Researchers at JAMF warn about North Korean threat actors’ attempts to target prospective victims on LinkedIn to deliver malware called RustDoor (a.k.a. Thiefbucket).
Targeted Attack
Fintech
Cyber Crime
>1
JAMF, North Korea, LinkedIn, RustDoor, Thiefbucket
2
16/09/2024
Between January 2017 and December 2021
Between January 2017 and December 2021
Song Wu
National Aeronautics and Space Administration (NASA), research universities, and private companies in the aerospace field
Song Wu, a Chinese national, is indicted in the U.S. on charges of conducting a “multi-year” spear-phishing campaign to obtain unauthorized access to computer software and source code created by the National Aeronautics and Space Administration (NASA), research universities, and private companies.
Social Engineering
Multiple Industries
Cyber Espionage
US
National Aeronautics and Space Administration, NASA, Song Wu
3
16/09/2024
During March 2017
–
Jia Wei
Unnamed U.S.-based communications company
The U.S. Department of Justice (DoJ) unseals an indictment against Chinese national Jia Wei, a member of the People’s Liberation Army (PLA), for infiltrating an unnamed U.S.-based communications company in March 2017 to steal proprietary information relating to civilian and military communication devices, product development, and testing plans.
Unknown
Information and communication
Cyber Espionage
US
Jia Wei, U.S. Department of Justice, DoJ
4
16/09/2024
During September 2024
During September 2024
IntelBroker
Experience Engine
The threat actor known as IntelBroker claims to have breached the UK-based company Experience Engine, allegedly exposing sensitive data. The hacker is selling the data on an online forum, raising concerns about data security for affected clients and businesses.
Unknown
Administration and support service
Cyber Crime
GB
IntelBroker, Experience Engine
5
16/09/2024
16/09/2024
16/09/2024
?
DeltaPrime
DeltaPrime, a decentralized finance (DeFi) platform, announces that its Arbitrum-based protocol, DeltaPrime Blue, was exploited in a cyber attack that drained approximately $5.98 million.
Compromised Private Key
Fintech
Cyber Crime
PL
DeltaPrime, DeFi, Arbitrum, DeltaPrime Blue
6
16/09/2024
–
–
Everest Team
MCNA Dental
MCNA Dental allegedly suffers a new breach by the Everest Team ransomware group.
Ransomware
Human health and social work
Cyber Crime
US
MCNA Dental, Everest Team, Ransomware
7
16/09/2024
During June 2024
During June 2024
Black Basta
U.S. Dermatology Partners
U.S. Dermatology Partners has allegedly 1.8 TB of files leaked by the Black Basta ransomware operation.
Ransomware
Human health and social work
Cyber Crime
US
U.S. Dermatology Partners, Black Basta, ransomware
8
16/09/2024
During 2024
During 2024
Threat actors from Russia
Audiences in the U.S.
Meta bans RT, Rossiya Segodnya and other Russian state media networks from its platforms, claiming the outlets had used deceptive tactics to carry out covert influence operations online.
Coordinated Inauthentic Behavior
Individual
Cyber Warfare
US
Meta, RT, Rossiya Segodnya, Russia
9
17/09/2024
Since at least 14/09/2024
14/09/2024
?
Organizations in the construction sector
Researchers at Huntress reveal that that threat actors are targeting companies in the construction industry through an accounting software known as Foundation.
Brute-force
Professional, scientific and technical
Cyber Crime
>1
Huntress, Foundation
10
17/09/2024
Since at least June 2024
During June 2024
UNC2970
Organizations in the energy and aerospace verticals
Researchers at Mandiant discover UNC2970, a North Korea-linked cyber-espionage group leveraging job-themed phishing lures to target prospective victims in energy and aerospace verticals and infect them with a previously undocumented backdoor dubbed MISTPEN.
Targeted Attack
Multiple Industries
Cyber Espionage
>1
Mandiant, UNC2970, North Korea, MISTPEN
11
17/09/2024
–
–
Marko Polo
Online gaming personalities, cryptocurrency influencers and technology professionals
Researchers from Recorded Future discover a cybercriminal group operating under the
moniker “Marko Polo,ˮ primarily operating on social media with a sophisticated network of
scams, using information stealer malware to target online gaming personalities, cryptocurrency influencers and technology professionals.
Malware
Multiple Industries
Cyber Crime
>1
Marko Polo, Recorded Future
12
17/09/2024
–
–
?
Undisclosed organization(s) in the U.S.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds four critical Adobe Flash Player vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.
CVE-2013-0643, CVE-2013-0648, CVE-2014-0497, and CVE-2014-0502 vulnerabilities
Unknown
Unknown
US
U.S. Cybersecurity and Infrastructure Security Agency, CISA, Adobe Flash Player, Known Exploited Vulnerabilities, KEV, CVE-2013-0643, CVE-2013-0648, CVE-2014-0497, CVE-2014-0502
13
17/09/2024
14/09/2024
14/09/2024
?
Doctor Web
Russian anti-malware company Doctor Web (Dr.Web) discloses a security breach after its systems were targeted in a cyberattack over the weekend.
Unknown
Professional, scientific and technical
Cyber Crime
RU
Doctor Web, Dr.Web
14
17/09/2024
Late August and early September
Late August and early September
Storm-1516, Storm-1679, Volga Flood (Storm-1841, a.k.a. Rybar)
Audiences in the U.S.
Researchers at Microsoft warn that some Russian groups have used X (formerly Twitter), Telegram and several fake news websites to disseminate controversial and fictitious videos about Kamala Harris.
Researchers at Cofense warn that scammers are using images from Google’s Street View to intimidate internet users with sextortion scams.
Scam
Individual
Cyber Crime
US
Cofense, Google Street View
16
18/09/2024
‘Recently’
‘Recently’
Vanilla Tempest (a.k.a. Vice Society)
Organizations in the Healthcare sector in the U.S.
Researchers at Microsoft observe the financially motivated threat actor tracked as Vanilla Tempest using INC ransomware for the first time to target the healthcare sector in the United States through Remote Desktop Protocol (RDP) and the Windows Management Instrumentation (WMI.)
