Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

ShrinkLocker is a family of ransomware that encrypts an organisation's data and demands a ransom payment in order to restore access to their files. It was first identified by security researchers in May 2024, after attacks were observed in Mexico, Indonesia, and Jordan.

APT36, also known as Transparent Tribe, is a well-known cyber espionage group attributed to Pakistan. Active since 2013, this advanced persistent threat (APT) group has focused its efforts primarily on Indian government sectors, including defense, education, and key infrastructure. APT36 has demonstrated consistent sophistication in their tactics, evolving their methods to target a wide array of platforms and systems.

Read also: A suspect linked to a $235M WazirX crypto heist arrested, Snowflake hackers indicted in the US, and more.

Researchers at IBM X-Force are tracking a phishing campaign by the criminal threat actor “Hive0145” that’s using stolen invoice notifications to trick users into installing malware. Hive0145 acts as an initial access broker, selling access to compromised organizations to other threat actors who then carry out additional cyberattacks.

With a 168% rise in evasive malware, cyber threats have reached a new level of sophistication. This type of malware employs advanced techniques to evade detection by traditional solutions, which often rely on pre-defined signatures to identify threats. These malicious programs pose a major challenge in cybersecurity by camouflaging themselves within legitimate processes and acting stealthily.

A new report from ESET has found that most nation-state threat actors rely on spear phishing as a primary initial access technique. In the second and third quarters of 2024, state-sponsored APTs from China, Russia, Iran, and North Korea used social engineering attacks to compromise their targets. Iranian threat actors continued conducting cyber espionage against countries across the Middle East, Europe, and the US. They also expanded their targeting to hit financial companies in Africa.

The Kroll Security Operations Center (SOC) has recently detected and remediated a trend of incidents that involved socially engineering a victim into pasting a PowerShell script into the “Run” command window to begin a compromise. These incidents have typically begun with the victim user attempting to find “YouTube to mp3” converters, or similar, then being redirected to the malicious webpages.