROUP | DragonRank, a Chinese-speaking SEO manipulator service provider |
11.9.24 | CosmicBeetle | GROUP | RANSOMWARE | CosmicBeetle steps up: Probation period at RansomHub |
9.9.24 | Unit 29155 | GROUP | Military group | Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure |
5.9.24 | Head Mare | GROUP | GROUP | Head Mare: adventures of a unicorn in Russia and Belarus |
21.8.24 | UTG-Q-010 | GROUP | GROUP | UTG-Q-010: Targeted Attack Campaign Against the AI and Gaming Industry |
21.8.24 | TA453 | GROUP | GROUP | Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset |
15.8.24 | Actor240524 | GROUP | APT | New APT Group Actor240524: A Closer Look at Its Cyber Tactics Against Azerbaijan and Israel |
6.8.24 | Moonstone Sleet | GROUP | GROUP | Stressed Pungsan: DPRK-aligned threat actor leverages npm for initial access |
2.8.24 | GROUP | Cuckoo Spear – the latest Nation-state Threat Actor targeting Japanese companies | ||
27.7.24 | Handala Hacking Team | GROUP | GROUP | Handala Hack: What We Know About the Rising Threat Actor |
27.7.24 | Cuckoo Spear | GROUP | GROUP | Highly sophisticated, well-funded, and strategically motivated nation-state cybersecurity threats are complex and challenging, requiring advanced cybersecurity measures, threat intelligence, and international cooperation. |
26.7.24 | APT45 | GROUP | APT | APT45: North Korea’s Digital Military Machine |
25.7.24 | Patchwork | GROUP | GROUP | The Patchwork group has updated its arsenal, launching attacks for the first time using Brute Ratel C4 and an enhanced version of PGoShell |
24.7.24 | Espionage | Daggerfly: Espionage Group Makes Major Update to Toolset | ||
23.7.24 | VIGORISH VIPER | GROUP | GROUP | GAMBLING IS NO GAME: DNS LINKS BETWEEN CHINESE ORGANIZED CRIME AND SPORTS SPONSORSHIPS |
23.7.24 | FLUXROOT | GROUP | HACKING | A Latin America (LATAM)-based financially motivated actor codenamed FLUXROOT has been observed leveraging Google Cloud serverless projects to orchestrate credential phishing activity, highlighting the abuse of the cloud computing model for malicious purposes. |
23.7.24 | Prolific Puma | GROUP | Ransomware | Play Ransomware Group’s New Linux Variant Targets ESXi, Shows Ties With Prolific Puma |
19.7.24 | UNC5537 | GROUP | GROUP | UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion |
18.7.24 | TAG-100 | GROUP | GROUP | TAG-100 Uses Open-Source Tools in Suspected Global Espionage Campaign, Compromising Two Asia-Pacific Intergovernmental Bodies |
16.7.24 | MuddyWater | GROUP | GROUP | MuddyWater replaces Atera by custom MuddyRot implant in a recent campaign |
16.7.24 | Void Banshee | GROUP | GROUP | CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks |
14.7.24 | CRYSTALRAY | GROUP | GROUP | CRYSTALRAY: Inside the Operations of a Rising Threat Actor Exploiting OSS Tools |
30.6.24 | Unfurling Hemlock | GROUP | GROUP | Unfurling Hemlock: New threat group uses cluster bomb campaign to distribute malware |
30.6.24 | KADOKAWA | GROUP | GROUP | Service Outages on Multiple Websites of the KADOKAWA Gro |
| 27.6.24 | ChamelGang | Group | Gang | ChamelGang & Friends | Cyberespionage Groups Attacking Critical Infrastructure with Ransomware |
| 26.6.24 | FIN9 | GROUP | APT | Inside the DEA Tool Hackers Allegedly Used to Extort Targets |
| 26.6.24 | ExCobalt | GROUP | Cyber Gang | ExCobalt: GoRed, the hidden-tunnel technique |
| 19.6.24 | UNC3886 | GROUP | CAMPAIGN | Cloaked and Covert: Uncovering UNC3886 Espionage Operations |
| 14.6.24 | UNC4899 | GROUP | GROUP | Insights on Cyber Threats Targeting Users and Enterprises in Brazil |
| 11.6.24 | UNC5537 | GROUP | GROUP | UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion |
| 10.6.24 | Sticky Werewolf | GROUP | GROUP | Howling at the Inbox: Sticky Werewolf's Latest Malicious Aviation Attacks |
7.6.24 | GROUP | Ghostwriter is referred as an 'activity set', with various incidents tied together by overlapping behavioral characteristics and personas, rather than as an actor or group in itself. | ||
