Groups - Information Management Today

Black Basta ransomware gang hit BT Group

Security Affairs

DECEMBER 4, 2024

BT Group (formerly British Telecom)’s Conferencing division shut down some of its servers following a Black Basta ransomware attack. British multinational telecommunications holding company BT Group (formerly British Telecom) announced it has shut down some of its servers following a Black Basta ransomware attack.

Ransomware

Ransomware Blockchain Insurance Data breaches

Russia-linked espionage group UNC5812 targets Ukraine’s military with malware

Security Affairs

OCTOBER 29, 2024

Suspected Russia-linked espionage group UNC5812 targets Ukraine’s military with Windows and Android malware via Telegram. Google TAG and Mandiant observed a Russia-linked group, tracked as UNC5812, targeting Ukraine’s military with Windows and Android malware via the Telegram channel “ Civil Defense.”

Military

Military IT Security Information Security

Cloak ransomware group hacked the Virginia Attorney General’s Office

Security Affairs

MARCH 24, 2025

The Cloak ransomware group claims responsibility for a cyberattack on the Virginia Attorney Generals Office that occurred in February. The ransomware group Cloak has claimed responsibility for a February cyberattack on the Virginia Attorney General Office. The Virginia Attorney Generals Office did not share details about the attack.

Ransomware

Ransomware Manufacturing Paper Archiving

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

8Base ransomware group hacked Croatia’s Port of Rijeka

Security Affairs

DECEMBER 7, 2024

The 8Base ransomware group attacked Croatia’s Port of Rijeka, stealing sensitive data, including contracts and accounting info. A cyber attack hit the Port of Rijeka in Croatia, the 8Base ransomware group claimed responsibility for the security breach. The Port of Rijeka (Luka Rijeka d.d.),

Ransomware

Ransomware Personal data Security IT

ABCs of Data Normalization for B2B Marketers

Advertiser: ZoomInfo

At its core, data normalization is the process of creating context within your marketing database by grouping similar values into one common value. Well, marketers rely on this grouping to reach their goals. Why is this so essential?

Marketing

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Security Affairs

OCTOBER 12, 2024

cyber agencies warn that Russia-linked group APT29 is targeting vulnerable Zimbra and JetBrains TeamCity servers on a large scale. The government agencies warn that the Russian APT29 group has the capability and intent to exploit more CVEs for initial access, remote code execution, and privilege escalation. cyber agencies warned.

Data collection

Data collection Authentication Access Cybersecurity

Two ransomware groups abuse Microsoft’s Office 365 platform to gain access to target organizations

Security Affairs

JANUARY 22, 2025

Two ransomware groups exploiting Microsoft 365 services and default settings to target internal enterprise users. Sophos states that the STAC5777’s TTPs overlap with the group Storm-1811 first spotted by Microsoft. The group shares TTPs with the threat actor Storm-1811. ” reads the advisory published by Sophos.

Ransomware

Ransomware Access e-Discovery Phishing

Hacktivist group Twelve is back and targets Russian entities

Security Affairs

SEPTEMBER 22, 2024

Hacktivist group Twelve is back and targets Russian entities to destroy critical assets and disrupt their operations. The hacktivist group Twelve has been active since at least April 2023, it was formed in the wake of the conflict between Russia and Ukraine. However, the motivation behind Twelve’s operations is the hacktivism.

Encryption

Encryption Personal data Ransomware Access

Ransomware groups target Veeam Backup & Replication bug

Security Affairs

JULY 15, 2024

Multiple ransomware groups were spotted exploiting a vulnerability, tracked as CVE-2023-27532, in Veeam Backup & Replication. Akira, a Ransomware-as-a-Service (RaaS), has been used by Storm-1567 (aka Punk Spider and GOLD SAHARA), which is a group that has been active since 2023. The vulnerability CVE-2023-275327 (CVSS score of 7.5)

Ransomware

Ransomware Encryption Access Security

Partner Webinar: A Framework for Building Data Mesh Architecture

Speaker: Jeremiah Morrow, Nicolò Bidotti, and Achille Barbieri

In this webinar, learn how Enel Group worked with Agile Lab to implement Dremio as a data mesh solution for providing broad access to a unified view of their data, and how they use that architecture to enable a multitude of use cases. Leveraging Dremio for data governance and multi-cloud with Arrow Flight.