Researchers at Palo Alto Networks reveal that threat actors with ties to North Korea have been observed using poisoned Python packages as a way to deliver a new malware called PondRAT as part of an ongoing campaign.
Flax Typhoon (a.k.a. Etheral Panda or RedJuliett).
U.S. and Taiwanese entities in the military, government, higher education, telecommunications, defense industrial base and information technology sectors
Researchers at Lumen’s Black Lotus Labs discover a new botnet, named Raptor Train, composed of small office/home office (SOHO) and IoT devices. The researchers believe the botnet is controlled by a China-linked APT group Flax Typhoon.
Flax Typhoon (a.k.a. Etheral Panda or RedJuliett).
Over 2,700 devices in the Netherlands
The National Cyber Security Center (NCSC) in the Netherlands reveal that Chinese threat actors from Flax Typhoon were able to compromise over 2,700 devices in the Netherlands.
>1 (Misconfiguration, Malware)
Multiple Industries
Cyber Espionage
NL
National Cyber Security Center, NCSC, China, Flax Typhoon
20
18/09/2024
Since at least May 2024
During May 2024
Brazilian Portuguese-speaking threat actor
Multiple organizations in Italy
Researchers at Kaspersky discover a previously undocumented malware called SambaSpy, exclusively targeting users in Italy via a phishing campaign orchestrated by a suspected Brazilian Portuguese-speaking threat actor.
Malware
Multiple Industries
Cyber Crime
IT
Kaspersky, SambaSpy
21
18/09/2024
18/09/2024
18/09/2024
?
Multiple accounts on X
An X account hacking spree fuels a successful pump-and-dump scheme for the $HACKED Solana token, with people rushing to buy the coin. Hacked accounts include MoneyControl (1.4 million followers), People Magazine (7.8 million), and even EUinmyRegion (an account operated by the European Commission), with close to 100K followers.
Account Takeover
Multiple Industries
Cyber Crime
>1
X, $HACKED, Solana, MoneyControl, People Magazine, EUinmyRegion, European Commission
22
18/09/2024
During 2024
During 2024
TeamTNT
Multiple organizations
Researchers at Group-IB reveal that the cryptojacking operation known as TeamTNT has likely resurfaced as part of a new campaign targeting Virtual Private Server (VPS) infrastructures based on the CentOS operating system.
Individuals in the U.K., France, Germany, Italy, and Switzerland.
Researchers at Netcraft identify two threat groups utilizing QR code parking scams in the UK and across Europe, including France, Germany, Italy, and Switzerland.
Account Takeover
Individual
Cyber Crime
CH
DE
FR
GB
IT
Netcraft, QR Code
24
18/09/2024
Since early September 2024
Since early September 2024
?
iPhone users in U.K.
The U.K. national fraud and cyber reporting centre operated by law enforcement, Action Fraud, issues a warning for iPhone users after it received more than 1,800 reports of a new Apple ID password-stealing phishing campaign, claiming the iCloud storage is full.
Account Takeover
Individual
Cyber Crime
GB
Action Fraud, iPhone, Apple ID, iCloud
25
18/09/2024
18/09/2024
18/09/2024
?
Ethena Labs
Ethena Labs, the team behind the decentralized synthetic dollar protocol, temporarily deactivates its front end after threat actors compromised its domain registrar account.
Account Takeover
Fintech
Cyber Crime
N/A
Ethena Labs
26
19/09/2024
Since at least July 2024
During July 2024
Earth Baxia
Taiwanese government agencies, the Philippine and Japanese military, and energy companies in Vietnam
Researchers at Trend Micro discover a China-linked cyber-espionage group, dubbed Earth Baxia, targeting Taiwanese government agencies, the Philippine and Japanese military, and energy companies in Vietnam, installing either the Cobalt Strike client or a custom backdoor known as EagleDoor on compromised machines, using spear-phishing to compromise victims, but also exploiting a vulnerability (CVE-2024-36401) in the open source GeoServer software used to distribute geospatial data
Researchers at Mandiant discover UNC1860, an advanced persistent threat (APT) tied to Iran’s Ministry of Intelligence and Security (MOIS) providing initial access services to other groups such as Scarred Manticore and OilRig (aka APT34, Helix Kitten, Cobalt Gypsym, Lyceum, Crambus, or Siamesekitten)
Russian tech companies, retail marketplaces, insurance firms and financial businesses
Researchers at F.A.C.C.T. reveal that threat actors compromised email accounts and set up seemingly innocuous automatic replies that contained links to the Xmrig crypto-miner.
>1 (Account Takeover, Malware)
Multiple Industries
Cyber Crime
RU
F.A.C.C.T., Xmrig
29
19/09/2024
–
–
?
Multiple organizations
Researchers at CloudSEK discover a new phishing campaign using fake CAPTCHA verification pages to trick Windows users into running malicious PowerShell commands, installing the Lumma Stealer malware and stealing sensitive information.
Malware
Multiple Industries
Cyber Crime
>1
AWS
30
19/09/2024
–
–
?
Multiple organizations
A clever threat campaign is abusing GitHub repositories to distribute the Lumma Stealer password-stealing malware targeting users who frequent an open source project repository or are subscribed to email notifications from it.
Malware
Multiple Industries
Cyber Crime
>1
GitHub
31
19/09/2024
–
–
?
Undisclosed organization(s) in the U.S.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds the CVE-2024-27348 Apache HugeGraph-Server Improper Access Control vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
CVE-2024-27348 Vulnerability
Unknown
Unknown
US
U.S. Cybersecurity and Infrastructure Security Agency, CISA, CVE-2024-27348, Apache HugeGraph-Server Improper Access Control, Known Exploited Vulnerabilities, KEV
32
19/09/2024
–
–
?
Undisclosed organization(s) in the U.S.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds the CVE-2020-0618 Microsoft SQL Server Reporting Services Remote Code Execution vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
CVE-2020-0618 Vulnerability
Unknown
Unknown
US
U.S. Cybersecurity and Infrastructure Security Agency, CISA, CVE-2020-0618, Microsoft SQL Server Reporting Services Remote Code Execution, Known Exploited Vulnerabilities, KEV
33
19/09/2024
–
–
?
