Live Breaking News & Updates on Eclecticiq Threat Research
Stay updated with breaking news from Eclecticiq threat research. Get real-time updates on events, politics, business, and more. Visit us for reliable news and exclusive interviews.
Threat Actor Update: IRIDUIM Attributed to Prestige Ransomware Campaign A ransomware campaign targeting transportation and logistics organizations in Ukraine and Poland has been attributed to a group called IRIDIUM. The ransomware campaign used a previously unidentified ransomware payload called ‘Prestige’ which was observed deployed on October 11th, 2022. The objective of the campaign was to cause disruption not financial gain. IRIDUIM is a Russia-based actor that overlaps with Sandworm and has been consistently active in Ukraine with IRIDIUM being linked to activity in March 2022 (1). The Ukraine war continues to highlight the increased use of ransomware for non-financial means. Ransomware has been used for non-financial means before (2); however, many ransomware incidents have historically been financially driven. For example, the HermacticRansom malware used in Ukraine is suspected to be a smokescreen for destructive attacks (3). Hacktivist group FRwL has used ransomware during ....
Key Infrastructure and Critical Vulnerabilities: Attack Against Tata Power Highlights Cyber Risk to India’s Growing and Increasingly Connected Population On Friday, October 14, Indian electricity provider Tata reported it was suffering the effects of a cyberattack against its network. (1) In late October, Hive ransomware claimed the attack and began leaking data stolen from Tata Power on its website. (16) This was not the first time Indian power infrastructure was targeted in a cyberattack. So far has been no long-term infrastructure damage, but attacks against vulnerable power infrastructure which are widespread or occur at critical times have the potential to be disruptive to government, commerce, and daily living. Indian authorities blamed malware for a two-hour long power outage also in Mumbai in October 2020, and later indicated they believed the incident to be the result of deliberate action, according to press reports. The investigation uncovered suspicious logins to servers c ....
Several state webpages were intermittently unavailable yesterday, and colorado.gov remains down. Killnet, a politically motivated, pro-Russia hacking group, has claimed credit for the disruptions. ....
Introduction Widespread implementation of decentralized finance (DeFi) systems since 2020 has created new fertile ground for a variety of threat actors to shift the development of cyberattack tactics, techniques, and procedures (TTPs). The number of threat actors participating in DeFi activity has grown substantially over the past two years. Current threat actor activity is incentivized by a broad attack surface represented through high volumes of users and systems, and high potential profits represented through the variety of cryptocurrency offerings. Types of threat actors range from advanced persistent threat (APT) groups and small loosely organized groups of cybercriminals to individual threat actors of varying skills. EclecticIQ Analysts Expect the Number of Threat Actors Attacking Defi Systems Will increase Significantly Through at Least The Next Two Years Despite Any Dips in Cryptocurrency Value Attack volume carried out by individual attackers is expected to grow at the greates ....
Threat Actor Update: Iranian State Sponsored APT Conducts Cyber Espionage and Ransomware Activities EclecticIQ researchers assess MuddyWater is a well-funded, state supported, and skilled adversary group based on the variety of tactics, tools, and targets used by the group which can cause significant damage to both government and enterprises through data theft and ransomware. MuddyWater is the first APT group attributed as a subordinate element to the Iranian Ministry of Intelligence and Security (MOIS) by The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Cyber Command Cyber National Mission Force (CNMF), and the United Kingdom’s National Cyber Security Centre (NCSC-UK). MuddyWater has been observed conducting cyber espionage and other cyber activities targeting telecommunication, defense, government, oil and natural gas in Asia, Europe, and North America since approximately 2018 . The attribution of MuddyWater to MOIS li ....