Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Hactivist Group. Show all posts
Telegram
APT Group Cyber Attacks Hactivist Group India Ransomware Telegram

Ransomware Attacks on the Rise! Nearly 2900 Assaults Reported in the First Quarter of 2024

 

The increasing frequency of ransomware attacks is a significant challenge, as seen by the recent rise in APT groups with ties to Pakistan before the Indian elections and the disruption of significant Ransomware-as-a-Service (RaaS) operations.

The Seqrite report states that initial access brokers are selling more access to Indian entities (corporate and government) in the underground forums. This led to over 2900 disruptive actions in the first quarter of 2024 by over 85 Telegram hacktivist groups, including DDoS, website defacement, and database dumps. According to the report, there is one ransomware attack for every 650 detections. 

The most recent findings paint a picture of increasing threats, with sophisticated attacks targeting governments, organisations, and individuals alike. 

The report also highlighted a recent spike in cyberattacks by Pakistan-linked APT groups such as SideCopy and APT36 (Transparent Tribe) targeting not only the Indian government and military bodies, which is especially concerning given the ongoing elections, but also new spear-phishing campaigns such as Operation RusticWeb and FlightNight. 

Another crimeware report by Arete discloses that during Q1, law enforcement continued to put pressure on large Ransomware-as-a-Service (RaaS) companies, significantly impacting LockBit activities. While LockBit and ALPHV's combined activity no longer accounts for the majority of ransomware engagements, Arete saw a much broader and more evenly spread threat landscape, with activity from groups such as 8Base, BianLian, Black Basta, Cactus, DragonForce, Hunters International, HsHarada, Medusa, Phobos, Rhysida, and Trigona.

Furthermore, the trend of fewer organisations paying ransoms persisted, with a ransom paid in 34% of Arete engagements in the first quarter of 2024. Another recent report, Cybernomics 101 by Barracuda, found that 71% of respondents had suffered a ransomware assault in the previous year, with 61% paying the ransom. 

Prevention tips

The researchers believe that backing up critical data is the most effective strategy to recover from a ransomware infestation. There are a few things to consider. Backup files should be appropriately safeguarded and stored offline or out-of-band so that attackers cannot target them. Using cloud services may help alleviate a ransomware outbreak because many retain prior copies of files, allowing you to restore to an unencrypted version. Make careful to test backups on a regular basis to ensure their effectiveness. In the case of an attack, ensure that your backups are not compromised before rolling back. 

Additionally, ensure that all of the organization's operating systems, apps, and software are frequently updated. Applying the most recent updates will help close the security gaps that attackers are attempting to exploit. Wherever possible, enable auto-updates so that you always have the most recent security upgrades.
Read more »
Threat Landscape
Data Breach Data Leak Hactivist Group NATO NATO Breach Threat Landscape

'Gay Furry Hackers' Claim to Have Stolen Nearly 3000 NATO Files

 

NATO is "actively addressing" various IT security breaches after a hacktivist group claimed it accessed some of the military alliance's websites once more, this time acquiring over 3,000 files and 9GB of data. 

When questioned about the suspected intrusion, a NATO official declined to answer specific questions and stated that: "NATO is facing persistent cyber threats and takes cyber security seriously. NATO cyber experts are actively addressing incidents affecting some unclassified NATO websites. Additional cyber security measures have been put in place. There has been no impact on NATO missions, operations and military deployments." 

On Sunday, the SiegedSec team claimed to have broken into six NATO web portals: the alliance's Joint Advanced Distributed Learning e-learning website; the NATO Lessons Learned Portal, from which the gang claimed to have stolen 331 documents; the Logistics Network Portal (588 documents and other files); the Communities of Interest Cooperation Portal (207 documents); and the NATO Standardisation Office (2,116 documents). 

The hacktivists, who call themselves "gay furry hackers," mainly target government organisations whose policies they disagree with and have a tendency for political PR stunts, also shared a link to the allegedly stolen files on their Telegram channel. 

"The astonishing siegedsec hackers have struck NATO once more!!1!!!," the crew wrote, bragging: "NATO: 0. Siegedsec: 2." 

The hacking group is referring to its previous NATO infiltration in July, when it claimed to have stolen material from 31 countries and exposed 845MB of data from the alliance's Communities of Interest (COI) Cooperation Portal. 

Despite the fact that it doesn't include any classified information, this website is used by NATO organisations and member nations. And yes, SiegedSec claims to have broken into one of the portals again towards the end of September.

Threat intelligence firm CloudSEK analysed the exposed material from the previous hack and discovered at least 20 unclassified documents and 8,000 personnel records with names, firms and units, working groups, job titles, business email addresses, home addresses, and images.

To put it another way: essentially everything a spy, would-be identity thief, doxxer, social-engineering campaign coordinator, or plain old troll would want for potential fraud, phishing, espionage, or other types of general havoc.
Read more »
Telegram
Cyber Attacks DDoS Hactivist Group Messaging Apps Telegram

Hackers Attack Telegram With DDoS After Targeting Microsoft and X

 

Anonymous Sudan has launched a distributed denial-of-service (DDoS) attack against Telegram in response to the messaging platform's decision to deactivate its principal account, according to threat intelligence firm SOCRadar. 

Anonymous Sudan, claiming to be a hacktivist group motivated by political and religious concerns, carried out DDoS attacks against organisations in Australia, Denmark, France, Germany, India, Israel, Sweden, and the United Kingdom. 

The group has been active since the beginning of the year, and on January 18, it launched its Telegram channel, proclaiming its intention to undertake cyberattacks against any entity that opposes Sudan. The group's operations began with the targeting of many Swedish websites. 

However, in June, Microsoft 365, Outlook, Microsoft Teams, OneDrive for Business, and SharePoint Online were the targets of a string of disruptive DDoS attacks launched by Anonymous Sudan, which quickly gained attention. Cloud computing platform Azure from Microsoft was also impacted. Microsoft, which records the group as Storm-1359, confirmed DDoS attacks were the cause of the interruption after Anonymous Sudan boasted about the strike on their Telegram channel. 

With the goal of forcing Elon Musk into establishing the Starlink service in Sudan, the organisation launched a disruptive DDoS attack against X (previously Twitter) in late August. The hacktivists' primary Telegram channel has been moved temporarily as a result of the attack on Telegram, which had a different objective than the group's usual targets but yet failed to accomplish its goal. 

Uncertainty around the ban on Telegram has led the threat intelligence company to speculate that it may be connected to recent attacks on X or the use of bot accounts. Current DDoS and defacement operations are being carried out by the Anonymous Sudan group, which may not be based in Sudan and may actually have connections to the Russian hacking collective KillNet, according to previous reports from SOCRadar and Truesec. 

The group doesn't request the support of pro-Islamic organisations, only communicates with Russian hackers, and mostly posts in English and Russian rather than Arabic. The campaigns that have been noticed also have no connection to political issues regarding Sudan. 

The group also doesn't seem to be associated with the original Anonymous Sudan hacktivists, who first showed up in Sudan in 2019, or with Anonymous, the decentralised, anti-political hacktivist movement.
Read more »
Subscribe to: Posts (Atom)