Undisclosed organization(s) in the U.S.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds the CVE-2019-1069 Microsoft Windows Task Scheduler Privilege Escalation vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
CVE-2019-1069 Vulnerability
Unknown
Unknown
US
U.S. Cybersecurity and Infrastructure Security Agency, CISA, CVE-2019-1069, Microsoft Windows Task Scheduler Privilege Escalation, Known Exploited Vulnerabilities, KEV
34
19/09/2024
–
–
?
Undisclosed organization(s) in the U.S.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds the CVE-2022-21445 Oracle JDeveloper Remote Code Execution vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
CVE-2022-21445 Vulnerability
Unknown
Unknown
US
U.S. Cybersecurity and Infrastructure Security Agency, CISA, CVE-2022-21445, Oracle JDeveloper Remote Code Execution, Known Exploited Vulnerabilities, KEV
35
19/09/2024
–
–
?
Undisclosed organization(s) in the U.S.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds the CVE-2020-14644 Oracle WebLogic Server Remote Code Execution vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
CVE-2020-14644 Vulnerability
Unknown
Unknown
US
U.S. Cybersecurity and Infrastructure Security Agency, CISA, CVE-2020-14644, Oracle WebLogic Server Remote Code Execution, Known Exploited Vulnerabilities, KEV
36
19/09/2024
Earlier in 2024
Earlier in 2024
Multiple threat actors
Multiple organizations
Researchers from Palo Alto Networks discover of a new post-exploitation red team tool called Splinter, weaponized against multiple organizations.
Malware
Multiple Industries
Cyber Crime
>1
Palo Alto Networks, Splinter
37
19/09/2024
Since at least March 2024
During March 2024
?
Multiple organizations
Researchers at McAfee reveal that threat actors are using fake versions of popular software such as AnyDesk and CCleaner, to distribute AsyncRAT.
Malware
Multiple Industries
Cyber Crime
>1
McAfee, AnyDesk, CCleaner, AsyncRAT
38
19/09/2024
–
–
?
Multiple organizations
Ivanti warns that threat actors are exploiting CVE-2024-8963, another Cloud Services Appliance (CSA) security flaw in attacks targeting a limited number of customers.
17 individuals across Argentina, Chile, Colombia, Ecuador, Peru, and Spain
483,000 victims worldwide
A joint law enforcement operation, dubbed ‘Operation Kaerb’ dismantles an international criminal network that used the iServer automated phishing-as-a-service platform to unlock the stolen or lost mobile phones of 483,000 victims worldwide.
Account Takeover
Individual
Cyber Crime
>1
Operation Kaerb, iServer, phishing-as-a-service
41
19/09/2024
During September 2024
18/09/2024
‘grep’
Dell
Dell confirms to be investigating recent claims that it suffered a data breach after a threat actor dubbed “grep” leaked the data for over 10,000 employees.
Unknown
Professional, scientific and technical
Cyber Crime
US
Dell, grep
42
19/09/2024
29/06/2023
11/07/2023
?
Wright, Moore, DeHart, Dupuis & Hutchinson
Public accounting firm Wright, Moore, DeHart, Dupuis & Hutchinson (WMDDH) notifies over 127,000 individuals that their personal information was stolen in a July 2023 data breach.
Unknown
Administration and support service
Cyber Crime
US
Wright, Moore, DeHart, Dupuis & Hutchinson, WMDDH
43
19/09/2024
19/08/2024
19/08/2024
Malone Lam and Jeandiel Serrano
Undisclosed Crupto user
The FBI arrests two men have been arrested and charges them in relation to their alleged involvement in a scam which saw almost a quarter of a billion dollars worth of cryptocurrency stolen from a single victim.
Account Takeover
Fintech
Cyber Crime
Unknown
Malone Lam, Jeandiel Serrano, FBI
44
19/09/2024
19/09/2024
19/09/2024
?
Banana Gun
Users of the Telegram-based cryptocurrency trading bot Banana Gun have been drained of nearly $2 million worth of digital assets.
Vulnerability
Fintech
Cyber Crime
N/A
Banana Gun
45
19/09/2024
19/09/2024
19/09/2024
?
Unibot
Reports emerge that even the users of the cryptocurrency trading bot Unibot are drained of digital assets.
Vulnerability
Fintech
Cyber Crime
N/A
Unibot
46
19/09/2024
19/09/2024
19/09/2024
?
Maestro Bot
Reports emerge that even the users of the cryptocurrency trading bot Maestro are drained of $200,000 worth of digital assets.
Vulnerability
Fintech
Cyber Crime
N/A
Maestro
47
19/09/2024
During September 2022
–
?
Equiniti Trust Company, formerly known as American Stock Transfer & Trust Company
Equiniti Trust Company agrees to pay $850K after an unknown threat actor, pretending to be an employee of a U.S.-based public issuer client of American Stock Transfer, instructed the Company to issue millions of new shares, liquidate those shares, and send the proceeds to an bank in Hong Kong, leading to a loss of roughly $4.78 million.
Business Email Compromise
Finance and insurance
Cyber Crime
US
Equiniti Trust Company, American Stock Transfer & Trust Company
48
19/09/2024
During August 2023
–
?
Equiniti Trust Company, formerly known as American Stock Transfer & Trust Company
In a second breach, an unknown threat actor was able to create fake accounts with American Stock Transfer & Trust, by using stolen Social Security numbers of various American Stock Transfer accountholders, allowing them to liquidate securities held in the legitimate accounts and transfer approximately $1.9 million to external bank accounts.
Business Email Compromise
Finance and insurance
Cyber Crime
US
Equiniti Trust Company, American Stock Transfer & Trust Company
49
20/09/2024
20/09/2024
20/09/2024
?
BingX
Singaporean crypto platform BingX says that more than $44 million was stolen from their platform in a cyberattack.
Unknown
Fintech
Unknown
SG
BingX
50
20/09/2024
‘Recently’
‘Recently’
?
Multiple organizations
Researchers at McAfee observe an infection chain where fake CAPTCHA pages are being leveraged to distribute malware, specifically Lumma Stealer.
