2021, Hacking and Information Security - Cyber Security Informer

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

Cyber threat analysts at Silent Push said they recently received reports from a partner organization that identified an aggressive scanning effort against their website using an Internet address previously associated with a campaign by FIN7 , a notorious Russia-based hacking group. co — first came online in February 2023.

Hacking

Hacking Cybercrime Advertising Data breaches

Four REvil Ransomware members sentenced for hacking and money laundering

Security Affairs

OCTOBER 27, 2024

Four former members of the REvil ransomware group were sentenced in Russia for hacking and money laundering, marking a rare case of Russian gang members being convicted in the country. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, REvil ransomware gang )

Ransomware

Ransomware Hacking Malware Cybercrime

Mazda Connect flaws allow to hack some Mazda vehicles

Security Affairs

NOVEMBER 9, 2024

The vulnerabilities impact the Mazda Connect Connectivity Master Unit (CMU) system installed in multiple car models, including the Mazda 3 model year 2014-2021. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Mazda Connect) ” reads the advisory.

Hacking

Hacking Firmware Software Manufacturing

RansomHouse gang claims the hack of the Loretto Hospital in Chicago

Security Affairs

MARCH 10, 2025

Another American hospital falls victim to a ransomware attack; the RansomHouse gang announced the hack of Loretto Hospital in Chicago.” ” The RansomHouse gang announced the hack of Loretto Hospital in Chicago, the groups claims to have stolen 1.5TB of sensitive data. Victims include AMD and Keralty.

Hacking

Hacking Healthcare Backups Ransomware

US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

Security Affairs

JANUARY 4, 2025

. “These incidents have been publicly attributed to Flax Typhoon, a Chinese malicious state-sponsored cyber group that has been active since at least 2021, often targeting organizations within U.S. According to OFAC, between 2022 and 2023, Flax Typhoon hacked U.S. critical infrastructure sectors.“

Cybersecurity

Cybersecurity IoT Hacking Technology

U.S. Authorities recovered $31 Million Related to 2021 Uranium Finance cyber heist

Security Affairs

MARCH 3, 2025

authorities have recovered $31 million in cryptocurrency stolen during the 2021 cyberattacks on Uranium Finance. authorities recovered $31 million in cryptocurrency stolen in 2021 cyberattacks on Uranium Finance, which is a decentralized finance (DeFi) protocol built on Binances BNB Chain.

Cryptocurrency

Cryptocurrency Hacking Cyber Attacks Marketing

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Security Affairs

OCTOBER 12, 2024

Since April 2021, Russian state-sponsored hackers have exploited vulnerabilities, including Zimbra’s CVE-2022-27924 for injecting commands to access credentials and emails, and JetBrains TeamCity’s CVE-2023-42793 for arbitrary code execution through an authentication bypass.

Data collection

Data collection Authentication Hacking Government

Attackers exploited SonicWall SMA appliances since January 2025

Security Affairs

APRIL 19, 2025

Threat actors are actively exploiting a remote code execution flaw in SonicWall Secure Mobile Access (SMA) appliances since January 2025. Arctic Wolf researchers warn that threat actors actively exploit a vulnerability, tracked as CVE-2021-20035 (CVSS score of 7.1), in SonicWall Secure Mobile Access (SMA) since at least January 2025.

Passwords

Passwords VPN Firewall Accountability

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies. T-Mobile confirms it was hacked as part of a long-running cyber espionage campaign targeting Telco companies. and its allies for hacking activities in July. Wall Street Journal reported.

Mobile

Mobile Telecommunications Data breaches Hacking

China admitted its role in Volt Typhoon cyberattacks on U.S. infrastructure

Security Affairs

APRIL 13, 2025

. “During the half-day meeting in Geneva, Wang Lei, a top cyber official with Chinas Ministry of Foreign Affairs, indicated that the infrastructure hacks resulted from the U.S.s “Wang or the other Chinese officials didnt directly state that China was responsible for the hacking, the U.S. ” states the WSJ.

