A recently emerged threat actor dubbed Dark Pink is updating its custom tool set in a bid to evade detection while expanding its operations to new Southeast Asian targets. Threat intel firm Group-IB counts 13 total victims of Dark Pink, which first became active in mid-2021.
Digital rights organizations detected Pegasus spyware on the devices of members of Armenian civil society during the outbreak of armed conflict over a disputed region in the South Caucasus region. Access Now called the infections the first known instance of Pegasus spyware use during war.
A suspected cyberespionage group that has been active since 2020 has targeted government and diplomatic entities in the Middle East and South Asia using a malware tool set capable of controlling victims' machines and exfiltrating system data and credentials.
The BlueNoroff hacker group, which is associated with the North Korean military's Reconnaissance General Bureau, is using RustBucket malware to target macOS systems of users primarily in the United States and Asia - a tactic observed for the first time since the group began its operations.
China's cybersecurity agency on Sunday banned sales of U.S. chipmaker Micron's products following a cybersecurity review. The decision is the latest in an escalating series of national security-driven moves by Beijing and Washington, D.C., to restrict the market access of their trans-Pacific rival.
Taiwan was buffeted during April by a three-day surge in malicious emails that increased to four times the usual amount, a reflection of increased tensions in the Taiwan Strait, say threat analysts. Following the wave, Trellix observed a 15-fold increase in PlugX infections.
The LockBit ransomware group on Tuesday published 1.5 terabytes of data the group says it stole from Bank Syariah Indonesia after ransom negotiations broke down. The group says the records include information of about 15 million customers and employees of the country's largest Islamic bank.
Security researchers say a new Babuk knockoff ransomware group emerged in April and has already claimed targets in the United States and South Korea. Threat intelligence company Cisco Talos says RA Group is the latest criminal group to take advantage of the June 2021 leak of Babuk source code.
Toyota on Friday disclosed that it exposed online for a decade car location data belonging to more than two million Japanese customers. The data by itself cannot be used to identify individual car owners, the carmaker said. Also exposed: video taken outside the vehicle with an onboard recorder.
A possibly Russian state hacking group has been deploying a novel backdoor dubbed DownEx against international governmental targets located in Kazakhstan and Afghanistan, reports Bitdefender. At least one victim appears to be an embassy located in Kazakhstan.
The LockBit 3.0 ransomware group on Monday leaked 600 gigabytes of critical data stolen from Indian lender Fullerton India two weeks after the group demanded a $3 million ransom from the company. The stolen data includes "loan agreements with individuals and legal companies."
Social media giant Meta took down hundreds of fake Facebook and Instagram accounts used by South Asia advanced persistent threat groups to glean sensitive information and coax users into installing malware. It found activity by threat actors affiliated with India and Pakistan.
An Indian court convicted 11 people for their roles in the North Korean heist of $13.5 million in 2018 from Pune-based Cosmos Cooperative Bank. The United Nations attributed the thefts to North Korea, which uses criminal activity, including financially motivated hacking, to obtain hard currency.
A suspected Pakistan espionage threat actor that relies on phishing emails is expanding to the education sector after years of focusing on the Indian military and government. Security researchers from SentinelLabs say Transparent Tribe is using malicious documents laced with Crimson RAT malware.
Cisco Talos on Wednesday identified four arbitrary code execution flaws in the Ichitaro word processor. The maker of the word processor, JustSystems, said it has not confirmed any attacks exploiting the vulnerabilities and also said it has issued fixes for the flaws.