Our rundown of the key ransomware events, attacks, and group activity from February. The FBI has issued an advisory warning that the BlackByte ransomware group has been observed targeting multiple US-based entities, including at least three related to critical infrastructure. Government facilities, alongside organisations in the financial, food and agriculture sectors, are all defined as …
Cyjax analysts have uncovered a large credential harvesting campaign targeting multiple government departments in APAC and EMEA countries. Over 50 hostnames were analysed, many of which were posing as the Ministry of Foreign Affairs, Ministry of Finance, or Ministry of Energy, in various countries such as Uzbekistan, Belarus, and Turkey; as well as the Main …
EMEA and APAC governments targeted in widespread credential harvesting campaign Read More »
In the Americas, US President Joe Biden announced gun control measures following a spate of recent mass shootings. Meanwhile, the US government ruled out a federal vaccine passport scheme as the rollout of coronavirus vaccinations has accelerated. Researchers have uncovered a cpuminer being delivered in malicious traffic targeting the US education sector. This could be …
Geopolitical and Cybersecurity Weekly Brief – 12 April 2021 Read More »
Threat intelligence failure – three words that have been increasingly prevalent in recent years, whether it is Russians paying bounties to the Taliban for the killing of American forces [1]; COVID-19 warnings prior to February 2020 [2]; or an unfortunate million-dollar pay-out after a ransomware attack. Whilst the third in that list may not appear …
COVID-19 Cybersecurity Update The US National Security Agency (NSA) and the UK National Cyber Security Centre (NCSC) have disclosed new information regarding Russian threat group APT29 targeting research organisations worldwide. The group is believed to operate on behalf of the Russian intelligence services. The campaign against organisations participating in coronavirus (COVID-19) vaccine development also targeted …
Geopolitical and Cybersecurity Weekly – 20 July 2020 Read More »
Cyjax researchers have observed a recent malicious spam campaign pushing commodity malware such as the AgentTesla infostealer and AveMaria remote access Trojan (RAT). This campaign caught our attention due to its reliance on Discord, the instant messaging and VoIP application, to host its payloads. The spam emails are sent from spoofed sender addresses and masquerade …
Until recently, the Gulf Cooperation Council (GCC) remained a strong bloc of the six Gulf nations of Bahrain, Kuwait, Oman, Qatar, Saudi Arabia, and the United Arab Emirates (UAE). Since its inception in 1981, it has been regarded as the only effective political and economic alliance in the Arab world. However, on 5 June 2017, …
