Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Theft. Show all posts
Sensitive data
Cyber Attacks Data Leak data security Data Theft Hacker attack Indian Cyber Security Pakistan Hacker Personal Data Sensitive data

Pakistan-Based Hackers Launch Cyber Attack on Indian Defence Websites, Claim Access to Sensitive Data

 

In a concerning escalation of cyber hostilities, a Pakistan-based threat group known as the Pakistan Cyber Force launched a coordinated cyber offensive on multiple Indian defence-related websites on Monday. The group claimed responsibility for defacing the official site of a Ministry of Defence public sector undertaking (PSU) and asserted that it had gained unauthorized access to sensitive information belonging to Indian defence personnel. According to reports, the targeted websites included those of the Military Engineering Service (MES) and the Manohar Parrikar Institute of Defence Studies and Analyses (MP-IDSA), both critical components in India’s defence research and infrastructure network. 

The group’s social media posts alleged that it had exfiltrated login credentials and personal data associated with defence personnel. One particularly alarming development was the defacement of the official website of Armoured Vehicle Nigam Limited (AVNL), a key PSU under the Ministry of Defence. The hackers replaced the homepage with the Pakistani flag and an image of the Al Khalid tank, a symbol of Pakistan’s military capabilities. A message reportedly posted on social platform X read, “Hacked. Your security is illusion. MES data owned,” followed by a list of names allegedly linked to Indian defence staff. 

Sources quoted by ANI indicated that there is a credible concern that personal data of military personnel may have been compromised during the breach. In response, authorities promptly took the AVNL website offline to prevent further exploitation and launched a full-scale forensic audit to assess the scope of the intrusion and restore digital integrity. Cybersecurity experts are currently monitoring for further signs of intrusion, especially in light of repeated cyber threats and defacement attempts linked to Pakistani-sponsored groups. 

The ongoing tensions between the two countries have only heightened the frequency and severity of such state-aligned cyber operations. This latest attack follows a pattern of provocative cyber incidents, with Pakistani hacker groups increasingly targeting sensitive Indian assets in attempts to undermine national security and sow discord. Intelligence sources are treating the incident as part of a broader information warfare campaign and have emphasized the need for heightened vigilance and improved cyber defense strategies. 

Authorities continue to investigate the breach while urging government departments and defense agencies to reinforce their cybersecurity posture amid rising digital threats in the region.
Read more »
Ransomwares
Cyber Attacks data security Data Theft Hacker attack Pharmaceutical Firms Ransom Demand Ransomware attack Ransomwares

Pune-Based Biopharma Company Hit by Ransomware Attack, Hackers Demand $80,000

 

A multinational biopharmaceutical company based in Pune has fallen victim to a sophisticated ransomware attack, with cybercriminals encrypting vital data and demanding $80,000 (over Rs 68 lakh) for its release. The attackers have also threatened to leak the stolen proprietary data on the dark web if the ransom is not paid, according to local police authorities. 

The incident came to light when a senior executive from the company’s Pune office lodged a complaint at the Cyber Crime Police Station of Pimpri Chinchwad on Monday evening. The attack was first identified on Sunday afternoon, prompting immediate concern due to the sensitivity of the data involved. According to initial investigations by cybercrime officials, the breach is believed to have occurred through a compromised endpoint device—most likely via a phishing email containing a malicious link. 

Once the attackers gained access to the internal network, they deployed ransomware to the company’s main server and extended it to more than a dozen connected servers. Sensitive data, including proprietary pharmaceutical formulations, manufacturing protocols, and confidential business documents, was then encrypted and locked. 

“A preliminary probe suggests that vulnerabilities in the company’s cybersecurity setup allowed the attackers to infiltrate its systems,” an officer from the Cyber Police Station said. “Unfortunately, a significant portion of the critical data was not backed up offline, leaving the organization exposed to potential data loss if the ransom is not paid.” The hackers have made it clear that if their ransom demand of $80,000 is not met, the stolen data will be sold on the dark web. 

So far, the company has not paid the ransom, and authorities are currently analyzing IP logs and other digital evidence to trace the origin of the attack. Cybercrime investigators have urged all businesses to strengthen their cybersecurity measures, including regularly backing up data offline, updating firewall configurations, and educating employees about phishing threats. “This incident is a wake-up call for organizations to prioritize robust digital security,” the officer added.  

Deputy Commissioner of Police (Crime) Sandeep Doiphode emphasized the growing need for enterprises to invest in both technology and skilled cybersecurity personnel. “This case underlines the urgent necessity for companies to stay ahead of evolving threats through both infrastructure and human resource development,” he said. Police also noted that ransomware attacks typically use phishing emails and exploit weak security protocols. Payments are often demanded in cryptocurrency, making the attackers harder to trace. 

