Chinese APT groups compromised networks of telecom providers across Southeast Asia in an effort to harvest customers' sensitive communications, according to Cybereason. As in other Chinese cyberattacks, these APT campaigns exploited flaws in Microsoft Exchange servers.
The new BlackMatter ransomware operation claimed to have incorporated "the best features of DarkSide, REvil and LockBit." Now, a security expert who obtained a BlackMatter decryptor reports that code similarities suggest "that we are dealing with a Darkside rebrand here."
Researchers at the security firm RiskIQ have uncovered about 35 active command-and-control servers connected with an ongoing malware campaign that has been linked to a Russian-speaking attack group known as APT29 or Cozy Bear.
The Biden administration formally accused China's Ministry of State Security of conducting a series of attacks against vulnerable Microsoft Exchange servers earlier this year that affected thousands of organizations. This group is also accused of carrying out ransomware and other cyber operations.
A leak of 50,000 telephone numbers and email addresses led to the "Pegasus Project," a global media consortium's research effort that discovered how Pegasus spyware developed by NSO Group is being used in the wild.
Threat intelligence researchers are looking closely at REvil, the ransomware gang that infected up to 1,500 companies in a single swoop. A look at the group's online infrastructure shows clear lines to Russian and U.K. service providers that, in theory, could help law enforcement agencies but don't appear eager to...
Acting CISA Director Brandon Wales, Rep. Jim Langevin and many others will discuss the government's top priorities in addressing cybersecurity challenges at ISMG's Virtual Cybersecurity Summit: Government, to be held July 13 and 14.
The Kaseya VSA ransomware attack was discussed exhaustively over the Fourth of July holiday weekend. But there's one big question that hasn’t been answered, says Tom Kellermann, head of cybersecurity strategy at VMware Carbon Black: "Who gave REvil the zero-day?"
In a multinational effort led by the Dutch National Police, authorities seized servers and web domains used by DoubleVPN, a Russia-based company that allegedly provided a safe operating infrastructure for cybercriminals, according to Europol.
Deputy national security adviser Anne Neuberger says the White House is preparing to release additional details, including attribution, about the attacks that targeted vulnerable on-premises Microsoft Exchange email servers at government agencies and other organizations earlier this year.
The Department of Justice announced Tuesday that it has seized two domains that were used during a recent phishing campaign that targeted a marketing firm used by the U.S. Agency for International Development - USAID - to send malicious messages to thousands of potential victims.
A Russian group that was behind the massive SolarWinds supply chain attack has returned with a fresh phishing campaign, according to Microsoft. This new campaign compromised a marketing firm used by the U.S. Agency for International Development - USAID - to send malicious messages to thousands.
SolarWinds has uncovered evidence that intruders were in its systems in January 2019, about eight months earlier than originally believed. CEO Sudhakar Ramakrishna says the company discovered the clues by analyzing terabytes of data from its virtual build systems.
He's been a police officer, a Secret Service agent, a CIO and a CISO. And it all comes together. Don Cox, currently a chief technology evangelist at CIBR, discusses his career path and how his police background assists him in leading cybersecurity organizations.