Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

November 2024

The Lazarus Group: Unveiling the Motivation and Recent Activity of a Notorious APT Threat Actor

Advanced Persistent Threat (APT) actors have become a significant concern for organizations worldwide, as they pose a substantial threat to sensitive information and critical infrastructure. One such APT actor is the Lazarus Group, also known as Hidden Cobra, which has been active since at least 2009. In this blog, we will delve into the motivation and recent activity of the Lazarus Group, highlighting their tactics, techniques, and procedures (TTPs) and the MITRE ATT&CK techniques they employ.

Inside Storm-0940: Uncovering Tactics of a Prolific Chinese Cyber Espionage Group

Storm-0940 is a Chinese advanced persistent threat (APT) group that has operated since at least 2021, although some evidence suggests involvement in earlier incidents. Known for its complex cyber espionage tactics, this group primarily targets government agencies, military organizations, and critical infrastructure to gain intelligence for political and military advantage. Leveraging an arsenal of techniques ranging from spear-phishing to exploiting software vulnerabilities.

ElizaRAT and Beyond: The Evolution of APT36's Malware Arsenal

APT36, also known as Transparent Tribe, is a well-known cyber espionage group attributed to Pakistan. Active since 2013, this advanced persistent threat (APT) group has focused its efforts primarily on Indian government sectors, including defense, education, and key infrastructure. APT36 has demonstrated consistent sophistication in their tactics, evolving their methods to target a wide array of platforms and systems.

Inside the MOVEit Breach: How Cl0p and Nam3L3ss Expose Organizations to Ongoing Cyber Threats

In 2023, a critical vulnerability in MOVEit Transfer software (CVE-2023-34362) was weaponized by the Cl0p ransomware group, leading to a substantial leak of sensitive employee data from major global corporations. The flaw in MOVEit allowed attackers to bypass authentication and access secure files, resulting in a far-reaching data breach that impacted various sectors including finance, healthcare, government, and retail. Vulnerability Details and Affected Software Nam3L3ss: Profiling Cl0p Ransomware Data.

Nokia Data Breach via Contractor Exposed on the Dark Web: Foresiet Researchers

In recent events, Foresiet researchers identified a significant data leak involving Nokia's internal resources posted on a dark web marketplace. This leak, allegedly stemming from a third-party contractor working closely with Nokia on internal tool development, brings to light both sensitive code repositories and critical access credentials.