Hacking

Hacking Manufacturing Education Government

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Security Affairs

OCTOBER 23, 2024

The SEC fined Unisys, Avaya, Check Point, and Mimecast for misleading disclosures about the impact of the SolarWinds Orion hack. The US Securities and Exchange Commission (SEC) charged four companies, Unisys, Avaya, Check Point, and Mimecast for misleading public disclosures related to the supply chain attack on SolarWinds.

Hacking

Hacking Risk Cybersecurity Government

Tor Project needs 200 WebTunnel bridges more to bypass Russia’ censorship

Security Affairs

DECEMBER 2, 2024

Russia first blocked Tor in 2021, but at the time the censorship was bypassed via bridges. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, WebTunnel bridges) .” reads the announcement published by Tor Project.

Government

Government Internet Internet Hacking

Experts found multiple flaws in Mercedes-Benz infotainment system

Security Affairs

JANUARY 21, 2025

In May 2019, Security researchers with Tencent Security Keen Lab identified five vulnerabilities , tracked as CVE-2021-23906, CVE-2021-23907, CVE-2021-23908, CVE-2021-23909, and CVE-2021-23910, in the latest infotainment system in Mercedes-Benz cars.

Software

Software Architecture Media Engineering

Moldovan Police arrested a 45-year-old foreign man participating in ransomware attacks on Dutch companies

Security Affairs

MAY 13, 2025

A 45-year-old foreign man has been arrested in Moldova for allegedly participating in ransomware attacks on Dutch companies in 2021. The experts linked the 2021 attack to the ransomware operation DoppelPaymer. The Europol states that in the US, victims payed at least 40 million euros between May 2019 and March 2021.

Ransomware

Ransomware Cybercrime Malware Banking

France links Russian APT28 to attacks on dozen French entities

Security Affairs

APRIL 30, 2025

Since 2021, APT28 has targeted or compromised French ministerial bodies, local governments, DTIB, aerospace, research, think-tanks, and financial entities. “Since 2021, this attack group has been used to target or compromise a dozen French entities. ” reads ANSSI’s report.

Government

Government Phishing DNS VPN

Netgear urges users to upgrade two flaws impacting WiFi router models

Security Affairs

FEBRUARY 4, 2025

Netgear addressed two critical vulnerabilities, internally tracked as PSV-2023-0039 and PSV-2021-0117 , impacting multiple WiFi router models and urged customers to install the latest firmware. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, NETGEAR )

Firmware

Firmware Authentication Hacking Information Security

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

Security Affairs

FEBRUARY 13, 2025

“ Since 2021, Seashell Blizzard’s subgroup has exploited vulnerable infrastructure using scanning tools, evolving TTPs for persistence and lateral movement. This approach allowed covert access, credential theft, and data exfiltration while bypassing traditional security audits.

Telecommunications

Telecommunications DNS Passwords Hacking

Notorious ransomware programmer Mikhail Pavlovich Matveev arrested in Russia

Security Affairs

NOVEMBER 29, 2024

Russian authorities arrested ransomware affiliate Mikhail Matveev, aka Wazawaka, for developing malware and ties to hacking groups. On April 26, 2021, Matveev and his Babuk coconspirators hit the Metropolitan Police Department in Washington, D.C.

Ransomware

Ransomware Healthcare Hacking Malware

Finnish police linked APT31 to the 2021 parliament attack

Security Affairs

MARCH 26, 2024

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to the China-linked group APT31. The Finnish Police attributed the March 2021 attack on the parliament to the China-linked group APT31. According to the police, the offences were committed between autumn 2020 and early 2021.

Hacking

Hacking Government Technology Information Security

Russian Phobos ransomware operator faces cybercrime charges

Security Affairs

NOVEMBER 19, 2024

Evgenii Ptitsyn and others allegedly ran an international hacking scheme since November 2020, deploying Phobos ransomware to extort victims. Affiliates paid fees to administrators like Ptitsyn for decryption keys, with payments routed via unique cryptocurrency wallets from 2021–2024. Attorney Erek L.

Cybercrime

Cybercrime Ransomware Healthcare Education

Analysis of the 2021 Verizon Data Breach Report (DBIR)

Daniel Miessler

MAY 19, 2021

Top actions in breaches were: phishing (social), use of stolen credentials (hacking), other, ransomware (malware), pretexting (social), misconfiguration (error), misdelivery (error), brute force (hacking), C2 (malware), and backdoor (malware). Top three for beginning: hacking, error, and social.