7.6.24 | Cryptojacking | Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers | ||
3.6.24 | APT | Analysis of APT Attack Cases Using Dora RAT Against Korean Companies (Andariel Group) | ||
31.5.24 | UAC-0006 | Group | Group | UAC-0006 is a financially motivated threat actor that has been active since at least 2013. They primarily target Ukrainian organizations, particularly accountants, with phishing emails containing the SmokeLoader malware. Their goal is to steal credentials and execute unauthorized fund transfers, posing a significant risk to financial systems. |
31.5.24 | FlyingYeti | Group | Group | Cloudforce One is publishing the results of our investigation and real-time effort to detect, deny, degrade, disrupt, and delay threat activity by the Russia-aligned threat actor FlyingYeti during their latest phishing campaign targeting Ukraine. |
30.5.24 | LilacSquid | Group | Group | The stealthy trilogy of PurpleInk, InkBox and InkLoader |
29.5.24 | Moonstone Sleet | Group | APT | Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks |
27.5.24 | Storm-0539 | Group | Group | Navigating cyberthreats and strengthening defenses in the era of AI |
25.5.24 | Group | Space Pirates: analyzing the tools and connections of a new hacker group | ||
25.5.24 | Group | No sleep until the Cybercrime Fighters Club is done with finding the answer as to who is behind this new ransomware-as-a-service affiliate. | ||
24.5.24 | APT | SHARP DRAGON EXPANDS TOWARDS AFRICA AND THE CARIBBEAN | ||
23.5.24 | Group | Deep Dive Into Unfading Sea Haze: A New Threat Actor in the South China Sea | ||
21.5.24 | Void Manticore | Group | Group | BAD KARMA, NO JUSTICE: VOID MANTICORE DESTRUCTIVE ACTIVITIES IN ISRAEL |
21.5.24 | GitCaught | Group | Group | GitCaught: Threat Actor Leverages GitHub Repository for Malicious Infrastructure |
18.5.24 | Kinsing | Group | Hacking | Kinsing Demystified A Comprehensive Technical Guide |
16.5.24 | Storm-1811 | Group | Group | Threat actors misusing Quick Assist in social engineering attacks leading to ransomware |
| 19.4.24 | FIN7 | Group | APT | Threat Group FIN7 Targets the U.S. Automotive Industry |
| 16.4.24 | Muddled Libra | Group | Group | Muddled Libra also uses the legitimate scalability and native functionality of CSP services to create new resources to assist with data exfiltration. All CSPs have terms of service (TOS) policies that explicitly prohibit activities like those performed by Muddled Libra. |
| 12.4.24 | TA547 | Group | Group | Security Brief: TA547 Targets German Organizations with Rhadamanthys Stealer |
11.4.24 | Group | There is no indication that this campaign is linked to any known group; however, we are tracking the threat actors behind it under the moniker Virtual Invaders. | ||
| 9.4.24 | Starry Addax | Group | Group | Starry Addax targets human rights defenders in North Africa with new malware |
| 5.4.24 | UTA0178 | Group | Group | While Volexity largely observed the attacker essentially living off the land, they still deployed a handful of malware files and tools during the course of the incident which primarily consisted of webshells, proxy utilities, and file modifications to allow credential harvesting. |
| 5.4.24 | CoralRaider | Group | Group | CoralRaider targets victims’ data and social media accounts |
| 2.4.24 | Earth Freybug | Group | Group | This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored via a new malware we’ve discovered and dubbed UNAPIMON. |
| 28.3.24 | NARWHAL SPIDER | Group | APT | NARWHAL SPIDER’s operation of Cutwail v2 was limited to country-specific spam campaigns, although late in 2019 there appeared to be an effort to expand by bringing in INDRIK SPIDER as a customer. |
| 27.3.24 | Earth Krahang | Group | APT | Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks |
| 27.3.24 | Earth Lusca | Group | APT | Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections |
| 27.3.24 | BRONZE VINEWOOD | Group | APT | DETAILS ON BRONZE VINEWOOD, IMPLICATED IN TARGETING OF THE U.S. ELECTION CAMPAIGN |
| 26.3.24 | Lord Nemesis Strikes | Group | Hacktivism | “Lord Nemesis Strikes: Supply Chain Attack on the Israeli Academic Sector |
| 26.3.24 | TA450 | Group | APT | Security Brief: TA450 Uses Embedded Links in PDF Attachments in Latest Campaign |
| 24.3.24 | Springtail | Group | APT | Springtail APT group abuses valid certificate of known Korean public entity |
| 24.3.24 | Kimsuky | Group | APT | The Updated APT Playbook: Tales from the Kimsuky threat actor group |
| 22.3.24 | UNC302 | Group | Group | BRONZE SPRING is a threat group that CTU researchers assess with high confidence operates on behalf of China in the theft of intellectual property from defense, engineering, pharmaceutical and technology companies |
| 22.3.24 | UNC3886 | Group | Group | UNC3886 is an advanced cyber espionage group with unique capabilities in how they operate on-network as well as the tools they utilize in their campaigns. UNC3886 has been observed targeting firewall and virtualization technologies which lack EDR support. |
| 22.3.24 | UNC5221 | Group | Group | While Volexity largely observed the attacker essentially living off the land, they still deployed a handful of malware files and tools during the course of the incident which primarily consisted of webshells, proxy utilities, and file modifications to allow credential harvesting. |
20.3.24 | Group | Andariel Group (MeshAgent) is attacking by abusing domestic asset management solutions | ||
18.3.24 | Group | Ongoing ITG05 operations leverage evolving malware arsenal in global campaigns | ||
| 14.3.24 | APT-C-36 | Group | APT | Since April 2018, an APT group (Blind Eagle, APT-C-36) suspected coming from South America carried out continuous targeted attacks against Colombian government institutions as well as important corporations in financial sector, petroleum industry, professional manufacturing, etc. |
| 14.3.24 | DarkCasino | Group | APT | DarkCasino is an economically motivated APT group that targets online trading platforms, including cryptocurrencies, online casinos, network banks, and online credit platforms. They are skilled at stealing passwords to access victims' online accounts and have been active for over a year. DarkCasino exploits vulnerabilities, such as the WinRAR vulnerability CVE-2023-38831, to launch phishing attacks and steal online property. |
| 11.3.24 | BianLian | Group | Ransomware | BianLian is a ransomware developer, deployer, and data extortion cybercriminal group that has targeted organizations in multiple U.S. critical infrastructure sectors since June 2022. |
| 7.3.24 | Evasive Panda | Group | APT | Evasive Panda is an APT group that has been active since at least 2012, conducting cyberespionage targeting individuals, government institutions and organizations. |
| 7.3.24 | TA4903 | Group | Phishing | TA4903: Actor Spoofs U.S. Government, Small Businesses in Phishing, BEC Bids |
| 7.3.24 | 8220 Mining Group | Group | Cryptocurrency | Returned Libra, also known as 8220 Mining Group, is a cloud threat actor group that has been active since at least 2017. Tools commonly employed during their operations are PwnRig or DBUsed which are customized variants of the XMRig Monero mining software. |
| 6.3.24 | GhostSec | Group | Ransomware | GhostSec is a hacktivist group that emerged as an offshoot of Anonymous. They primarily focused on counterterrorism efforts and monitoring online activities associated with terrorism. They gained prominence following the 2015 Charlie Hebdo shooting in Paris and the rise of ISIS. |
| 6.3.24 | UNC1945 | Group | APT | UNC1945 is an APT group that has been targeting telecommunications companies globally. They use Linux-based implants to maintain long-term access in compromised networks. UNC1945 has demonstrated advanced technical abilities, utilizing various tools and techniques to evade detection and move laterally through networks. |