Malware
Multiple Industries
Cyber Crime
>1
McAfee, CAPTCHA, Lumma Stealer
51
20/09/2024
Since at least June 2024
During June 2024
Twelve
Multiple organizations in Russia
Researchers at Kaspersky observer the hacktivist group known as Twelve using an arsenal of publicly available tools to conduct destructive cyber attacks against Russian targets.
Malware
Multiple Industries
Hacktivism
RU
Kaspersky, Twelve, Russia, Ukraine
52
20/09/2024
20/09/2024
20/09/2024
NoName057(16) and OverFlame
Dozens of Austrian websites
The Pro-Russia groups NoName057(16) and OverFlame claim responsibility for disrupting dozens of Austrian websites ahead of the country’s general election later this month.
DDoS
Multiple Industries
Hacktivism
AT
Russia, NoName057(16), OverFlame
53
20/09/2024
–
–
?
Fylde Coast Academy Trust
The Fylde Coast Academy Trust is hit with a ransomware attack.
Ransomware
Education
Cyber Crime
GB
Fylde Coast Academy Trust, Ransomware
54
20/09/2024
–
13/08/2024
?
Star Health and Allied Insurance
Stolen customer data including medical reports from India’s biggest health insurer, Star Health, is publicly accessible via chatbots on Telegram
Unknown
Finance and insurance
Cyber Crime
IN
Star Health and Allied Insurance
55
20/09/2024
04/04/2024
25/07/2024
?
Muskogee City County Enhanced 911 Trust Authority
Muskogee City County Enhanced 911 Trust Authority (MCC911) confirms that it experienced a ransomware attack earlier this year.
Ransomware
Human health and social work
Cyber Crime
US
Muskogee City County Enhanced 911 Trust Authority, MCC911, ransomware
56
20/09/2024
–
25/04/2024
LockBit
Keuka College
Keuka College discloses a ransomware attack, allegedly carried out by the LockBit ransomware operation.
Ransomware
Education
Cyber Crime
US
Keuka College, ransomware, LockBit
57
21/09/2024
21/09/2024
21/09/2024
?
Rockstar Games
Rockstar Games is hit by DDoS attacks following a GTA Online update that added BattlEye Anti-Cheat and the resulting loss of the Steam Deck compatibility.
Shezmu, a crypto landing platform, suffers a $4.9 million worth hack after a storage vault is compromised. However the platform is able to recover the stolen funds within hours of successfully negotiating with the threat actor.
Vulnerability
Fintech
Cyber Crime
N/A
Shezmu
59
21/09/2024
30/08/2024
30/08/2024
Hunters International
German Youth Hostel Association (DJH),
The ransomware group Hunters International claims to have broken into German Youth Hostel Association (DJH), and to have copied large amounts of data.
Ransomware
Accommodation and food service
Cyber Crime
DE
Hunters International, ransomware, German Youth Hostel Association, DJH
60
22/09/2024
–
–
‘grep’
Dell
Grep, the threat actor who claimed to have breached Dell, now claims to have breached the same company again.
Unknown
Professional, scientific and technical
Cyber Crime
US
Dell, grep
61
23/09/2024
‘Recently’
‘Recently’
?
Multiple organizations
Researchers at Datadog discover a new malware campaign targeting Docker and Kubernetes. The campaign exploits Docker for initial access, deploying a cryptocurrency miner on infected containers before retrieving and executing a number of malicious payloads.
>1 (Misconfiguration, Malware)
Multiple Industries
Cyber Crime
>1
Datadog, Docker, Kubernetes
62
23/09/2024
Since December 2023
Early April 2024
?
Multiple organizations
Researchers from Palo Alto Networks discover SnipBot, a new version of the RomCom cyber-espionage malware.
Malware
Multiple Industries
Cyber Espionage
>1
Palo Alto Networks, SnipBot, RomCom
63
23/09/2024
Since December 2023
During May 2024
Mallox
Multiple organizations
Researchers from Sentinel One reveal that the Kryptina Ransomware-as-a-Service tool has been adopted by affiliates of the Mallox ransomware group.
Researchers at Kaspersky uncover a new version of the Necro malware loader for Android, installed on 11 million devices through Google Play in malicious SDK supply chain attacks or fake up from third-parties markets.
Malware
Individual
Cyber Crime
>1
Kaspersky, Necro, Android, Google Play
65
23/09/2024
20/09/2024
20/09/2024
?
MoneyGram
Money transfer giant MoneyGram confirms it suffered a cyberattack after dealing with system outages and customer complaints about lack of service since Friday.
Unknown
Finance and insurance
Cyber Crime
US
MoneyGram
66
23/09/2024
During 2024
During 2024
State-owned Russian Media including RT and TV-Novosti
Audiences in the U.S.
TikTok bans dozens of accounts associated with state-owned Russian media, including RT and TV-Novosti, citing concerns ahead of the U.S. presidential election in November.
Coordinated Inauthentic Behavior
Individual
Cyber Warfare
US
TikTok, Russia, RT, TV-Novosti, US Elections
67
23/09/2024
23/09/2024
23/09/2024
Israel?
Lebanon’s telecoms networks
Israeli military officials warn residents in southern Lebanon and parts of Beirut to evacuate villages and neighbourhoods, sparking concerns that Israel had hacked into its northern neighbour’s telecommunications networks.
Unknown
Information and communication
Cyber Warfare
LB
Israel, Lebanon
68
23/09/2024
During 2024
During 2024
Anonymous 64
Audiences in China, Hong Kong, and Macao
The Chinese government exposes a Taiwanese group named Anonymous 64, claiming that the group, which has been targeting China, Hong Kong and Macao with anti-China propaganda, is backed by the government of Taiwan. Taiwan denies the accusations.
Coordinated Inauthentic Behavior
Individual
Cyber Warfare
CN
HK
MO
China, Taiwan, Anonymous 64
69
23/09/2024
–
–
‘grep’
Undisclosed 3rd party software tool
The threat actor, going by the alias ‘grep,’ leaks over 12,000 (11,802) call records with audio, which they claim belong to Twilio customers. Twilio denies the claims, clarifying that they were not breached, but a customer’s data was exposed due to a vulnerability in a third-party tool used by the customer’s developers.
