30th Jan
Emotet was observed returning after a period of hiatus, with new evasion techniques, allowing it to continue to send malicious spam to victims, as well as steal credentials and email addresses, whilst enabling lateral movement and download further malware. It has been observed being used by Ransomware groups to distribute their ransomware payloads. Malware Emotet returns with new evasion techniques 7th Mar
Hacktivism
Pro-Russian Hacktivist group, Killnet, launched DDoS attacks against US healthcare organisations and public healthcare sectors. This followed claims the group had successfully compromised US Healthcare organisations. The motivation is believed to be the retaliation against countries in support of Ukraine, with DDoS attacks also focused on other NATO countries. Killnet targets NATO countries supporting Ukraine
2nd Feb
Nobelium, aka APT29 and Cozy Bear, targeted European diplomatic missions and systems sharing sensitive political information, aiding the Ukrainian government, and helping Ukrainian citizens flee. This group is affiliated with the Foreign Intelligence Service of the Russian Federation (FVR) and was targeting Polish representatives of the Ministry of Foreign Affairs visiting the US with a spear-phishing campaign compromising the official EU electronic document exchange system, LegisWrite. Surveillance Russian state-sponsored TA targets EU diplomatic entities and systems 14th Mar
Ransomware
Remote Code Injection flaw, CVE- 2023-0669, on exposed administrative consoles of GoAnywhere secure web file transfer solution was shared by Fortra. Reports at the time indicated that it had been actively exploited by threat actors, and later shown to be the case that CL0P ransomware group was using this flaw in a spate of ransomware attacks. GoAnywhere MFT Zero-Day exploited by CL0P
5
Made with FlippingBook - PDF hosting