Data breaches

Data breaches Social Engineering Ransomware Phishing

Poland probes Pegasus spyware abuse under the PiS government

Security Affairs

DECEMBER 3, 2024

The news of the hack was reported by the Gazeta Wyborcza daily, and unfortunately, it isn’t the first time that the Pegasus spyware was used in the country. In 2021, the University of Toronto-based Citizen Lab Internet reported that a Polish opposition duo was hacked with NSO spyware.

Spyware

Spyware Government Surveillance Hacking

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

Security Affairs

NOVEMBER 21, 2024

The cybercrime group Scattered Spider is suspected of hacking into hundreds of organizations over the past two years, including Twilio , LastPass , DoorDash , and Mailchimp. Between September 2021 and April 2023, the hackers carried out phishing attacks to steal login credentials from employees of 12 companies and individuals.

Cybercrime

Cybercrime Identity Theft Cryptocurrency Phishing

VMware has yet to fix CVE-2021-22048 flaw in vCenter Server disclosed one year ago

Security Affairs

OCTOBER 11, 2022

VMware has yet to address the CVE-2021-22048 privilege escalation vulnerability in vCenter Server disclosed in November 2021. VMware warns customers that it has yet to address a high-severity privilege escalation vulnerability, tracked as CVE-2021-22048 , in the vCenter Server. Please review KB89027 for more information.”

Authentication

Authentication Hacking Information Security

US authorities have indicted Black Kingdom ransomware admin

Security Affairs

MAY 4, 2025

“According to the indictment, from March 2021 to June 2023, Ahmed and others infected computer networks of several U.S.-based Black Kingdom ransomware was first spotted in late February 2020 by security researcher GrujaRS , the ransomware encrypts files and appends the.DEMON extension to filenames of the encrypted documents.

Ransomware

Ransomware Encryption VPN Malware

China-linked spies target Asian Telcos since at least 2021

Security Affairs

JUNE 20, 2024

A China-linked cyber espionage group has compromised telecom operators in an Asian country since at least 2021. The Symantec Threat Hunter Team reported that an alleged China-linked APT group has infiltrated several telecom operators in a single, unnamed, Asian country at least since 2021.

DNS

DNS Malware Media Encryption

Acer Philippines disclosed a data breach after a third-party vendor hack

Security Affairs

MARCH 13, 2024

Acer Philippines disclosed a data breach after employee data was leaked by a threat actor on a hacking forum. In our commitment to full transparency, we wish to inform you of a recent security incident involving a third-party vendor managing employee attendance data.

Data breaches

Data breaches Computers and Electronics Hacking Cybercrime

FBI deleted China-linked PlugX malware from over 4,200 US computers

Security Affairs

JANUARY 14, 2025

According to court documents , threat actors used the malware to target European shipping firms (2024), European governments (2021-2023), Chinese dissident groups, and Indo-Pacific governments, including Taiwan and Japan. A French law enforcement agency has gained access to the C2 server (45.142.166.112) used to control the malware.

Malware

Malware Government Hacking Cybersecurity

Law enforcement seized the domains of HeartSender cybercrime marketplaces

Security Affairs

FEBRUARY 2, 2025

A joint law enforcement operation led to the seizure of 39 domains tied to a Pakistan-based HeartSender cybercrime group (aka Saim Raza and Manipulators Team) known for selling hacking and fraud tools. By 2021, key members had founded WeCodeSolutions in Lahore, seemingly to legitimize their earnings from HeartSender.

Cybercrime

Cybercrime Advertising Phishing Hacking

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Security Affairs

DECEMBER 17, 2024

The threat actors attempted to exploit multiple vulnerabilities in DVRs, including CVE-2017-7921, CVE-2018-9995 , CVE-2020-25078, CVE-2021-33044 , and CVE-2021-36260. Follow me on Twitter: @securityaffairs and Facebook and Mastodon PierluigiPaganini ( SecurityAffairs hacking,HiatusRAT)

Architecture

Architecture Internet Internet Malware

Chinese threat actors use Quad7 botnet in password-spray attacks

Security Affairs

NOVEMBER 3, 2024

Active since 2021, Storm-0940 gains access through password spraying, brute-force attacks, and exploiting network edge services, targeting sectors like government, law, defense, and NGOs in North America and Europe. . “Organizations can defend against password spraying by building credential hygiene and hardening cloud identities.”

Passwords

Passwords Wireless VPN Accountability

A ransomware attack disrupted services at Pittsburgh Regional Transit

Security Affairs

DECEMBER 26, 2024

In April 2021, China-linked APT breached New York Citys Metropolitan Transportation Authority (MTA) network exploiting a Pulse Secure zero-day. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Pittsburgh Regional Transit)

Ransomware

Ransomware Cyber Attacks Hacking Cybersecurity

South African telecom provider Cell C disclosed a data breach following a cyberattack

Security Affairs

APRIL 13, 2025

RansomHouse is a data extortion group that has been active since Dec 2021. The exposed information consisted of security camera footage of a small number of patients. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Cell C) Victims include AMD and Keralty.

Data breaches

Data breaches Unstructured Data Identity Theft Healthcare

Rhysida Ransomware gang claims to have hacked three more US hospitals

Security Affairs

SEPTEMBER 10, 2023

Recently the Rhysida ransomware group made the headlines because it announced the hack of Prospect Medical Holdings and the theft of sensitive information from the organization. Margaret’s Health announced it is partly closing operations at its hospitals due to a 2021 ransomware attack that impacted its payment system.

Hacking

Hacking Ransomware Healthcare Cyber Attacks

Large-scale AiTM phishing campaign targeted +10,000 orgs since 2021?

Security Affairs

JULY 12, 2022

Microsoft experts believe that the AiTM phishing campaign was used to target more than 10,000 organizations since September 2021. SecurityAffairs – hacking, AiTM phishing). The post Large-scale AiTM phishing campaign targeted +10,000 orgs since 2021? appeared first on Security Affairs. Pierluigi Paganini.

Phishing

Phishing Authentication Social Engineering Passwords

ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One

Security Affairs

SEPTEMBER 30, 2023

Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Motel One ) The post ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One appeared first on Security Affairs. the fashion giant Moncler , the Swissport , NCR , and Western Digital.

Hacking

Hacking Ransomware Manufacturing Media

Snatch ransomware gang claims the hack of the food giant Kraft Heinz

Security Affairs

DECEMBER 15, 2023

The Snatch ransomware group announced it had hacked the food giant Kraft Heinz, the company is investigating the claims. The Snatch ransomware group claims to have hacked Kraft Heinz in August and on December 14, it added the company to the list of victims on its leak site.

Hacking

Hacking Ransomware Computers and Electronics Marketing

Experts warn of a coordinated surge in the exploitation attempts of SSRF vulnerabilities

Security Affairs

MARCH 13, 2025

Authenticated SSRF Attempt (No CVE Assigned; See Right Link) Zimbra Collaboration Suite SSRF Attempt Organizations should promptly patch and secure affected systems, apply mitigations for targeted CVEs, and restrict outbound access to necessary endpoints.

Authentication

Authentication Hacking Software Information Security

U.S. authorities charged an Iranian national for long-running hacking campaign

Security Affairs

MARCH 2, 2024

Department of Justice (DoJ) charged Iranian national Alireza Shafie Nasab (39) for multi-year hacking campaign targeting U.S. According to DoJ, from at least in or about 2016 through or about April 2021, Nasab and other co-conspirators carried out a coordinated multi-year campaign to breach computers worldwide. ” concludes DoJ.

Hacking

Hacking Identity Theft Social Engineering Accountability

China-linked APT UNC3886 exploits VMware zero-day since 2021

Security Affairs

JANUARY 19, 2024

China-linked group UNC3886 has been exploiting vCenter Server zero-day vulnerability CVE-2023-34048 since at least late 2021. Mandiant researchers reported that China-linked APT group UNC3886 has been exploiting vCenter Server zero-day vulnerability CVE-2023-34048 since at least late 2021. ” concludes the report.