The investigation remains ongoing.
Read more »
Sensitive Data Leak
cyber attack Cyber Warfare Cybersecurity Data Breach Data Theft Hacker attack Information Security Personal Data Breach Sensitive Data Leak

Jammu Municipal Corporation Targeted in Major Cyberattack, Sensitive Data Allegedly Stolen

 

In a significant breach of digital infrastructure, the Jammu Municipal Corporation (JMC) has fallen victim to a cyberattack believed to have resulted in the loss of vast amounts of sensitive data. According to high-level intelligence sources, the attackers managed to compromise the website, gaining access to critical records and databases that may include personally identifiable information such as Aadhaar numbers, property ownership documents, tax filings, infrastructure blueprints, and internal administrative communications.  

The breach, which occurred on Friday, has prompted an immediate investigation and system lockdown as cybersecurity teams race to contain the damage and begin recovery operations. Officials involved in the incident response have confirmed that website functionality has been suspended as data restoration processes are initiated. Top intelligence sources indicate that the attack bears hallmarks of Pakistan-sponsored cyber operations aimed at undermining India’s administrative framework. “These tactics are consistent with state-backed cyber warfare efforts targeting strategic and sensitive zones like Jammu and Kashmir,” said a senior intelligence official.

“The objective is often to destabilize public services and spread fear among the populace.” The JMC’s website is a key platform used to manage municipal services, property taxes, and local development projects. Its compromise has raised concerns about the broader implications for civic governance and the potential misuse of the stolen data.  

This latest breach follows a series of unsuccessful but alarming hacking attempts by groups linked to Pakistan. Just a day before the JMC attack, hacker collectives such as ‘Cyber Group HOAX1337’ and ‘National Cyber Crew’ reportedly targeted several Indian websites. Cybersecurity teams were able to detect and neutralize these threats before they could cause any major disruption. Among the recent targets were the websites of Army Public School Nagrota and Army Public School Sunjuwan. These were reportedly subjected to defacement attempts featuring inflammatory messages referencing the victims of the Pahalgam terror attack. 

In another incident, a portal catering to the healthcare needs of retired armed forces personnel was compromised and vandalized. Cybersecurity experts warn that such attacks often aim to disrupt not only public trust but also national morale. The recurring pattern of targeting vulnerable groups—such as schoolchildren and elderly veterans—further emphasizes the psychological warfare tactics employed by these groups. 

As recovery efforts continue, the Indian government is likely to review its cybersecurity protocols across public sector systems, especially in high-risk regions. Enhanced defense measures and greater inter-agency coordination are expected to follow. The investigation remains ongoing, and further updates are expected in the coming days.
Read more »
Remote Access Trojan
Data Breach data security Data Theft Fake Documents Fake PDF Info Stealer Malware Attack Malware Trojan Malwares Remote Access Trojan

Malware Hides in Fake PDF to DOCX Converters to Target Crypto Wallets and Steal Data

 

Cybercriminals have launched a deceptive malware campaign that disguises itself as online file converters, specifically targeting users searching for PDF to DOCX tools. This scheme uses convincing replicas of popular converter sites to execute hidden PowerShell scripts and deploy a Remote Access Trojan designed to steal sensitive data, including cryptocurrency wallets and browser credentials. 

Security researchers at CloudSEK investigated the threat following an FBI warning issued last month. They discovered that attackers are using a malware variant called Arechclient2, derived from the known info-stealing family SectopRAT. The campaign works by luring unsuspecting users to malicious websites that impersonate legitimate services like PDFCandy. These fake platforms feature realistic user interfaces, including loading indicators and CAPTCHA forms, to establish trust before delivering the malware. When a user attempts to convert a file, they are redirected multiple times before receiving a ZIP archive named “adobe.zip.” Inside the archive is the malicious payload, which installs the Arechclient2 Remote Access Trojan. 

This malware, active since 2019, is capable of scanning for browser-saved credentials, cryptocurrency wallet seed phrases, and even tapping into decentralized finance tools via Web3 APIs. Stephen Ajayi, Technical Lead at Hacken’s Dapp Audit division, explained that the malware not only lifts crypto wallet details but also enables attackers to “ghost-drain” assets after a transaction approval—making it especially dangerous for Web3 users. CloudSEK advises users to avoid downloading tools from unofficial or unverified sites, particularly free online file converters. Instead, they recommend trusted offline software or tools from official sources. 

