State-Sponsored
BadPilot network hacking campaign fuels Russian SandWorm attacks
A subgroup of the Russian state-sponsored hacking group APT44, also known as ‘Seashell Blizzard’ and ‘Sandworm’, has been targeting critical organizations and governments in a multi-year campaign dubbed ‘BadPilot.’ The threat actor has been active since at least 2021 and is also responsible for breaching networks of organizations in energy, oil and gas, telecommunications, shipping, and […]
Google says hackers abuse Gemini AI to empower their attacks
Multiple state-sponsored groups are experimenting with the AI-powered Gemini assistant from Google to increase productivity and to conduct research on potential infrastructure for attacks or for reconnaissance on targets. Google’s Threat Intelligence Group (GTIG) detected government-linked advanced persistent threat (APT) groups using Gemini primarily for productivity gains rather than to develop or conduct novel AI-enabled cyberattacks that can […]
North Korean govt hackers linked to Play ransomware attack
The North Korean state-sponsored hacking group tracked as ‘Andariel’ has been linked to the Play ransomware operation, using the RaaS to work behind the scenes and evade sanctions. A report from Palo Alto Networks and its Unit 42 researchers claims that Andariel might be either an affiliate of Play or acting as an initial access broker […]
Dutch Police: ‘State actor’ likely behind recent data breach
The national Dutch police (Politie) says that a state actor was likely behind the data breach it detected last week. The attack compromised police office contact details, names, email addresses, phone numbers, and in some cases, private details. According to the original report, the attacker had hacked a police account and stole work-related contact details of […]
Hackers now use AppDomain Injection to drop CobaltStrike beacons
A wave of attacks that started in July 2024 rely on a less common technique called AppDomain Manager Injection, which can weaponize any Microsoft .NET application on Windows. The technique has been around since 2017, and multiple proof-of-concept apps have been released over the years. However, it is typically used in red team engagements and seldomly observed in […]