Vulnerability
Professional, scientific and technical
Cyber Crime
US
Twilio, grep
70
23/09/2024
23/09/2024
23/09/2024
?
OpenAI’s press account on X
Crypto scammers hijack OpenAI Newsroom, OpenAI’s press account on X, formerly Twitter, to advertise a nonexistent token $OPENAI.
Account Takeover
Fintech
Cyber Crime
US
Crypto, OpenAI Newsroom, X, Twitter, $OPENAI
71
24/09/2024
–
–
?
Unknown organization(s)
Threat actors are exploiting CVE-2024-7120, a vulnerability in some RAISECOM Gateway devices.
CVE-2024-7120 Vulnerability
Unknown
Unknown
Unknown
CVE-2024-7120, RAISECOM
72
24/09/2024
Early June 2024
Early June 2024
?
French users
Researchers at HP discover a phishing campaign targeting French users, employing HTML smuggling to deliver a password-protected ZIP archive containing a VBScript and JavaScript code, pointing to AI-generated malicious code.
Malware
Multiple Industries
Cyber Crime
FR
HP, HTML smuggling, VBScript, JavaScript, AI
73
24/09/2024
Since at least July 2021
–
SloppyLemming (a.k.a. Outrider Tiger and Fishing Elephant)
Organizations in South and East Asian countries
Researchers at Cloudflare expose SloppyLemming, an advanced threat actor routinely using Cloudflare Workers, likely as part of a broad espionage campaign targeting South and East Asian countries.
Android banking users in Italy, Poland, Moldova, and Hungary
Researchers at ThreatFabric discover a new version of the Octo Android malware, named “Octo2,” spreading across Europe under the guise of NordVPN, Google Chrome, and an app called Europe Enterprise.
Malware
Finance and insurance
Cyber Crime
HU
IT
MD
PL
ThreatFabric, Octo, Android, Octo2, NordVPN, Google Chrome, Europe Enterprise
75
24/09/2024
–
–
?
Undisclosed organization(s) in the U.S.
The U.S. CISA tags CVE-2024-7593, another critical Ivanti security vulnerability on Virtual Traffic Manager (vTM) appliances, as actively exploited in attacks.
CVE-2024-7593 Vulnerability
Unknown
Unknown
US
U.S. CISA, CVE-2024-7593, Virtual Traffic Manager, vTM, Ivanti
76
24/09/2024
22/09/2024
22/09/2024
?
Water utility in Arkansas City
Arkansas City, a small city in Cowley County, Kansas, is forced to switch its water treatment facility to manual operations over the weekend to contain a cyberattack detected on Sunday morning.
Unknown
Water supply, waste mgmt, remediation
Unknown
US
Arkansas City, Cowley County, Kansas, water utility
77
24/09/2024
From May to July 2024
From May to July 2024
?
Transportation and logistics companies in North America
Researchers at Proofpoint track a cluster of activity targeting transportation and logistics companies in North America to deliver a variety of different malware payloads including Lumma Stealer, StealC, or NetSupport.
Malware
Transportation and storage
Cyber Crime
US
Proofpoint, Lumma Stealer, StealC, NetSupport
78
24/09/2024
During 2024
During 2024
Multiple threat actors
Multiple organizations
Researchers at Palo Alto Networks discover more than 140,000 phishing websites linked to a phishing-as-a-service (PhaaS) platform named Sniper Dz, indicating that it’s being used by a large number of cybercriminals to conduct credential theft.
The Sweden’s domestic intelligence (Säkerhetspolisen – Swedish Security Service) announces that threat actors working for Iran’s Islamic Revolutionary Guards Corp were behind the hack targeting a Swedish SMS service, intended to paint an image of Sweden as an Islamophobic country.
The threat actor known as IntelBroker announces late last week on the BreachForums cybercrime forum the availability of “internal communications” obtained from Deloitte, specifically an internet-exposed Apache Solr server that was accessible with default credentials. However the company replies that there is no thret to sensitive data.
Misconfiguration
Professional, scientific and technical
Cyber Crime
GB
Deloitte, IntelBroker
81
24/09/2024
–
–
?
U.S. Capitol
The personal information of over 3,000 congressional staffers is leaked on the dark web following a major breach on the U.S. Capitol.
Account Takeover
Public admin and defence, social security
Cyber Crime
US
U.S. Capitol
82
24/09/2024
Since at least 13/09/2024
13/09/2024
?
Individuals
Researchers at Veriti reveal that threat actors are using the public’s interest in a current scandal surrounding celebrity rapper Sean “Diddy” Combs to spread spyware (a version of the open-source PySilon RAT, a remote access Trojan called “PdiddySploit”) via files promising to reveal details of deleted posts from the X social media platform.
Malware
Arts entertainment, recreation
Cyber Crime
>1
Veriti, Sean “Diddy” Combs, PySilon RAT, PdiddySploit, X
83
24/09/2024
16/07/2024
16/07/2024
?
Lancaster Royal Grammar School
The Lancaster Royal Grammar School is hit with a ransomware attack.
Ransomware
Education
Cyber Crime
GB
Lancaster Royal Grammar School, Ransomware
84
24/09/2024
–
–
Valencia
City of Pleasanton
The City of Pleasanton in California is hit with a Valencia ransomware attack. The threat actor claims to have stolen 283GB of sensitive information.
Ransomware
Public admin and defence, social security
Cyber Crime
US
Valencia, Ransomware, City of Pleasanton
85
24/09/2024
–
–
Valencia
Duopharma Biotech
Malaysian pharmaceutical firm Duopharma Biotech is hit with a Valencia ransomware attack. The threat actor claims to have stolen 25.7GB of sensitive information.
Ransomware
Public admin and defence, social security
Cyber Crime
MY
>1
Valencia, Ransomware, Duopharma Biotech
86
24/09/2024
–
–
Valencia
Satia
Indian paper manufacturer Satia is hit with a Valencia ransomware attack. The threat actor claims to have stolen 7.1GB of sensitive information.