They also warn that malicious files often disguise themselves using harmless-looking extensions, so users should inspect file types carefully and use reliable antivirus or endpoint detection software. Ajayi emphasized the importance of a proactive security mindset. “In cybersecurity, trust should be earned. Assume nothing is safe by default,” he said. He advised crypto users and general web users alike to adopt a zero-trust approach, keep their security tools updated, and monitor systems for unusual activity such as rogue msbuild.exe processes. 

As threats like these evolve, staying vigilant, maintaining strong security protocols, and preparing for worst-case scenarios are critical steps for avoiding compromise. Regular training and a well-tested incident response plan remain key defenses against such deceptive but damaging attacks.
Read more »
Ransomwares
Cyber Attacks cybercrime group cybercriminals data security Data Theft DOGE Dogecoin Elon Musk Ransom Demand Ransomware attack Ransomwares

Cybercriminals Behind DOGE Big Balls Ransomware Demand $1 Trillion, Troll Elon Musk

 

A cybercrime group notorious for its outrageous tactics has resurfaced with a ransomware attack demanding an unbelievable $1 trillion from its victims. The group, responsible for the DOGE Big Balls ransomware campaign, has updated its ransom demands with bizarre references to Elon Musk and the Dogecoin meme culture, blending humor with a highly dangerous threat.  

According to a report by Trend Micro researchers Nathaniel Morales and Sarah Pearl Camiling, the attackers are leveraging a modified form of the FOG ransomware to carry out these intrusions. The malware exploits a long-known Windows vulnerability (CVE-2015-2291) through a multi-step PowerShell script that allows deep access into infected systems. Delivered via deceptive shortcut files inside ZIP folders, the malware initiates a chain reaction to execute its payload. Though the ransom note may appear comical—mocking Musk’s past corporate directives and making false claims about stealing “trilatitude and trilongitude” coordinates—the security community warns against taking this threat lightly. 

The ransomware performs environment checks to avoid detection, analyzing machine specs, RAM, and registry entries to detect if it’s being run in a sandbox. If any signs of monitoring are detected, the malware will exit silently. The FBI, in its April 2025 Internet Crime Report, highlighted ransomware—particularly FOG variants—as a dominant threat, impacting critical infrastructure and organizations across the U.S. The report revealed over 100 known FOG ransomware infections between January and March 2025, making it the most reported strain of the year thus far. Beyond encryption, the malware also exfiltrates sensitive data and pressures victims to communicate via the Tor network for instructions. 

The attackers claim stolen files and urge victims not to involve law enforcement, adding a “don’t snitch now” line in their taunting ransom message. Despite its absurd tone, security leaders emphasize the seriousness of the attack. Dr. Ilia Kolochenko, CEO of ImmuniWeb, cautions that many victims discreetly pay ransoms to groups known for not leaking data—urging companies to seek legal and cybersecurity advice before making decisions. 

Although the group hides behind memes and internet jokes, their ability to cause significant operational and financial disruption is very real. Their humor might distract, but the threat demands urgent attention.
Read more »
Ransomware
Data Theft Hunters International malware Ransomware

Cybercrime Group Changes Plans: Drops Ransomware, Focuses on Data Theft

 



A cybercriminal group known for ransomware attacks has decided to stop using those methods and instead focus only on stealing information and demanding money in return. The group, called Hunters International, has rebranded and is now running a new operation.

This group had earlier announced in November 2024 that it would stop its activities. They claimed it was because of low profits and growing attention from police and other authorities. But cybersecurity experts discovered that the group didn’t actually stop – they just changed their approach.

Now, under a new name, World Leaks, the group has returned. Instead of locking people’s files and asking for payment to unlock them, they now secretly steal private data from computers and threaten to release it online unless they’re paid.

According to cybersecurity researchers at Group-IB, the people working with this group are being given a special tool. This software helps them quickly and quietly copy important files from an organization’s systems. It’s believed to be a newer version of a tool they’ve used in the past.

In their earlier version, Hunters International combined two actions: they locked systems (ransomware) and demanded money, and also stole data. But now, they are only stealing data and skipping the system lockout part, which brings less risk and may be harder for authorities to detect.

Hunters International first appeared in late 2023 and was suspected to be connected to an older cyber gang called Hive. Their malware could attack many types of computer systems, including those used by businesses, governments, and servers for virtual machines.

Since then, the group has been behind over 280 attacks on organizations across the globe. They’ve gone after major companies, government bodies, hospitals, and even defense-related firms. In one serious case, they threatened to release personal health records of over 800,000 patients if they weren’t paid.

The group has been targeting companies of all sizes. Experts have seen ransom demands vary, sometimes reaching millions, depending on how large or important the organization is.

