As part of their campaign against the West, SiegedSec announced of their successful attack on NATO and leaking some valuable documents. The leak, as the group stated, included hundreds of sensitive documents from NATO’s COI portal, which were meant exclusively for NATO countries and partners. SiegedSec claims that their motive behind the attack is NATO’s alleged infringement on human rights.

The digital landscape has become an integral part of our daily lives. However, with the convenience and connectivity offered by digital platforms comes an increased risk of cyber threats. One such threat that’s gained prominence in recent years is SIM swapping attacks. SIM swapping attacks involve a threat actor fraudulently gaining control over an individual’s mobile phone number. This ultimately allows the attacker to hijack their digital identity.

Mature cybersecurity programs require strategic, operational, and tactical threat intelligence, as well as structured ways to ingest, consume, and act on the relevant threat intel data. To help organizations better achieve these goals, Cyware and Cyberint have established a partnership and out-of-the-box integration.

In recent years, fake job hiring scams have become a common form of social engineering. Threat actors use these scams to steal money, launder money, commit identity theft, or carry out other fraudulent or illegal activities. The motives of threat actors behind fake job hiring scams vary. Some are simply looking to make a quick buck, while others are more interested in stealing personal information or committing identity theft.

The InfoStealer and remote-access-tools (RATs) markets constantly provide us with new products. The Cyberint Research Team discovered a new RAT that is claiming to be the next popular threat against organizations and individuals worldwide. With fairly interesting PR and marketing methods, RevolutionRAT seems to be gaining attention with a growing Telegram community after only a few days of operation.

The ransomware industry has been a prominent player this quarter, causing significant impact and affecting numerous organizations globally. With its widespread threat, the industry has successfully claimed 1386 victims. The industry is feeling increasingly impacted by ransomware as many critical vulnerabilities were discovered this quarter. Additionally, the emergence of new groups, both from the end of 2022 and during this quarter, has contributed to the industry’s growth.

Following our research regarding the abuse of Malvertising using Malicious Ads, Cyberint has uncovered a new strain of mobile banking malware. This malware is being distributed on third-party APK sites and is disguised as advertisements for popular messaging applications like KIK and Viber. Our Cyberint team has conducted an analysis of the malware’s source code. Based on our findings, it appears that the campaign is primarily targeting Asia.

For the past five years the notorious RaidForums had been one, if not the main pillar of the cybercriminals industry, serving many purposes, but the main activity of this forum was exclusively leaked databases. Towards the end of February, RaidForums was seized by the authorities and officially closed on April 12 by the FBI and its main owner was arrested.

Google’s recent introduction of ZIP top-level domain (TLD) addresses, although well intentioned has ignited a heated debate surrounding the potential cybersecurity risks associated with these domains. On the one hand, the move could make it easier for users to share and download files. For example, a website with the domain name “myfiles.zip” would be easier to remember than a long, complex string of numbers and letters.

As the cybercrime industry continues to provide us with new Malware as a Service (MaaS) products, we have become used to seeing the operators advertising and developing the panels underground. Over the past year, an allegedly legitimate software company named Venom Control Software emerged, offering a Remote-Access-Tool (RAT) for “hackers and pen-testers”.