Ransomware
Public admin and defence, social security
Cyber Crime
IN
Valencia, Ransomware, Satia
87
24/09/2024
–
–
Valencia
Globe Pharmaceuticals
Bangladeshi drugs maker Globe Pharmaceuticals is hit with a Valencia ransomware attack. The threat actor claims to have stolen 200MB of sensitive information.
Ransomware
Public admin and defence, social security
Cyber Crime
BD
Valencia, Ransomware, Globe Pharmaceuticals
88
25/09/2024
–
–
Multiple threat actors
Critical Infrastructures in the U.S.
The U.S. CISA warns of threat actors trying to breach critical infrastructure networks by targeting Internet-exposed industrial devices using “unsophisticated” methods like brute force attacks and default credentials.
>1 (Brute-force, Misconfiguration)
Electricity, gas steam, air conditioning
Unknown
US
U.S. CISA, Critical infrastructures
89
25/09/2024
‘In recent months’
‘In recent months’
Salt Typhoon a.k.a. FamousSparrow and GhostEmperor
Several U.S. internet service providers
China-linked threat actors from Salt Typhoon have breached several U.S. internet service providers in recent months as part of a cyber espionage campaign code-named Salt Typhoon.
Targeted Attack
Information and communication
Cyber Espionage
US
Salt Typhoon, FamousSparrow, GhostEmperor
90
25/09/2024
Since at least the end of 2022
Early 2024
?
Kurdish minority
Researchers from Sekoia discover SilentSelfie, a cyber espionage operation compromising as many as 25 websites linked to the Kurdish minority, as part of a watering hole attack designed to harvest sensitive information.
Targeted Attack
Individual
Cyber Espionage
N/A
Sekoia, SilentSelfie, Kurdistan
91
25/09/2024
During 2024
During 2024
DragonForce
Manufacturing, real estate and transportation industries worldwide
Researchers at Group-IB reveal that the cybercriminal group known as DragonForce has been attacking the manufacturing, real estate and transportation industries worldwide using modified versions of the notorious ransomware variants LockBit and Conti.
Ransomware
Multiple Industries
Cyber Crime
>1
Group-IB, DragonForce, LockBit, Conti
92
25/09/2024
25/09/2024
25/09/2024
?
Suburb of Richardson
Richardson, a large Dallas suburb is dealing with a ransomware attack that has required help from the FBI to resolve.
Ransomware
Public admin and defence, social security
Cyber Crime
US
Richardson, Dallas, ransomware, FBI
93
25/09/2024
–
–
?
Kuwait’s Health Ministry
The Kuwait’s Health Ministry is recovering from a cyberattack that took down systems at several of the country’s hospitals, as well as the country’s Sahel healthcare app.
Unknown
Human health and social work
Cyber Crime
KW
Kuwait’s Health Ministry, Sahel
94
25/09/2024
24/09/2024
24/09/2024
?
League of Legends player
Researchers at Bitdefender discover a new phishing campaign that capitalizes on excitement around the start of the League of Legends (LoL) World Championship to spread the Lumma Stealer info-stealing malware via carefully crafted social media advertisements.
Malware
Arts entertainment, recreation
Cyber Crime
>1
Bitdefender, League of Legends, LoL, World Championship, Lumma Stealer
95
25/09/2024
–
–
‘grep’
Dell
The threat actor going by the handle of ‘grep’ claims to have breached Dell for the third time and leaks 500 MB of sensitive data.
Unknown
Professional, scientific and technical
Cyber Crime
US
Dell, grep
96
25/09/2024
25/09/2024
25/09/2024
?
Truflation
Crypto project Truflation loses over $5 million from its treasury multisig and personal wallets in a malware attack
Malware
Fintech
Cyber Crime
N/A
Truflation
97
26/09/2024
Since at least 21/03/2024
–
?
Crypto users
Researchers at Check Point uncover WalletConnect, a malicious app on Google Play designed to steal cryptocurrency marking the first time a drainer has targeted mobile device users exclusively. The app uses a set of evasion techniques to avoid detection and remained available for nearly five months before being removed.
Malware
Fintech
Cyber Crime
>1
Check Point, WalletConnect, Google Play
98
26/09/2024
–
–
?
Russian-speaking users
Researchers from Netskope reveal that Russian-speaking users have been targeted as part of a new campaign distributing a commodity trojan called DCRat (a.k.a. DarkCrystal RAT) by means of HTML smuggling.
Malware
Multiple Industries
Cyber Crime
RU
Netskope, DCRat, DarkCrystal RAT, HTML smuggling
99
26/09/2024
Since at least 2022
During 2022
Kimsuky, a.k.a. APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (formerly Thallium), Sparkling Pisces, Springtail, and Velvet Chollima.
Multiple organizations in South Korea
Researchers from Palo Alto Networks observe the Kimsuky threat actors with ties to North Korea leveraging two new malware strains dubbed KLogEXE and FPSpy.
Targeted Attack
Multiple Industries
Cyber Espionage
KR
Palo Alto Networks, Kimsuky, APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet, Thallium, Sparkling Pisces, Springtail, Velvet Chollima, KLogEXE, FPSpy, North Korea
100
26/09/2024
–
–
Storm-0501
Government, manufacturing, transportation, and law enforcement sectors in the U.S.
Researchers at Microsoft observe the threat actor known as Storm-0501 targeting government, manufacturing, transportation, and law enforcement sectors in the U.S. to stage ransomware attacks.
Ransomware
Multiple Industries
Cyber Crime
US
Storm-0501, Microsoft, ransomware
101
26/09/2024
04/05/2024
07/08/2024
LockBit
Community Clinic of Maui
The Community Clinic of Maui (Mālama) warns more than 123,000 people that their information was accessed by threat actors during a LockBit ransomware attack in May.
Ransomware
Human health and social work
Cyber Crime
US
Community Clinic of Maui, Mālama, LockBit, ransomware
102
26/09/2024
–
–
Red Evil a.k.a. We Red Evils
14 water facilities in southern Lebanon and Beirut
A pro-Israel hacktivist group known as Red Evil and We Red Evils claims to have compromised water systems used by Hezbollah, taking control of supervisory control and data acquisition (SCADA) software associated with 14 water facilities in southern Lebanon and Beirut, and managed to change chlorine levels.