| 6.3.24 | APT32 | Group | APT | Cyber espionage actors, now designated by FireEye as APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists. FireEye assesses that APT32 leverages a unique suite of fully-featured malware, in conjunction with commercially-available tools, to conduct targeted operations that are aligned with Vietnamese state interests. |
| 6.3.24 | Kimsuky | Group | APT | JOINT CYBERSECURITY ADVISORY North Korean Advanced Persistent Threat Focus: Kimsuky |
| 5.3.24 | TA577 | Group | Group | TA577’s Unusual Attack Chain Leads to NTLM Data Theft |
| 2.3.24 | Scattered Spider | Group | Hacking | Scattered Spider, a highly active hacking group, has made headlines by targeting more than 130 organizations, with the number of victims steadily increasing. |
| 2.3.24 | BlackTech | Group | CyberSpy | BlackTech is a cyber espionage group operating against targets in East Asia, particularly Taiwan, and occasionally, Japan and Hong Kong. Based on the mutexes and domain names of some of their C&C servers, BlackTech’s campaigns are likely designed to steal their target’s technology. |
| 2.3.24 | Peach Sandstorm | Group | APT | Our analysis reveals that APT33 is a capable group that has carried out cyber espionage operations since at least 2013. We assess APT33 works at the behest of the Iranian government. |
| 2.3.24 | LightBasin | Group | APT | UNC1945 is an APT group that has been targeting telecommunications companies globally. They use Linux-based implants to maintain long-term access in compromised networks. |
| 1.3.24 | UNC1549 | BigBrother | CyberSpy | When Cats Fly: Suspected Iranian Threat Actor UNC1549 Targets Israeli and Middle East Aerospace and Defense Sectors |
| 1.3.24 | UNC3886 | Group | Group | UNC3886 is an advanced cyber espionage group with unique capabilities in how they operate on-network as well as the tools they utilize in their campaigns. UNC3886 has been observed targeting firewall and virtualization technologies which lack EDR support. |
| 1.3.24 | Tortoiseshell | Group | Group | A previously undocumented attack group is using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supply chain attacks with the end goal of compromising the IT providers’ customers. The group, which we are calling Tortoiseshell, has been active since at least July 2018. |
| 1.3.24 | Bohrium | Group | Group | Bohrium is an Iranian threat actor that has been involved in spear-phishing operations targeting organizations in the US, Middle East, and India. |
| 19.2.24 | TAG-70 | Group | Group | Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign |
6.2.24 | Group | Analysis of TTPs tied to GambleForce, which carried out SQL injection attacks against companies in the APAC region | ||
3.2.24 | COLDRIVER | Group | Group | The Coldriver Group, also known as Callisto and SEABORGIUM, is a threat actor known to attack government organizations, think tanks, and journalists in Europe and the Caucasus regions through spearphishing campaigns. |
3.2.24 | Shuckworm | Group | Group | Shuckworm: Inside Russia’s Relentless Cyber Campaign Against Ukraine |
3.2.24 | LitterDrifter | Group | Group | Malware Spotlight – Into the Trash: Analyzing LitterDrifter |
3.2.24 | UAC-0027 | Group | Group | UAC-0027 Attack Detection: Hackers Target Ukrainian Organizations Using DIRTYMOE (PURPLEFOX) Malware |
2.2.24 | UNC5221 | Group | CyberSpy | UNC5221: Unreported and Undetected WIREFIRE Web Shell Variant |
2.2.24 | Volt Typhoon | Group | Group | [Microsoft] Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering. Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises. |
1.2.24 | UNC4990 | Group | Group | Evolution of UNC4990: Uncovering USB Malware's Hidden Depths |
19.1.24 | COLDRIVER | Group | Group | Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware |