Executive Summary
KoSpy is a sophisticated Android spyware linked to North Korean threat actor Ricochet Chollima. It has been targeting Korean and English-speaking users since March 2022.
Verticals Targeted: Maritime, Nuclear
Executive Summary
SideWinder, an APT group thought to be of Indian nexus, was recently observed using new TTPs and expanding their targeting to include entities in the maritime and nuclear energy sectors.
Related Families: DragonForce, RansomHub, LockBit
Verticals Targeted: Construction, Real Estate, Financial
Executive Summary
Recent industry reporting highlights the ransomware threats faced by various entities in the Middle East. DragonForce ransomware was recently observed targeting a real estate and construction company in Saudi Arabia. However, this is only the tip of the iceberg, as entities in the Middle East, particularly financial services entities in Saudi Arabia and the UAE, are also being heavily targeted by ransomware.
The recent $1.5 billion hack of Bybit, allegedly orchestrated by the Lazarus Group, has sent shockwaves through the cryptocurrency industry. While this North Korean state-sponsored hacking group has a well-documented history of targeting crypto exchanges, the size of this breach sets a new precedent. Beyond the immediate financial impact, this incident raises serious concerns about how Lazarus will leverage these stolen funds in the future. From within the crypto space to their broader cybercriminal activities.
Related Families: ValleyRAT
Verticals Targeted: Medical
Executive Summary
Chinese threat actor Silver Fox was recently observed targeting medical devices in a sophisticated campaign that delivers multiple malware families, including ValleyRAT.
Verticals Targeted: Manufacturing