Experts say that this shift shows how cybercriminals are always changing tactics to stay ahead. With ransomware becoming riskier and less profitable, many groups may now turn to stealing data as their main method.

To stay safe, organizations should improve their security systems, watch for unusual access, and take steps to protect sensitive data before it’s too late.


Read more »
trending news
cybersecurity news Data Theft malware trending news

ToddyCat Hackers Exploit ESET Vulnerability to Deploy Stealth Malware TCESB

 

A cyber-espionage group known as ToddyCat, believed to have ties to China, has been observed exploiting a security flaw in ESET’s software to deliver a new and previously undocumented malware strain called TCESB, according to fresh findings by cybersecurity firm Kaspersky. The flaw, tracked as CVE-2024-11859, existed in ESET’s Command Line Scanner. 

It improperly prioritized the current working directory when searching for the Windows system file “version.dll,” making it possible for attackers to substitute a malicious version of the file and gain control of the software’s behavior through a method known as DLL Search Order Hijacking. 

ESET has since released security updates in January 2025 to correct the issue, noting that attackers would still require administrative privileges to take advantage of the bug.  
Kaspersky’s research linked this technique to ToddyCat activity discovered in early 2024, where the suspicious “version.dll” file was planted in temporary directories on compromised systems. TCESB, the malware delivered via this method, had not been linked to the group before. It is engineered to evade monitoring tools and security defenses by executing payloads discreetly. 

TCESB is based on a modified version of the open-source tool EDRSandBlast, designed to tamper with low-level Windows kernel structures. It specifically targets mechanisms used by security solutions to track system events, effectively blinding them to malicious activity. To perform these actions, TCESB employs a Bring Your Own Vulnerable Driver (BYOVD) tactic, installing an outdated Dell driver (DBUtilDrv2.sys) that contains a known vulnerability (CVE-2021-36276). 

This method grants the malware elevated access to the system, enabling it to bypass protections and alter kernel processes. Similar drivers have been misused in the past, notably by other threat actors like the North Korea-linked Lazarus Group. Once the vulnerable driver is active, TCESB runs a loop that monitors for a payload file with a specific name. 

When the file appears, it is decrypted using AES-128 encryption and executed immediately. However, the payloads themselves were not recovered during analysis. Security analysts recommend that organizations remain vigilant by tracking the installation of drivers with known weaknesses and watching for kernel-level activity that shouldn’t typically occur, especially in environments not configured for debugging. The discovery further highlights ToddyCat’s ability to adapt and refine its tools. 

The group has been active since at least 2020, frequently targeting entities in the Asia-Pacific region with long-term, data-driven attacks.
Read more »
Smishing attack
cyber attack Data Theft News Smishing attack

Smishing Surge Expected in 2025 Driven by Sophisticated Phishing-as-a-Service Platform

Security researchers are sounding the alarm on a looming global wave of smishing attacks, warning that a powerful phishing-as-a-service (PhaaS) platform named Lucid—run by Chinese-speaking threat actors—is enabling cybercriminals to scale operations across 88 countries. 

According to threat intelligence firm Catalyst, Lucid has evolved from local-level operations into a globally disruptive tool, with a sharp increase in activity anticipated by early 2025. The platform allows attackers to send malicious links via Apple iMessage and Android’s Rich Communication Services, bypassing traditional telecom network filters. It also features a credit card validator, helping criminals confirm stolen financial information in real time. 

Lucid’s architecture offers an automated, subscription-based model that supports customizable phishing campaigns, leveraging anti-detection strategies like IP blocking, user-agent filtering, and time-limited URLs to avoid scrutiny. Threat actors using Lucid are increasingly impersonating trusted entities—such as government agencies, postal services, and toll collection services—to deceive victims and steal sensitive data. 

The U.S. has been hit particularly hard, with smishing scams prompting alerts from the FBI, FTC, state governments, and attorneys general. What sets Lucid apart is its efficiency and scale: researchers say it can send over 100,000 phishing messages per day. Its structure includes roles ranging from administrators to guest users, with weekly licensing options and automatic suspensions for non-renewal. 

These campaigns are notably effective, with a reported success rate of 5%. By operating over the internet and using device fingerprinting and geo-targeted phishing pages, Lucid boosts its reach while staying under the radar. 

It sources phone numbers through data breaches, OSINT, and darknet markets, making it one of the most sophisticated PhaaS platforms today—alongside others like Darcula and Lighthouse. As cybercriminals continue to embrace this plug-and-play model, experts fear smishing will become an even more pervasive threat in the months ahead.
Read more »
Subscribe to: Posts (Atom)