Document, Hacking and Security Intelligence

North Korea-linked APT Emerald Sleet is using a new tactic

Security Affairs

FEBRUARY 12, 2025

Recently, researchers from AhnLab Security Intelligence Center (ASEC) observed North Koreas Kimsuky APT group conducting spear-phishing attacks to deliver forceCopy info-stealer malware. LNK shortcut files, disguised as Office documents.

Phishing

Phishing Malware Security Intelligence Hacking

North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials

The Hacker News

FEBRUARY 6, 2025

The North Korea-linked nation-state hacking group known as Kimsuky has been observed conducting spear-phishing attacks to deliver an information stealer malware named forceCopy, according to new findings from the AhnLab Security Intelligence Center (ASEC).

Malware

Malware Phishing Security Intelligence Hacking

Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan

Security Affairs

APRIL 21, 2025

While investigating a security breach, the AhnLab SEcurity intelligence Center (ASEC) researchers discovered a North Korea-linked group Kimsuky ‘s campaign, tracked as Larva-24005. LNK shortcut files, disguised as Office documents. The state-sponsored hackers sent spear-phishing messages to distribute malicious *.LNK

Phishing

Phishing Malware Security Intelligence Hacking

Kimsuky APT group used custom RDP Wrapper version and forceCopy stealer

Security Affairs

FEBRUARY 8, 2025

Researchers from AhnLab Security Intelligence Center (ASEC) observed North Korea’s Kimsuky APT group conducting spear-phishing attacks to deliver forceCopy info-stealer malware. LNK shortcut files, disguised as Office documents. ” concludes the report. Users should also keep their systems and applications updated.

Phishing

Phishing Malware Security Intelligence Hacking

Microsoft warns of “massive campaign” using COVID-19 themed emails

Security Affairs

MAY 22, 2020

Experts from the Microsoft Security Intelligence team provided some details on a new “massive campaign” using COVID-19 themed emails. Researchers from the Microsoft Security Intelligence team provided some details on a new massive phishing campaign using COVID-19 themed emails. macros in malware campaigns.

Security Intelligence

Security Intelligence Advertising Phishing Malware

STRRAT RAT spreads masquerading as ransomware

Security Affairs

MAY 20, 2021

Microsoft Security Intelligence researchers uncovered a malware campaign that is spreading a remote access trojan (RAT) tracked as STRRAT. pic.twitter.com/mGow2sJupN — Microsoft Security Intelligence (@MsftSecIntel) May 19, 2021. STRRAT RAT was first spotted in June 2020 by G DATA who documented its features.

Ransomware

Ransomware Malware Encryption Security Intelligence

SEO poisoning campaign aims at delivering RAT, Microsoft warns

Security Affairs

JUNE 14, 2021

Microsoft 365 Defender data shows that the SEO poisoning technique is effective, given that Microsoft Defender Antivirus has detected and blocked thousands of these PDF documents in numerous environments. — Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021. SecurityAffairs – hacking, seo poisoning).

Antivirus

Antivirus Security Intelligence Malware Insurance

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information , resumes, financial documents, or scanned documents. pic.twitter.com/POppQ51uMX — Microsoft Security Intelligence (@MsftSecIntel) September 22, 2020.

Government

Government Banking Advertising Malware

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Security Affairs

SEPTEMBER 24, 2020

pic.twitter.com/POppQ51uMX — Microsoft Security Intelligence (@MsftSecIntel) September 22, 2020. Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information , resumes, financial documents, or scanned documents.

Malware

Malware Passwords Advertising Ransomware

Emotet botnet surges back after months of absence

Security Affairs

JULY 18, 2020

Emotet is considered by security experts as one of the most active botnet of 2019, “Today, Emotet suddenly surged back to life with reply-chain, shipping, payment, and invoice spam that deliver malicious Word documents spreadsheets.” SecurityAffairs – hacking, botnet). ” states BleepingComputer.

Advertising

Advertising Malware Banking Security Intelligence

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Security Affairs

FEBRUARY 2, 2020

pic.twitter.com/mcRyEBUmQH — Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020. TA505 hacking group has been active since 2014 focusing on Retail and banking sectors. pic.twitter.com/1qnx3NmwiB — Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020.

Malware

Malware Security Intelligence Banking Phishing

SHARING INTEL: Here’s why it has become so vital to prioritize the security-proofing of APIs

The Last Watchdog

NOVEMBER 30, 2021

API hacking escapades. Over the past couple of years, good-guy researchers and malicious hackers alike have steadily scaled up their hacking activities to flush them out. Over the past couple of years, good-guy researchers and malicious hackers alike have steadily scaled up their hacking activities to flush them out.

Big data

Big data Digital transformation Accountability Hacking

Microsoft warns of spam campaign exploiting CVE-2017-11882 flaw

Security Affairs

JUNE 10, 2019

Spam messages are carrying weaponized RTF documents that could infect users with malware without any user interaction, just opening the RTF documents. pic.twitter.com/Ac6dYG9vvw — Microsoft Security Intelligence (@MsftSecIntel) June 7, 2019. Windows Defender ATP detects the documents as Exploit:O97M/CVE-2017-11882.AD

Security Intelligence

Security Intelligence Advertising Malware Information Security

Iran-linked APT groups continue to evolve

Security Affairs

NOVEMBER 17, 2021

Over the past year, Microsoft Threat Intelligence Center (MSTIC) has observed an evolution of the tools, techniques, and procedures employed by Iranian nation-state actors. Learn more from this blog summarizing these trends, as presented at #CyberWarCon : [link] — Microsoft Security Intelligence (@MsftSecIntel) November 16, 2021.

VPN

VPN Accountability Social Engineering Media

Trickbot is the most prolific malware operation using COVID-19 themed lures

Security Affairs

APRIL 18, 2020

This week’s campaign uses several hundreds of unique macro-laced document attachments in emails that pose as message from a non-profit offering free COVID-19 test. pic.twitter.com/V2JcZg2kjt — Microsoft Security Intelligence (@MsftSecIntel) April 17, 2020.

Malware

Malware Advertising Security Intelligence Phishing

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

Security Affairs

MAY 15, 2022

Microsoft Security Intelligence team Microsoft reported that a new variant of the Sysrv botnet, tracked as Sysrv-K, now includes exploits for vulnerabilities in the Spring Framework and WordPress. — Microsoft Security Intelligence (@MsftSecIntel) May 13, 2022. SecurityAffairs – hacking, Sysrv botnet).

Security Intelligence

Security Intelligence Malware Backups Architecture

Microsoft warns of attacks delivering FlawedAmmyy RAT directly in memory

Security Affairs

JUNE 24, 2019

The macro included in the documents executes the legitimate msiexec.exe tool that downloads an MSI archive. pic.twitter.com/PQ2g7rvDQm — Microsoft Security Intelligence (@MsftSecIntel) June 21, 2019. — Microsoft Security Intelligence (@MsftSecIntel) June 21, 2019.

Security Intelligence

Security Intelligence Advertising Malware Banking

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Across the years, the researchers found analyzed multiple backdoors and hacking tools composing the arsenal of the cyberespionage group. Researchers at company firm Symantec reportedly linked the CIA hacking tools to a number of cyber attacks launched in recent years by a threat actor the company identified as the Longhorn group.

Malware

Malware Hacking Government Telecommunications

Threat actor has been targeting the aviation industry since at least 2018

Security Affairs

SEPTEMBER 18, 2021

Our researchers are closely monitoring the campaign and will share additional info and investigation guidance through Microsoft 365 security center and Microsoft Threat Experts. — Microsoft Security Intelligence (@MsftSecIntel) May 11, 2021. SecurityAffairs – hacking, malware). Pierluigi Paganini.

Malware

Malware Phishing DNS Cybercrime

Cybersecurity Checklist for Political Campaigns

Lenny Zeltser

MAY 3, 2019

To understand the basis for these recommendations, read the documents mentioned at the end of the post. Attackers stole sensitive documents. Adversaries have routinely pursued sensitive campaign documents. Consider when to send attachments and when to share links to documents in cloud storage. campaigns from around 2016.

Cybersecurity

Cybersecurity Social Engineering Authentication Software

Why Focusing on Container Runtimes Is the Most Critical Piece of Security for EKS Workloads?

Security Affairs

MARCH 19, 2021

According to its documentation , Kubernetes comes with load balancing features that help to distribute high network traffic and keep the deployment stable. For more information about other aspects of Amazon EKS security, click here. About the Author: David Bisson is an information security writer and security junkie.

Information Security

Information Security Security Intelligence Hacking Accountability

5 Components of the Kubernetes Control Plane that Demand Special Attention in Your Security Strategy

Security Affairs

OCTOBER 30, 2020

It will then provide recommendations on how organizations can secure each of these components. Per Kubernetes’ documentation , kube-apiserver is the front end for the Kubernetes control plane. For information on how to secure that part of a Kubernetes cluster, click here. SecurityAffairs – hacking, Kubernetes).

Advertising

Advertising Internet Internet Backups

Australian Govt agency ACSC warns of Emotet and BlueKeep attacks

Security Affairs

NOVEMBER 11, 2019

” Recently, researchers warned of the first mass-hacking campaign exploiting the BlueKeep exploit , the attack aimed at installing a cryptocurrency miner on the infected systems. Read our latest blog w/ assist from @GossiTheDog & @MalwareTechBlog [link] — Microsoft Security Intelligence (@MsftSecIntel) November 7, 2019.