Government

The Mad Liberator ransomware group uses social-engineering techniques

Security Affairs

AUGUST 18, 2024

New cybercrime group Mad Liberator is targeting AnyDesk users and runs a fake Microsoft Windows update screen to conceal data exfiltrating. The Sophos X-Ops Incident Response team warned that a new ransomware group called Mad Liberator is exploiting the remote-access application Anydesk for their attacks.

Ransomware

Ransomware Access Encryption IT

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

JUNE 15, 2024

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. man arrested was a SIM-swapper who went by the alias “ Tyler.”

Phishing

Phishing Passwords Authentication Encryption

Russia-linked group APT29 likely breached TeamViewer’s corporate network

Security Affairs

JUNE 30, 2024

Russia-linked APT group, reportedly APT29, is suspected to be behind a hack of TeamViewer ‘s corporate network. The popular Ars Technica reporter Dan Goodin reported that an alert issued by security firm NCC Group reports a “significant compromise of the TeamViewer remote access and support platform by an APT group.”

Access

Access Security IT Information Security

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Krebs on Security

SEPTEMBER 18, 2024

Scammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased. One of the many scam funeral group pages on Facebook. One of many look-alike landing pages for video streaming services linked to scam Facebook funeral groups. For example, there is watchliveon24[.]com.playehq4ks[.]com

Passwords

Passwords Mining IT Marketing

Zero Trust Mandate: The Realities, Requirements and Roadmap

and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc.,

Cybersecurity

Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware

Security Affairs

AUGUST 7, 2024

The Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware and offers alleged stolen data for 25 BTC. The Rhysida Ransomware group claims to have breached Bayhealth Hospital and added the hospital to the list of victims on its Tor leak site. The Rhysida ransomware group has been active since May 2023.

Ransomware

Ransomware Manufacturing Libraries Education

Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums

Security Affairs

JULY 18, 2024

The cybercrime group FIN7 is advertising a security evasion tool in multiple underground forums, cybersecurity company SentinelOne warns. SentinelOne researchers warn that the financially motivated group FIN7 is using multiple pseudonyms to advertise a security evasion tool in several criminal underground forums.

Ransomware

Ransomware Cybersecurity Sales Security

China-linked APT group uses new Macma macOS backdoor version

Security Affairs

JULY 24, 2024

China-linked APT group Daggerfly (aka Evasive Panda, Bronze Highland) Evasive Panda has been spotted using an updated version of the macOS backdoor Macma. NGO based in China, which indicates the group also engages in internal espionage. This highlights the group’s ongoing evolution in cyber espionage tactics.

Libraries

Libraries IT Information Security Security

China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems

Security Affairs

OCTOBER 6, 2024

China-linked APT group Salt Typhoon breached U.S. China-linked APT group Salt Typhoon (also known as FamousSparrow and GhostEmperor ) breached U.S. This group was publicly called out by the U.S. broadband providers, potentially accessing systems for lawful wiretapping and other data.

Government

Government Access Risk Security

Best Practices for Modern Records Management and Retention

Speaker: Sean Baird, Director of Product Marketing at Nuxeo

In this webinar, we will: Examine the pitfalls that prevent groups from failing to meet company and regulatory expectations. He will highlight real-world successes and analyze the key strategies and technologies that help organizations find balance.

Records Management

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

Security Affairs

APRIL 15, 2024

The Ukrainian hacking group Blackjack used a destructive ICS malware dubbed Fuxnet in attacks against Russian infrastructure. The Blackjack group is believed to be affiliated with Ukrainian intelligence services that carried out other attacks against Russian targets, including an internet provider and a military infrastructure.

IoT

IoT Access Communications Military

Russian nationals plead guilty to participating in the LockBit ransomware group

Security Affairs

JULY 19, 2024

Two Russian nationals pleaded guilty to participating in the LockBit ransomware group and carrying out attacks against victims worldwide. The LockBit ransomware operation has been active since January 2020, the group hit over 2,500 victims across 120 countries, including 1,800 in the U.S.

Ransomware

Ransomware Encryption Government Access

Russia-linked APT29 reused iOS and Chrome exploits previously developed by NSO Group and Intellexa

Security Affairs

AUGUST 29, 2024

Russia-linked APT29 group was spotted reusing iOS and Chrome exploits previously developed by surveillance firms NSO Group and Intellexa. Google TAG (Threat Analysis Group) researchers observed the Russia-linked group APT29 (aka SVR group , BlueBravo , Cozy Bear , Nobelium , Midnight Blizzard , and The Dukes ).

Government

Government Encryption Authentication Risk

Researchers uncovered new infrastructure linked to the cybercrime group FIN7

Security Affairs

AUGUST 19, 2024

Team Cymru, Silent Push and Stark Industries Solutions researchers uncovered a new infrastructure linked to the cybercrime group FIN7. Researchers from Team Cymru identified two clusters potentially linked to the cybercrime group FIN7.

Communications

Communications Cloud Cybersecurity Security

A Page From an Information Professional’s Book of Secrets: The Right Time to Deploy Your AI

Speaker: Dick Stark and Casey Steenport

Decision-makers have been experimenting with Artificial Intelligence in smaller groups and have started adopting AI into mainstream environments in their organizations. The big buzz is around Artificial Intelligence, and how it can help information management and IT service delivery teams crush their goals.

Artificial Intelligence

Pro-Russia group Vermin targets Ukraine with a new malware family

Security Affairs

AUGUST 21, 2024

The Computer Emergency Response Team of Ukraine (CERT-UA) warned of new phishing attacks, carried out by the Vermin group, distributing a malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign conducted by the Vermin group that distributed malware.

Phishing

Phishing Archiving IT Information Security

Iran-linked group APT33 adds new Tickler malware to its arsenal

Security Affairs

AUGUST 28, 2024

Iran-linked group APT33 used new Tickler malware in attacks against organizations in the government, defense, satellite, oil and gas sectors. The APT group conducted a cyber espionage campaign between April and July 2024 and used Microsoft’s Azure infrastructure for C2 infrastructure.

IT

IT Education File names Passwords

Blackbasta group claims to have hacked Atlas, one of the largest US oil distributors

Security Affairs

MAY 21, 2024

The Blackbasta extortion group claims to have hacked Atlas, one of the largest national distributors of fuel in the United States. The Blackbasta extortion group added the company to the list of victims on its Tor leak site, as the researcher Dominic Alvieri reported.

Ransomware

Ransomware Phishing Access IT

FBI and CISA update a joint advisory on the BlackSuit Ransomware group

Security Affairs

AUGUST 8, 2024

FBI and CISA published a joint advisory on the BlackSuit Ransomware group, the document provides TTPs and IOCs as recently as July 2024. CISA, in collaboration with the FBI, has published a joint advisory on the BlackSuit Ransomware group. The group uses SharpShares and SoftPerfect NetWorx to map out victim networks.

Ransomware

Ransomware Communications Manufacturing Phishing

How to Package and Price Embedded Analytics

Just by embedding analytics, application owners can charge 24% more for their product. How much value could you add? This framework explains how application enhancements can extend your product offerings. Brought to you by Logi Analytics.

Analytics

Black Basta Ransomware Group Retools for Strategic Attacks

Data Breach Today

NOVEMBER 25, 2024

Social Engineering Moves Mirror Nation-State Groups' Tactics, Researchers Say The Black Basta ransomware group has been refining its social engineering tactics to amass more victims despite escalating law enforcement disruptions, together with a shift to more "strategic, long-term planning" that security experts said suggests Russian state ties.

