June 16 – #TimisoaraHackerTeam Analysis TLP: Clear
Category: Commentaries and Analyses
Google claims it caught China government hackers redhanded breaking into hundreds of networks around the world
Frank Bajak and AP report: Suspected state-backed Chinese hackers used a security hole in a popular email security appliance to break into the networks of hundreds of public and private sector organizations globally, nearly a third of them government agencies including foreign ministries, the cybersecurity firm Mandiant said Thursday. “This is the broadest cyber espionage…
Court unseals long-awaited election security reports
Analysis by Tim Starks with research by David DiMolfetta: A long-awaited report on the cybersecurity vulnerabilities of election machines in Georgia was finally released alongside another report on Wednesday, but the two sides of a long-running dispute over the security of the state’s election machines can’t agree on what conclusions to draw. The first report — by University…
Understanding Ransomware Threat Actors: LockBit
Alert Code AA23-165A CISA has posted an advisory on LockBit. SUMMARY In 2022, LockBit was the most deployed ransomware variant across the world and continues to be prolific in 2023. Since January 2020, affiliates using LockBit have attacked organizations of varying sizes across an array of critical infrastructure sectors, including financial services, food and agriculture,…
The “reincarnation” of BreachForums: A cyberdrama in three acts
BreachForums has been reincarnated. But as with all things related to BreachForums, its reincarnation has been accompanied by all kinds of drama. Act 1: The Prequel: Arrest and Chaos Act 1. Scene 1. BreachForums’s owner is arrested in New York. The arrest was made on March 15, but first hit the news on March 17….
CloudSEK report says hackers don’t have access to CoWin’s backend database
Ayushman Kuman reports: A day after a Telegram bot provided access to the personal information of individuals who had reportedly registered for vaccination through the government’s CoWIN portal, an independent analysis by CloudSEK has shown that the threat actors do not have access to the entire portal or the backend database. CloudSEK is a Singapore-based…