#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

OPSEC | Breaking Cybersecurity News | The Hacker News

Category — OPSEC
University Professors Targeted by North Korean Cyber Espionage Group

University Professors Targeted by North Korean Cyber Espionage Group

Aug 08, 2024 Cyber Attack / Cyber Espionage
The North Korea-linked threat actor known as Kimsuky has been linked to a new set of attacks targeting university staff, researchers, and professors for intelligence gathering purposes. Cybersecurity firm Resilience said it identified the activity in late July 2024 after it observed an operation security (OPSEC) error made by the hackers. Kimsuky, also known by the names APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet, Springtail, and Velvet Chollima, is just one of the myriad offensive cyber teams operating under the direction of the North Korean government and military. It's also very active, often leveraging spear-phishing campaigns as a starting point to deliver an ever-expanding set of custom tools to conduct reconnaissance, pilfer data, and establish persistent remote access to infected hosts. The attacks are also characterized by the use of compromised hosts as staging infrastructure to deploy an obfuscated version of the Green Dinosaur web shell, which is then used
North Korean Nation-State Actors Exposed in JumpCloud Hack After OPSEC Blunder

North Korean Nation-State Actors Exposed in JumpCloud Hack After OPSEC Blunder

Jul 25, 2023 Cyber Threat Intelligence
North Korean nation-state actors affiliated with the Reconnaissance General Bureau (RGB) have been attributed to the  JumpCloud hack  following an operational security (OPSEC) blunder that exposed their actual IP address. Google-owned threat intelligence firm Mandiant attributed the activity to a threat actor it tracks under the name UNC4899, which likely shares overlaps with clusters already being monitored as Jade Sleet and TraderTraitor, a group with a history of striking blockchain and cryptocurrency sectors. UNC4899 also overlaps with  APT43 , another hacking crew associated with the Democratic People's Republic of Korea (DPRK) that was unmasked earlier this March as conducting a series of campaigns to gather intelligence and siphon cryptocurrency from targeted companies. The adversarial collective's modus operandi is characterized by the use of Operational Relay Boxes ( ORBs ) using L2TP IPsec tunnels along with commercial VPN providers to disguise the attacker's
The Secret Weakness Execs Are Overlooking: Non-Human Identities

The Secret Weakness Execs Are Overlooking: Non-Human Identities

Oct 03, 2024Enterprise Security / Cloud Security
For years, securing a company's systems was synonymous with securing its "perimeter." There was what was safe "inside" and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem installations and controlled networks. Data and applications now reside in distributed cloud environments and data centers, accessed by users and devices connecting from anywhere on the planet. The walls have crumbled, and the perimeter has dissolved, opening the door to a new battlefield: identity . Identity is at the center of what the industry has praised as the new gold standard of enterprise security: "zero trust." In this paradigm, explicit trust becomes mandatory for any interactions between systems, and no implicit trust shall subsist. Every access request, regardless of its origin,
Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines

Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines

Mar 18, 2022
A financially motivated threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards. Threat intelligence and incident response firm Mandiant is tracking the cluster under the moniker UNC2891, with some of the group's tactics, techniques, and procedures sharing overlaps with that of another cluster dubbed  UNC1945 . The intrusions staged by the actor involve "a high degree of OPSEC and leverage both public and private malware, utilities, and scripts to remove evidence and hinder response efforts," Mandiant researchers  said  in a new report published this week. Even more concerningly, the attacks spanned several years in some cases, during the entirety of which the actor remained undetected by taking advantage of a rootkit called CAKETAP, whic is designed to c
cyber security

The State of SaaS Security 2024 Report

websiteAppOmniSaaS Security / Data Security
Learn the latest SaaS security trends and discover how to boost your cyber resilience. Get your free…
Expert Insights / Articles Videos
Cybersecurity Resources