Thankfully in the security world, I think we've all gotten the hint at this point that we can't just post whatever we want on April 1 of each calendar year and expect people to get the joke.
I've put my guard down so much at this point that I actually did legitimately fall for one April Fool's joke from Nintendo, because I could definitely see a world in which they release a Virtual Boy box for the Switch that would allow you to play virtual reality games.
This group focuses on stealing victims' credentials, financial data, and social media accounts, including business and advertisement accounts.
The actor uses the dead drop technique, abusing a legitimate service to host the C2 configuration file and uncommon living-off-the-land binaries, including Windows Forfiles.
This is a brand new actor that we believe is acting out of Vietnam, traditionally not a country who is associated with high-profile state-sponsored actors.
Threat actors have started shifting toward using LNK files as an initial infection vector after Microsoft disabled macros by default - macros used to be a primary delivery system.
For more on how the info in malicious LNK files can allow defenders to learn more about infection chains, read our previous research here.
AT&T now says that more than 51 million users were affected by a data breach that exposed their personal information on a hacking forum.
The cable, internet and cell service provider has still not said how the information was stolen.
The incident dates back to 2021, when threat actor ShinyHunters initially offered the data for sale for $1 million.
While AT&T initially denied that the data belonged to them, reporters and researchers soon found that the information were related to AT&T and DirecTV accounts.
Another ransomware group claims they've stolen data from United HealthCare, though there is little evidence yet to prove their claim.
Change Health, a subsidiary of United, was recently hit with a massive data breach, pausing millions of dollars of payments to doctors and healthcare facilities to be paused for more than a month.
Now, the ransomware gang RansomHub claims it has 4TB of data, requesting an extortion payment from United, or it says it will start selling the data to the highest bidder 12 days from Monday.
RansomHub claims the stolen information contains the sensitive data of U.S. military personnel and patients, as well as medical records and financial information.
Blackcat initially stated they had stolen the data, but the group quickly deleted the post from their leak site.
A person representing RansomHub told Reuters that a disgruntled affiliate of Blackcat gave the data to RansomHub after a previous planned payment fell through.
Threat actors are using this framework massively and creating botnets with the Supershell implants.
Over the past year, we've observed a substantial uptick in attacks by YoroTrooper, a relatively nascent espionage-oriented threat actor operating against the Commonwealth of Independent Countries since at least 2022.
Asheer Malhotra's presentation at CARO 2024 will provide an overview of their various campaigns detailing the commodity and custom-built malware employed by the actor, their discovery and evolution in tactics.
This Cyber News was published on blog.talosintelligence.com. Publication date: Thu, 11 Apr 2024 18:43:10 +0000