Unknown
Water supply, waste mgmt, remediation
Hacktivism
LB
Israel, Red Evil, We Red Devils., Supervisory Control and Data Acquisition, SCADA, Lebanon, Beirut, Chlorine
103
26/09/2024
25/09/2024
25/09/2024
?
19 stations, including London Cannon Street, London Bridge, Charing Cross, Clapham Junction, Euston, King’s Cross, Liverpool Street, Paddington, Victoria, Waterloo, Reading, Guildford, Manchester Piccadilly, Liverpool Lime Street, Birmingham New Street, Leeds, Bristol Temple Meads, Edinburgh Waverley, Glasgow Central
U.K. transport officials and police say they are investigating a “cyber-security incident” that hit the public Wi-Fi networks at the country’s biggest railway stations and displayed an anti-Islam message in the login page.
Account Takeover
Transportation and storage
Cyber Crime
GB
London Cannon Street, London Bridge, Charing Cross, Clapham Junction, Euston, King’s Cross, Liverpool Street, Paddington, Victoria, Waterloo, Reading, Guildford, Manchester Piccadilly, Liverpool Lime Street, Birmingham New Street, Leeds, Bristol Temple Meads, Edinburgh Waverley, Glasgow Central, Wi-Fi, Islam
104
26/09/2024
Earlier in September 2024
Earlier in September 2024
?
Senator Ben Cardin
An advanced deepfake operation targets Sen. Ben Cardin, the Democratic chair of the Senate Foreign Relations Committee, who is involved in a Zoom conversation with a fake Dymtro Kuleba, the former Ukrainian Minister of Foreign Affairs.
Deepfake
Individual
Cyber Warfare
US
Deepfake, Senator Ben Cardin, Senate Foreign Relations Committee, Zoom, Dymtro Kuleba, Ukrainian Minister of Foreign Affairs.
105
26/09/2024
08/08/2024
08/08/2024
?
Undisclosed organization
Researchers at Darktrace reveal the details of a thread hijacking attack, where a malicious actor attempted to manipulate trusted email communications, potentially exposing critical data.
Account Takeover
Unknown
Cyber Crime
Unknown
Darktrace reveal, thread hijacking
106
26/09/2024
26/09/2024
26/09/2024
?
Onyx
Decentralized finance (DeFi) protocol Onyx is exploited for $3.8 million, using a known bug that had already been used to exploit Onyx previously.
Vulnerability
Fintech
Cyber Crime
N/A
Onyx
107
27/09/2024
–
–
Threat actors from Iran
Individuals “with a nexus to Iranian and Middle Eastern affairs,” and also the US political campaigns
The FBI, U.S. Cyber Command – Cyber National Mission Force (CNMF), the Department of the Treasury, and the United Kingdom’s National Cyber Security Centre (NCSC) warn of a new campaign by the Iran’s Islamic Revolutionary Guard Corps (IRGC) targeting individuals “with a nexus to Iranian and Middle Eastern affairs,” and also the US political campaigns.
Targeted Attack
Individual
Cyber Espionage
US
FBI, U.S. Cyber Command – Cyber National Mission Force, CNMF, Department of the Treasury, United Kingdom’s National Cyber Security Centre, NCSC, Iran, Islamic Revolutionary Guard Corps, IRGC, US political campaign
108
27/09/2024
–
–
Transparent Tribe (a.k.a. APT36)
Individuals belonging to government organizations in India
Researchers at Cyfirma discover a new campaign by the Pakistani threat actor Transparent Tribe targeting individuals belonging to government organizations in India.
Targeted Attack
Public admin and defence, social security
Cyber Espionage
IN
Transparent Tribe, APT36, Cyfirma, Pakistan
109
27/09/2024
Since at least March 2024
During March 2024
?
Multiple organizations
Researchers at Elastic shed light on REF6138, a sophisticated Linux malware campaign targeting vulnerable Apache servers to establish persistence deploy malware families such as Kaiji and RUDEDEVIL (a.k.a. Lucifer) that facilitate distributed denial-of-service (DDoS) and cryptocurrency mining, respectively.
University Medical Center Health System (UMC) in Lubbock is forced to divert ambulances after a ransomware attack shuts down many of its systems.
Ransomware
Human health and social work
Cyber Crime
US
University Medical Center Health System, UMC, Lubbock, ransomware
111
27/09/2024
Since May 2024
During June 2024
Three Iranian individuals
Individuals connected to the Trump presidential campaign
The U.S. Department of Justice unseals an indictment charging three Iranian threat actors with a “hack-and-leak” campaign that aimed to influence the 2024 U.S. presidential election.
Account Takeover
Individual
Cyber Warfare
US
Iran, Trump, U.S. Department of Justice, hack-and-leak, 2024 U.S. presidential election
112
27/09/2024
27/09/2024
27/09/2024
?
AFP (Agence France-Presse)
Global news agency AFP (Agence France-Presse) warns that it suffered a cyberattack, which impacted IT systems and content delivery services for its partners.
Unknown
Information and communication
Unknown
FR
AFP, Agence France-Presse
113
27/09/2024
‘During the previous week’
‘During the previous week’
State-sponsored threat actor
National Dutch police (Politie)
The National Dutch police (Politie) says that a state actor was likely behind a data breach detected the previous week.
Account Takeover
Public admin and defence, social security
Cyber Espionage
NL
National Dutch police, Politie
114
27/09/2024
Between January 2019 and May 2020
–
Robert Westbrook
Several U.S.-based companies
The U.S. Department of Justice (DoJ) charges Robert Westbrook, a 39-year-old U.K. national for perpetrating a hack-to-trade fraud scheme that netted him nearly $3.75 million in illegal profits.
Account Takeover
Multiple Industries
Cyber Crime
US
U.S. Department of Justice, DoJ, Robert Westbrook
115
27/09/2024
–
–
Kimsuky, a.k.a. APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (formerly Thallium), Sparkling Pisces, Springtail, and Velvet Chollima.
