The Cybersecurity Dossier - Aug 18, 2023

Threat Actor in Focus: APT29 Exploits Duke Malware in Recent NATO Government Espionage Campaign

In a recent observation, a Russian-sponsored Advanced persistent group named APT29 group has recently undertaken cyber espionage against NATO government agencies. APT29 believed to be guided by Russia's Foreign Intelligence Service (SVR), primarily targets governments, political groups, research institutions, and critical sectors such as energy, healthcare, and finance across the U.S. and Europe.?

READ MORE

TRACKING RANSOMWARE – JULY 2023

The CYFIRMA Monthly Ransomware report offers a thorough analysis of ransomware activity in July 2023, covering major attacks, the top ransomware families, geographical distribution, targeted industries, evolution of attacks, new ransomware groups, and evolving trends. Organizations can leverage these insights to enhance their cybersecurity strategies and effectively mitigate ransomware risks.

READ MORE

Stealthy Malicious MSI Loader – Overlapping Technique and Infrastructure with BatLoader

A .msi loader, or MSI (Microsoft Installer) loader, serves as a file utilized for software installations on Windows operating systems. While .msi files are intended for legitimate purposes, they have also become a vehicle for malicious actors to distribute and execute malware on unsuspecting users’ computers. Specifically, we have identified an active and stealthy malicious MSI Loader that demonstrates remarkable proficiency in evading both Virus Total and Windows Defender detection, rendering it highly elusive.

READ MORE

CYFIRMA Industry Report : TELECOMMUNICATIONS & MEDIA

Welcome to CYFIRMA infographic industry report, where we delve into the external threat landscape of the telecommunications and media industries over the past three months. This report provides valuable insights and data-driven statistics, delivering a concise analysis of attack campaigns, phishing telemetry, and ransomware incidents targeting telecommunications and media technology and organizations. The CYFIRMA Industry Report delivers original cybersecurity insights and telemetry-driven statistics of global industries, covering one sector each week for a quarter.

READ MORE

Ransomware of the Week

CYFIRMA Research and Advisory Team has found?Knight?ransomware while monitoring various underground forums as part of our Threat Discovery Process. This ransomware targets the Windows Operating system commonly used by many organizations of various industries.

READ MORE

Trending Malware of the Week

Researchers have discovered a new malware called Gigabud RAT that has a unique characteristic of not initiating any malicious actions until a user is authorized into the malicious application by a fraudster, making it difficult to detect. Unlike using HTML overlay attacks, this malware primarily collects sensitive information by recording the screen.

READ MORE

CYFIRMA is a?threat?discovery?and cyber-intelligence company with the world’s first platform that can deliver predictive cyber-intelligence. We combine cyber-intelligence with attack surface discovery and digital risk protection to deliver early warning, personalized, contextual, outside-in, and multi-layered insights. We have built the next generation of AI-powered threat intelligence platform called External Threat Landscape Management (ETLM) to provide cyber defenders with the hacker’s view to help clients prepare for impending attacks.

SCHEDULE A DEMO?HERE

Visit?www.cyfirma.com

Message sent by CYFIRMA at 6 Raffles Quay, Level 16 S(048580), Singapore, Singapore.