Firewall

Firewall Accountability Malware Hacking

New Leak Shows Business Side of China’s APT Menace

Krebs on Security

FEBRUARY 22, 2024

A new data leak that appears to have come from one of China’s top private cybersecurity firms provides a rare glimpse into the commercial side of China’s many state-sponsored hacking groups. In 2021, the Sichuan provincial government named i-SOON as one of “the top 30 information security companies.”

Government

Government Hacking Cyber threats Mobile

Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars

Security Affairs

SEPTEMBER 24, 2023

The Alphv ransomware group claims to have hacked Clarion, the global manufacturer of audio and video equipment for cars and other vehicles. On September 23, the group announced the hack of the company and the theft of sensitive data, including partners’ documents. Clarion Japan is the Japanese subsidiary of Clarion Co.,

Manufacturing

Manufacturing Hacking Data breaches Ransomware

Everest ransomware group’s Tor leak site offline after a defacement

Security Affairs

APRIL 8, 2025

The Tor leak site of the Everest ransomware group went offline after being hacked and defaced over the weekend. The Everest ransomware gangs darknet site went offline after being hacked and defaced, with victim listings replaced by the following message. ” reads the threat actor profile issued by the U.S.

Ransomware

Ransomware Healthcare Hacking Scams

Crazy Evil gang runs over 10 highly specialized social media scams

Security Affairs

FEBRUARY 3, 2025

Since 2021, the Crazy Evil gang has become a major cybercriminal group, using phishing, identity fraud, and malware to steal cryptocurrency. Security experts identified six Crazy Evil’s subteams, called AVLAND, TYPED, DELAND, ZOOMLAND, DEFI, and KEVLAND, which are running targeted scams for specific victim profiles.

Scams

Scams Media Cryptocurrency Cybercrime

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Four REvil Ransomware members sentenced for hacking and money laundering

Trending Sources

Mazda Connect flaws allow to hack some Mazda vehicles

RansomHouse gang claims the hack of the Loretto Hospital in Chicago

US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

U.S. Authorities recovered $31 Million Related to 2021 Uranium Finance cyber heist

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Attackers exploited SonicWall SMA appliances since January 2025

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

China admitted its role in Volt Typhoon cyberattacks on U.S. infrastructure

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Tor Project needs 200 WebTunnel bridges more to bypass Russia’ censorship

Experts found multiple flaws in Mercedes-Benz infotainment system

Moldovan Police arrested a 45-year-old foreign man participating in ransomware attacks on Dutch companies

France links Russian APT28 to attacks on dozen French entities

Netgear urges users to upgrade two flaws impacting WiFi router models

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

Notorious ransomware programmer Mikhail Pavlovich Matveev arrested in Russia

Finnish police linked APT31 to the 2021 parliament attack

Russian Phobos ransomware operator faces cybercrime charges

Analysis of the 2021 Verizon Data Breach Report (DBIR)

Poland probes Pegasus spyware abuse under the PiS government

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

VMware has yet to fix CVE-2021-22048 flaw in vCenter Server disclosed one year ago

US authorities have indicted Black Kingdom ransomware admin

China-linked spies target Asian Telcos since at least 2021

Acer Philippines disclosed a data breach after a third-party vendor hack

FBI deleted China-linked PlugX malware from over 4,200 US computers

Law enforcement seized the domains of HeartSender cybercrime marketplaces

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Chinese threat actors use Quad7 botnet in password-spray attacks

A ransomware attack disrupted services at Pittsburgh Regional Transit

South African telecom provider Cell C disclosed a data breach following a cyberattack

Rhysida Ransomware gang claims to have hacked three more US hospitals

Large-scale AiTM phishing campaign targeted +10,000 orgs since 2021?

ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One

Snatch ransomware gang claims the hack of the food giant Kraft Heinz

Experts warn of a coordinated surge in the exploitation attempts of SSRF vulnerabilities

U.S. authorities charged an Iranian national for long-running hacking campaign

China-linked APT UNC3886 exploits VMware zero-day since 2021

New Leak Shows Business Side of China’s APT Menace

Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars

Everest ransomware group’s Tor leak site offline after a defacement

Crazy Evil gang runs over 10 highly specialized social media scams

Stay Connected