We track the ongoing activities of more than 900 advanced threat actors; you can find our quarterly overviews here, here and here. Here we try to focus on what we consider to be the most interesting trends and developments of the last 12 months. This is based on our visibility in the threat landscape; and it’s important to note that no single vendor ha

DeathStalker is a threat actor who has been active starting 2012 at least, and we exposed most of his past activities in a previous article, as well as during a GREAT Ideas conference in August 2020. The actor draught our attention in 2018, because of distinctive attacks characteristics that did not fit the usual cybercrime or state-sponsored activities, mak

ESET’s security researchers have discovered yet another piece of malware that Russian cyber-espionage group Turla has been using in its attacks.Active since at least 2006 and also referred to as Belugasturgeon, KRYPTON, Snake, Venomous Bear, and Waterbug, Turla was recently observed targeting a European government with a cocktail of backdoors.Dubbed Crutch,

Threat actors are targeting an Oracle WebLogic flaw patched last month in an attempt to install a piece of malware named DarkIRC on vulnerable systems.Tracked as CVE-2020-14882 and leading to code execution, the vulnerability was addressed in the October 2020 Critical Patch Update (CPU). The first attacks targeting it were observed roughly one week after and

Changes in the education system have been brewing for a long time, with digitalization as the main direction of this transformation. The breakthrough came this year as about 1.5 billion students were unable to attend school due to the COVID-19 pandemic. As a result, educational systems all over the world underwent significant change. Educators were forced to

We present our vision of what challenges industrial cybersecurity will soon be (or already is) facing, and what to expect from cybercriminals in 2021. Random infections Infections will tend to be less random or have non-random follow-ups, as cybercriminals have spent the past several years profiling randomly infected computers that are connected to industri

Threat actors are continuously targeting United States think tanks, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warn.This persistent malicious activity, the two agencies say, mostly targets individuals and organizations that are connected to international affairs or which focus on national securit

Cybercriminals have been observed targeting a recently disclosed vulnerability in the GO SMS Pro messaging application to steal user data.The issue, Trustwave revealed a couple of weeks ago, is that users’ media messages are stored insecurely on a publicly accessible server, exposing them to unauthenticated attackers.Whenever a user attempts to send a media

Online learning solutions provider K12 Inc., which recently announced changing its name to Stride Inc., said on Monday that it had decided to pay a ransom to cybercriminals who managed to breach its systems and deploy a piece of ransomware.The company said it recently detected unauthorized activity on its network. The attackers deployed a piece of ransomware

A North Carolina man was sentenced to 95 months in federal prison for his involvement in multiple cyber and swatting attacks.The man, Timothy Dalton Vaughn, 22, known online under monikers such as “WantedbyFeds” and “Hacker_R_US,” was indicted in early 2019 and pleaded guilty in November 2019.He admitted to sending threats, conveying false information concer

Brazilian airplane maker Embraer on Monday disclosed a cyberattack that, according to some reports, involved ransomware.Embraer manufactures commercial, executive, military, and agricultural aircraft, and its website says the company is the third largest commercial jets maker, with more than 8,000 airplanes delivered to date.In a press release, the company s

School continues to be out for more than 100,000 students in Baltimore County following a ransomware attack on the district’s network.The Baltimore Sun reported Monday that Superintendent Darryl L. Williams said he has no timeline for when school will resume.School officials say an investigation into the attack is ongoing. They are working with state and fed

The technological shift that we have been experiencing for the last few decades is astounding, not least because of its social implications. Every year the online and offline spheres have become more and more connected and are now completely intertwined, leading to online actions having real consequences in the physical realm — both good and bad. One of the

More than fifty networks in the North American region suddenly burst to life after being dormant for a long period of time, Spamhaus reveals.The Geneva-based international nonprofit organization is focused on tracking spam, phishing, malware, and botnets, and provides threat intelligence that can help filter spam and related threats.Last week, the organizati

Banijay, one of the world’s largest media production and distribution companies, last week disclosed a cybersecurity incident that resulted in the theft of sensitive information.A global production giant was created earlier this year when France-based Banijay completed the acquisition of Endemol Shine for $2.2 billion from Disney and private equity group Apo