Ransomware

Ransomware Security IT

BlackByte Ransomware group targets recently patched VMware ESXi flaw CVE-2024-37085

Security Affairs

AUGUST 28, 2024

Cisco Talos observed the BlackByte ransomware group exploiting the recently patched security flaw CVE-2024-37085 in VMware ESXi hypervisors in recent attacks. Recent investigations by Talos IR have revealed that the BlackByte ransomware group is using a victim’s existing remote access rather than tools like AnyDesk.

Ransomware

Ransomware Authentication Encryption Access

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

Security Affairs

SEPTEMBER 26, 2024

The cyber campaign is attributed to the China-linked APT group Salt Typhoon, which is also known as FamousSparrow and GhostEmperor. Chris Krebs from SentinelOne suggested that the group behind Salt Typhoon may be affiliated with China’s Ministry of State Security, specifically the APT40 group, which specializes in intelligence collection.

IoT

IoT Cybersecurity Government IT

Two Sudanese nationals indicted for operating the Anonymous Sudan group

Security Affairs

OCTOBER 17, 2024

The group’s victims include ChatGPT , Telegram , Microsoft , X , the Department of Justice, the Department of Defense, the FBI, the State Department, Cedars-Sinai Medical Center in Los Angeles, and government websites for the state of Alabama.

Government

Government Cloud Cybersecurity IT

US Gov sanctioned key members of the Cyber Army of Russia Reborn hacktivists group

Security Affairs

JULY 23, 2024

The United States sanctioned Russian hacktivists Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, members of the Russian hacktivist group Cyber Army of Russia Reborn (CARR), for their roles in cyber operations against U.S. The US authorities identified Pankratova as the group leader, while Degtyarenko is a primary hacker.

Government

Government IT Information Security Security

Awaken Likho APT group targets Russian government with a new implant

Security Affairs

OCTOBER 9, 2024

A recent investigation by Kaspersky researchers into the APT group Awaken Likho (aka Core Werewolf and PseudoGamaredon) uncovered a new campaign from June to August 2024, showing a shift from UltraVNC to the MeshCentral platform for remote access. Experts believe the group remains active and is enhancing its operations with new implants.

Government

Government Archiving Phishing Access

US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

Security Affairs

JANUARY 4, 2025

Treasury Department sanctioned Chinese cybersecurity firm Integrity Tech for its involvement in attacks attributed to the Flax Typhoon group. Treasury sanctioned a Chinese cybersecurity firm, Integrity Tech, for links to cyberattacks by Chinas state-backed Flax Typhoon APT group (also called Ethereal Panda or RedJuliett).

Cybersecurity

Cybersecurity IoT Risk IT

Iran and China-linked actors used ChatGPT for preparing attacks

Security Affairs

OCTOBER 11, 2024

One of these groups is CyberAv3ngers , which is a threat actor linked to the Iranian Iranian Islamic Revolutionary Guard Corps (IRGC). In the past, the group targeted industrial control systems at water utilities in Ireland and the U.S. The company uncovered the activities of three threat actors abusing ChatGPT to launch cyberattacks.

Phishing

Phishing Passwords Security IT

The Mask APT is back after 10 years of silence

Security Affairs

DECEMBER 18, 2024

Kaspersky researchers linked a new wave of cyber attacks to the cyber espionage group tracked as The Mask. Kaspersky researchers linked several targeted attacks to a cyber espionage group known as The Mask. The APT group targeted an organization in Latin America in 2019 and 2022.

Government

Government IT Access Information Security

A group linked to RansomHub operation employs EDR-killing tool EDRKillShifter

Security Affairs

AUGUST 15, 2024

A cybercrime group linked to the RansomHub ransomware was spotted using a new tool designed to kill EDR software. Sophos reports that a cybercrime group, likely linked to the RansomHub ransomware operation, has been observed using a new EDR-killing utility that can terminate endpoint detection and response software on compromised systems.