Small Business

Small Business Malware Cryptocurrency Advertising

7 Insights About Managing Cyber Risk You Can’t Afford To Miss

Jane Frankland

AUGUST 18, 2020

Whilst this is concerning, when talking to executives outside of security, like I did on a recent masterclass with Nowcomm , it’s vital they understand of the following: 1. These days, hacking as a service is cheap. Security intelligence comes with a high pay off. All attacks are not sophisticated. INSIGHT #3.

Cyber Risk

Cyber Risk Risk Cybersecurity Technology

Episode 157: Do we need an FDA for Software? Also: operationalizing Threat Intelligence

The Security Ledger

AUGUST 16, 2019

In our second segment, we’re joined by Allan Thomson who is the Chief Technology Officer at LookingGlass Cyber Solutions to talk about the growing use of cyber threat intelligence and the need to evolve cybersecurity practices to. Does Threat Intelligence make you Smarter? But what is security intelligence really?

Firmware

Firmware Software Internet Internet

Keeper vs LastPass (2024 Comparison): Which Is Right for You?

eSecurity Planet

JUNE 14, 2024

Dark web monitoring: Tracks your email addresses and notifies you if they’re hacked on the dark web. Businesses focusing on security may find LastPass unsuitable due to its breach history and lack of secret management. Its extensive documentation for implementation guarantees sufficient self-service assistance choices.

Password Management

Password Management Passwords Authentication Accountability

Microsoft disrupts SEABORGIUM ’s ongoing phishing operations

Security Affairs

AUGUST 15, 2022

Microsoft disrupted a hacking operation linked conducted by Russia-linked APT SEABORGIUM aimed at NATO countries. Microsoft has disrupted activity by SEABORGIUM, a Russia-based actor launching persistent phishing, credential and data theft, intrusions, and hack-and-leak campaigns tied to espionage. SecurityAffairs – hacking, NATO).

Phishing

Phishing Accountability Hacking Surveillance

Emotet operators are running Halloween-themed campaigns

Security Affairs

OCTOBER 31, 2020

Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information , resumes, financial documents, or scanned documents. doc) attachments or include links to download the bait document. SecurityAffairs – hacking, Emotet).

Banking

Banking Malware Security Intelligence Advertising

Lawmakers Probe Early Release of Top RU Cybercrook

Krebs on Security

MARCH 15, 2022

Aleksei Burkov , a cybercriminal who long operated two of Russia’s most exclusive underground hacking forums, was arrested in 2015 by Israeli authorities. government went to secure Burkov’s arrest.” The motion to seal these and other documents related to the pleading was made by U.S. received anything in return.

Cybercrime

Cybercrime Government Hacking Security Intelligence

Cyber Security Informer

North Korea-linked APT Emerald Sleet is using a new tactic

North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials

Trending Sources

Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan

Kimsuky APT group used custom RDP Wrapper version and forceCopy stealer

Microsoft warns of “massive campaign” using COVID-19 themed emails

STRRAT RAT spreads masquerading as ransomware

SEO poisoning campaign aims at delivering RAT, Microsoft warns

CISA alert warns of Emotet attacks on US govt entities

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Emotet botnet surges back after months of absence

Microsoft warns TA505 changed tactic in an ongoing malware campaign

SHARING INTEL: Here’s why it has become so vital to prioritize the security-proofing of APIs

Microsoft warns of spam campaign exploiting CVE-2017-11882 flaw

Iran-linked APT groups continue to evolve

Trickbot is the most prolific malware operation using COVID-19 themed lures

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

Microsoft warns of attacks delivering FlawedAmmyy RAT directly in memory

Purple Lambert, a new malware of CIA-linked Lambert APT group

Threat actor has been targeting the aviation industry since at least 2018

Cybersecurity Checklist for Political Campaigns

Why Focusing on Container Runtimes Is the Most Critical Piece of Security for EKS Workloads?

5 Components of the Kubernetes Control Plane that Demand Special Attention in Your Security Strategy

Australian Govt agency ACSC warns of Emotet and BlueKeep attacks

7 Insights About Managing Cyber Risk You Can’t Afford To Miss

Episode 157: Do we need an FDA for Software? Also: operationalizing Threat Intelligence

Keeper vs LastPass (2024 Comparison): Which Is Right for You?

Microsoft disrupts SEABORGIUM ’s ongoing phishing operations

Emotet operators are running Halloween-themed campaigns

Lawmakers Probe Early Release of Top RU Cybercrook

Stay Connected