Diehl Defence
The North Korea-linked APT Kimsuky is linked to a cyberattack on Diehl Defence, a German manufacturer of advanced military systems.
The State Service of Special Communications and Information Protection of Ukraine (SSSCIP) reveals that Russian threat actors from UAC-0184 are actively targeting Ukrainian servicemen through messaging apps to obtain their personal data.
Targeted Attack
Public admin and defence, social security
Cyber Espionage
UA
State Service of Special Communications and Information Protection of Ukraine, SSSCIP, Russia, Ukraine, UAC-0184
117
27/09/2024
27/09/2024
27/09/2024
?
Bedrock
Crypto liquid restaking protocol Bedrock loses roughly $2 million in a security exploit. In return, the attacker is offered the job of securing the very protocol it stole from.
Smart Contract Vulnerability
Fintech
Cyber Crime
N/A
Bedrock
118
27/09/2024
23/09/2024
23/09/2024
?
Mutua Madrileña
Mutua Madrileña suffers a cyber attack on its home customer base, through an external provider, which affects thousands of customers.
Unknown
Finance and insurance
Cyber Crime
ES
Mutua Madrileña
119
28/09/2024
28/09/2024
28/09/2024
Israeli Cyber Army
Rafic Hariri International Airport
The Israeli cyber army allegedly hacks into the control tower of the Rafic Hariri International Airport in Beirut, and threatens an Iranian civilian plane attempting to land, forcing it to return.
Unknown
Transportation and storage
Cyber Warfare
LB
Israel, Rafic Hariri International Airport, Beirut, Iran
120
28/09/2024
27/09/2024
28/09/2024
?
Richmond Community Schools
Richmond Community Schools in Indiana posts to social media that student and staff information in the PowerSchool software system was breached in a ransomware attack.
Ransomware
Education
Cyber Crime
US
Richmond Community Schools, ransomware
121
30/09/2024
During September 2024
During September 2024
?
Roblox cheaters
Researchers at Imperva identify an ongoing malware campaign specifically targeting Roblox cheaters via malicious Python packages.
Malware
Arts entertainment, recreation
Cyber Crime
>1
Imperva, Roblox, Python
122
30/09/2024
–
–
?
Undisclosed organization(s) in the U.S.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds the CVE-2023-25280 D-Link DIR-820 Router OS Command Injection vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
CVE-2023-25280 Vulnerability
Unknown
Unknown
US
U.S. Cybersecurity and Infrastructure Security Agency, CISA, CVE-2023-25280, D-Link, DIR-820 Router, OS Command Injection, Known Exploited Vulnerabilities, KEV
123
30/09/2024
–
–
?
Undisclosed organization(s) in the U.S.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds the CVE-2020-15415 DrayTek Multiple Vigor Routers OS Command Injection vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
CVE-2020-15415 Vulnerability
Unknown
Unknown
US
U.S. Cybersecurity and Infrastructure Security Agency, CISA, CVE-2020-15415, DrayTek Multiple Vigor Routers, OS Command Injection, Known Exploited Vulnerabilities, KEV
124
30/09/2024
–
–
?
Undisclosed organization(s) in the U.S.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds the CVE-2021-4043 Motion Spell GPAC Null Pointer Dereference vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
CVE-2021-4043 Vulnerability
Unknown
Unknown
US
U.S. Cybersecurity and Infrastructure Security Agency, CISA, CVE-2021-4043, Motion Spell GPAC, Null Pointer Dereference, Known Exploited Vulnerabilities, KEV
125
30/09/2024
–
–
?
Undisclosed organization(s) in the U.S.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds the CVE-2019-0344 SAP Commerce Cloud Deserialization of Untrusted Data vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
CVE-2019-0344 Vulnerability
Unknown
Unknown
US
U.S. Cybersecurity and Infrastructure Security Agency, CISA, CVE-2019-0344, SAP Commerce Cloud, Deserialization of Untrusted Data, Known Exploited Vulnerabilities, KEV
126
30/09/2024
Since at least November 2023
During November 2023
BlackCat
Undisclosed organization(s)
A new campaign distributes the BlackCat ransomware through the Nitrogen malware hosted on a website impersonating Advanced IP Scanner.
Ransomware
Unknown
Cyber Crime
Unknown
BlackCat, ransomware, Nitrogen, Advanced IP Scanner
127
30/09/2024
24/09/2024
24/09/2024
?
Rackspace
Rackspace tells customers that threat actors exploited a zero-day vulnerability in ScienceLogic, a third-party application it was using, and abused that vulnerability to break into its internal performance monitoring environment.
Vulnerability
Professional, scientific and technical
Cyber Crime
US
Rackspace, zero-day, ScienceLogic
128
30/09/2024
–
–
?
Users in France
Researchers at Gen discover a new ‘FakeUpdate’ campaign targeting users in France. leveraging compromised websites to show fake browser and application updates that spread a new version of the WarmCookie backdoor.
Malware
Individual
Cyber Crime
FR
Gen, ‘FakeUpdate’, WarmCookie
129
30/09/2024
–
–
?
Organization in the recruiting sector
Researchers at Trend Micro discover a spear-phishing email campaign targeting recruiters with a JavaScript backdoor called More_eggs, indicating persistent efforts to single out the sector under the guise of fake job applications.
Malware
Administration and support service
Cyber Crime
Unknown
Trend Micro, JavaScript, More_eggs
130
30/09/2024
–
–
Pryx
Barbados Revenue Authority
230GB of records from the Barbados Revenue Authority, such as property tax records and vehicle owner’s registration records, are being offered for sale.
Empowering Voices, Inspiring Change ─
Avice.org News is dedicated to delivering comprehensive, unbiased news coverage that empowers individuals by providing insightful analysis and diverse viewpoints. Our mission is to inspire informed discussions and foster community engagement, ensuring that every voice is heard in the pursuit of truth and progress. Through our commitment to journalistic integrity, we aim to be a trusted source for news that drives positive change in society. ─ Editor in Chief (EIC)