Ransomware

Ransomware Encryption Passwords Communications

Esperts found new DoNot Team APT group’s Android malware

Security Affairs

JANUARY 20, 2025

CYFIRMA researchers linked a recently discovered Android malware to the Indian APT group known as DoNot Team. The DoNot APT group has been observed misusing the OneSignal platform, which typically provides tools for sending push notifications, in-app messages, emails, and SMS widely used in mobile and web applications.

Military

Military Access Phishing Cybersecurity

Hunters International gang claims the theft of 1.4 TB of data allegedly stolen from Tata Technologies

Security Affairs

MARCH 5, 2025

Ransomware group Hunters International claims to have hacked Tata Technologies, threatening to leak 1.4 The Hunters International ransomware group claimed to have breached the Indian multinational technology company Tata Technologies, a Tata Motors subsidiary. The group claims the theft of 1.4 TB of stolen data.

Ransomware

Ransomware Manufacturing IT Security

Fake Out: Babuk2 Ransomware Group Claims Bogus Victims

Data Breach Today

MARCH 21, 2025

A ransomware group reusing the Babuk ransomware brand claims to have stolen data from the likes of Amazon, Delta and US Bank. What Do You Mean, Hospital-Targeting Sociopath Ransomware Wielders Continue to Lie?

Ransomware

Ransomware Security IT

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Security Affairs

JANUARY 15, 2025

A previously unknown threat actor named Belsen Group published configuration files and VPN passwords for over 15,000 Fortinet FortiGate appliances. And the biggest surprise: All this sensitive and crucial data is absolutely FREE, offered to you as a gift from the Belsen Group.” “2025 will be a fortunate year for the world.

Passwords

Passwords Security IT Data breaches

Black Basta ransomware gang hit BT Group

Russia-linked espionage group UNC5812 targets Ukraine’s military with malware

Webinars

Trending Sources

Cloak ransomware group hacked the Virginia Attorney General’s Office

Webinars

8Base ransomware group hacked Croatia’s Port of Rijeka

ABCs of Data Normalization for B2B Marketers

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Two ransomware groups abuse Microsoft’s Office 365 platform to gain access to target organizations

Hacktivist group Twelve is back and targets Russian entities

Ransomware groups target Veeam Backup & Replication bug

Partner Webinar: A Framework for Building Data Mesh Architecture

The Mad Liberator ransomware group uses social-engineering techniques

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Russia-linked group APT29 likely breached TeamViewer’s corporate network

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Zero Trust Mandate: The Realities, Requirements and Roadmap

Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware

Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums

China-linked APT group uses new Macma macOS backdoor version

China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems

Best Practices for Modern Records Management and Retention

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

Russian nationals plead guilty to participating in the LockBit ransomware group

Russia-linked APT29 reused iOS and Chrome exploits previously developed by NSO Group and Intellexa

Researchers uncovered new infrastructure linked to the cybercrime group FIN7

A Page From an Information Professional’s Book of Secrets: The Right Time to Deploy Your AI

Pro-Russia group Vermin targets Ukraine with a new malware family

Iran-linked group APT33 adds new Tickler malware to its arsenal

Blackbasta group claims to have hacked Atlas, one of the largest US oil distributors

FBI and CISA update a joint advisory on the BlackSuit Ransomware group

How to Package and Price Embedded Analytics

Black Basta Ransomware Group Retools for Strategic Attacks

BlackByte Ransomware group targets recently patched VMware ESXi flaw CVE-2024-37085

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

Two Sudanese nationals indicted for operating the Anonymous Sudan group

US Gov sanctioned key members of the Cyber Army of Russia Reborn hacktivists group

Awaken Likho APT group targets Russian government with a new implant

US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

Iran and China-linked actors used ChatGPT for preparing attacks

The Mask APT is back after 10 years of silence

A group linked to RansomHub operation employs EDR-killing tool EDRKillShifter

Esperts found new DoNot Team APT group’s Android malware

Hunters International gang claims the theft of 1.4 TB of data allegedly stolen from Tata Technologies

Fake Out: Babuk2 Ransomware Group Claims Bogus Victims

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Stay Connected