Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Akira ransomware is a destructive malware that has ravaged industries since its discovery in March 2023. The operations have mostly targeted businesses in North America, the UK, and Australia. Akira ransomware’s darkweb site Akira employs a double-extortion tactic; it does not only encrypt the victim's data but also exfiltrates the data, and subsequently threatens to leak it on the internet unless the ransom demand is met.

Advanced cyberattacks by adversaries who maximize the impact using the combination of sophisticated tools and methods are the norm. Some of the most dangerous strategies are integrating supply chain attacks, infostealer malware, and infamous threat actors, including IntelBroker and CyberNiggers. The above-mentioned groups typify the growing landscape of the cyber threat that makes use of collaboration, sophisticated tools, and strategic exploitation of vulnerabilities.

Cybersecurity authorities continuously grapple with the challenges posed by sophisticated cyberattacks. Palo Alto Networks has lately preached a critical denial-of-service (DoS) vulnerability in its PAN-OS software. Tracked as CVE-2024-3393, this critical vulnerability (CVSS score: 8.7) poses serious risks to enterprises relying on PAN-OS and Prisma Access for their cybersecurity infrastructure.

MacOS, often regarded for its robust security measures, has increasingly become a target for sophisticated cyber threats. Among the latest examples is Banshee Stealer, a malware engineered to compromise macOS systems by extracting sensitive user information. Developed by Russian cybercriminals and offered at a premium subscription fee of $3,000 per month, this malware underscores the growing attention of threat actors toward macOS platforms.

Hellcat ransomware emerged in early November 2024 and quickly became a notable threat in the cybersecurity landscape. The group first gained attention on November 6, 2024, when it claimed responsibility for a cyberattack against Schneider Electric. Known for its aggressive tactics and unique ransom demands, Hellcat is already making its mark in the world of ransomware.

Salt Typhoon, a Chinese state-sponsored hacking group, has emerged as one of the most significant cyber threats to U.S. critical infrastructure. Initially identified in 2020, with increased recognition of their activities in 2021, the group has been linked to high-profile cyber espionage campaigns targeting U.S. telecommunications companies.

TellYouThePass ransomware, first seen in 2019, is once again in the spotlight due to its recent activity. This ransomware has been found exploiting critical vulnerabilities in PHP, specifically the CVE-2024-4577 flaw, putting both Windows and Linux systems at risk. The malware uses advanced techniques like web shells and fileless malware to gain entry, highlighting the need for robust cybersecurity measures.

Advanced Persistent Threat (APT) actors have become a significant concern for organizations worldwide, as they pose a substantial threat to sensitive information and critical infrastructure. One such APT actor is the Lazarus Group, also known as Hidden Cobra, which has been active since at least 2009. In this blog, we will delve into the motivation and recent activity of the Lazarus Group, highlighting their tactics, techniques, and procedures (TTPs) and the MITRE ATT&CK techniques they employ.

Storm-0940 is a Chinese advanced persistent threat (APT) group that has operated since at least 2021, although some evidence suggests involvement in earlier incidents. Known for its complex cyber espionage tactics, this group primarily targets government agencies, military organizations, and critical infrastructure to gain intelligence for political and military advantage. Leveraging an arsenal of techniques ranging from spear-phishing to exploiting software vulnerabilities.

APT36, also known as Transparent Tribe, is a well-known cyber espionage group attributed to Pakistan. Active since 2013, this advanced persistent threat (APT) group has focused its efforts primarily on Indian government sectors, including defense, education, and key infrastructure. APT36 has demonstrated consistent sophistication in their tactics, evolving their methods to target a wide array of platforms and systems.