Russia's SVR hacking group used malicious domain names designed to seem like they were associated with Amazon Web Services (AWS) in an effort to steal Windows credentials. informatech.co/48pbqVJ

Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors. msft.it/6011W3CGX

We've witnessed a notable tactical evolution in DPRK-affiliated Jumpy Pisces' recent activity: teaming up with established ransomware operation Play. This marks the first documented joint effort of this North Korean state-funded group and a ransom network. bit.ly/3YG0q3g

Report to Congress on Chinese Hacks of U.S. Telecoms | news.usni.org/2024/10/30/rep… USNI News

Defense strikes back! Sophos X-Ops hacked back ("counter-offensive") their China-based 🇨🇳 #APT attackers by installing an implant on the hacked box. Impose cost, attribution matters.

INSANE writeup from Sophos X-Ops. I read it and re-read it a few times when it came out, just to wrap my mind around all of the incredible tradecraft from both attacker and defender. Hats off to the team at Sophos for documenting this so thoroughly. news.sophos.com/en-us/2024/10/…

Microsoft warns that Russia's "Midnight Blizzard" hacking team is using a digitally signed Remote Desktop Protocol (RDP) configuration file in its spear-phishing emails. Heads up: darkreading.com/cyberattacks-d…

Today, the Office of the Director of National Intelligence (Office of the DNI), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (Cybersecurity and Infrastructure Security Agency) released the following statement: fbi.gov/news/press-rel…

China's Volt Typhoon crew and its botnet are back, compromising old Cisco routers once again to break into critical infrastructure networks and kick off cyberattacks, according to security researchers. theregister.com/2024/11/13/chi… The Register

Joint Statement from #FBI and Cybersecurity and Infrastructure Security Agency on the People's Republic of China Targeting of Commercial Telecommunications Infrastructure: fbi.gov/news/press-rel…

Hamas Hackers Spy on Mideast Gov'ts, Disrupt Israel: bit.ly/4eunVRt by Nate Nelson #DRGlobal

Sen. Mark Warner, chairman of the Senate Intelligence Committee, calls Salt Typhoon “worst telecom hack in our nation’s history” The Chinese state-affiliated hackers moved from telco network to another. They listened in real-time to calls. 1/ washingtonpost.com/national-secur…

Sandworm, a group linked to Russian intelligence, has been hacking Ukrainian targets in recent years, but “we’re now seeing that they’re interested in the energy sector across Europe” | politico.eu/article/russia… POLITICOEurope

CyberVolk | A Deep Dive into the Hacktivists, Tools and Ransomware Fueling Pro-Russian Cyber Attacks | sentinelone.com/labs/cybervolk… SentinelLabs

Hundreds of private cybersecurity firms, technology services providers, and universities are helping China's state apparatus develop offensive cyber capabilities to support the country's strategic military, economic, and geopolitical goals. bit.ly/4912m9Q

Threat actors affiliated with the Chinese government have compromised telecom provider networks to conduct a cyber espionage campaign. Network defenders should read new guidance from the #FBI and our partners to harden their systems against this activity: ic3.gov/CSA/2024/24101…

A Russian state-sponsored hacker group, known as Gamaredon, has been targeting Ukrainian-speaking victims in an ongoing cyber-espionage campaign, researchers have found. therecord.media/russian-state-… The Record From Recorded Future News

Radiant links $50 million crypto heist to North Korean hackers | bleepingcomputer.com/news/security/… BleepingComputer

An APT group that Trend Micro tracks as Earth Koshchei (also known as APT29 and Midnight Blizzard), likely used a rogue remote desktop protocol (RDP) attack methodology against numerous targets. trendmicro.com/en_us/research… @TrendMicro

Salt Typhoon scoop —> -Hundreds of orgs notified of possible compromise -Hackers exploited years-old flaws that had patches, but telcos never implemented them -FCC CALEA ruling expected to pass before Trump takes office nextgov.com/cybersecurity/…