Remove Education Remove Energy and Utilities Remove Tools
article thumbnail

Operation Cronos: law enforcement disrupted the LockBit operation

Security Affairs

Since January 2020, affiliates utilizing LockBit have targeted organizations of diverse sizes spanning critical infrastructure sectors such as financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation. on January 5, 2020.

article thumbnail

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Security Affairs

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The group also relies on customized versions of open-source tools for C2 communications and to stay under the radar.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

FBI obtained 7,000 LockBit decryption keys, victims should contact the feds to get support

Security Affairs

LockBit had a bespoke data exfiltration tool, known as Stealbit, which was used by affiliates to steal victim data. The LockBit ransomware operation operated under a Ransomware-as-a-Service (RaaS) model, recruiting affiliates to carry out ransomware attacks through the utilization of LockBit ransomware tools and infrastructure.

article thumbnail

Iran-linked Mint Sandstorm APT targeted US critical infrastructure

Security Affairs

Mint Sandstorm also used custom tools in selected targets, notably organizations in the energy and transportation sectors. In the last stage of the attack, the subgroup deploys a custom malware variant, such as Drokbk or Soldier instead of using publicly available tools and simple scripts. ” concludes Microsoft.

article thumbnail

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

“As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” APT28 had utilized compromised Ubiquiti EdgeRouters as a command-and-control infrastructure for MASEPIE backdoors. ” reads the joint report.

article thumbnail

Leaked documents from Russian firm NTC Vulkan show Sandworm cyberwarfare arsenal

Security Affairs

Files leaked by Russian IT contractor NTC Vulkan show that Russia-linked Sandworm APT requested it to develop offensive tools. Documents leaked from Russian IT contractor NTC Vulkan show it was likely involved in the development of offensive tools. ” reads the report published by Mandiant. ” concludes the report.

article thumbnail

FBI chief says China is preparing to attack US critical infrastructure

Security Affairs

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The group also relies on customized versions of open-source tools for C2 communications and to stay under the radar.