Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Hacking. Show all posts
Ukraine
Cyber Attacks Drone Hacking Russia Ukraine

Ukrainian Hackers Claim Major Cyberattack on Russian Drone Manufacturer



In an unsettling development in the ongoing cyber conflict linked to the Russia-Ukraine war, Ukrainian-aligned hacking groups have claimed responsibility for a large-scale cyberattack targeting a major Russian drone manufacturing company.

The targeted firm, identified as Gaskar Group, is believed to play a key role in supplying unmanned aerial vehicles (UAVs) to Russian forces. Two pro-Ukrainian hacker collectives, the BO Team and the Ukrainian Cyber Alliance, reportedly carried out the operation in collaboration with Ukraine’s military intelligence service.

The BO Team, a group known for supporting Ukraine through cyber operations, shared news of the breach on a Telegram channel on July 14. According to their statement, the team successfully gained full access to the internal network, servers, and data systems of the drone company. This breach reportedly allowed them to obtain sensitive technical details about existing and upcoming UAV models.

Following the infiltration, the hackers claimed they deleted a massive volume of data approximately 47 terabytes, which included 10 terabytes of backup files. They also say they disabled the company’s operational and support systems, potentially disrupting production and delaying the deployment of drones to the battlefield.

Ukrainian media sources have reported that Ukraine’s military intelligence has acknowledged the incident. In addition, some of the stolen data has allegedly been made public by the Ukrainian Cyber Alliance. These developments suggest that the cyberattack may have had a tangible impact on Russia’s drone supply chain.

While drone warfare has existed for years, the ongoing conflict has brought about a new level of reliance on smaller, low-cost drones for surveillance, attacks, and tactical missions. Both Ukraine and Russia have used these devices extensively on the frontlines, with drones proving to be a powerful asset in modern combat.

A March 2024 investigation by Reuters highlighted how drone use in Ukraine has grown to an unprecedented scale. First-person view (FPV) drones — often modified from commercial models have become especially important due to their low cost and versatility in hostile zones, where traditional aircraft are often vulnerable to air defense systems.

In June, drones were central to a Ukrainian strike known as "Operation Spiderweb," which reportedly resulted in major damage to Russian air assets.

In response to the latest incident, Gaskar Group has denied that the cyberattack caused serious damage. However, if the claims made by the hacking groups are proven true, the breach could significantly affect Russia’s ability to supply drones in the short term.

As cyber warfare continues to play a larger role in the ongoing conflict, incidents like these reflect how digital attacks are becoming just as critical as physical operations in today’s battles. 

Read more »
UK
Data Breach Hacking IntelBroker UK

UK Man Accused in Major International Hacking Case, Faces US Charges




A 25-year-old British citizen has been formally charged in the United States for allegedly leading an international hacking operation that caused millions in damages to individuals, companies, and public institutions.

Authorities in the US claim the man, identified as Kai West, was the person behind an online identity known as "IntelBroker." Between 2022 and 2025, West is accused of breaking into systems of more than 40 organizations and trying to sell sensitive data on underground online forums.

According to court documents, the financial impact of the operation is estimated to be around £18 million. If convicted of the most serious offense—wire fraud—West could face up to 20 years in prison.

Prosecutors believe that West worked with a group of 32 other hackers and also used the online alias “Kyle Northern.” While officials didn’t name the specific forum used, various sources suggest that the activity took place on BreachForums, a site often linked to the trade of stolen data.

Investigators say West posted nearly 160 threads offering stolen data for sale, often in exchange for money, digital credits, or even for free. His alleged victims include a healthcare provider, a telecom company, and an internet service provider—all based in the US. While official names were not disclosed in court, separate reports connect the IntelBroker identity to past breaches involving major companies and even government bodies.

One particularly concerning incident tied to the IntelBroker persona occurred in 2023, when a data leak reportedly exposed health and personal information of US lawmakers and their families. This included details such as social security numbers and home addresses.

Officials say they were able to trace West’s identity after an undercover operation led them to one of his cryptocurrency transactions. A $250 Bitcoin payment for stolen data allegedly helped link him to email addresses used in the operation.

West was arrested in France in February and remains in custody there. The United States is now seeking his extradition so he can stand trial.

The US Department of Justice has called this a “global cybercrime operation” and emphasized the scale of damage caused. FBI officials described West’s alleged activity as part of a long-running scheme aimed at profiting from illegally obtained data.

French authorities have also detained four other individuals in their twenties believed to be connected to the same forum, although no further details have been made public.

As of now, there has been no official response or legal representation comment from West’s side. 

Read more »
Ukraine
Hacking malware PathWiper Ukraine

New Malware Called ‘PathWiper’ Discovered in Ukraine Cyberattack

 



A new type of harmful computer program, known as ‘PathWiper,’ has recently been found during a cyberattack on an important organization in Ukraine. Security researchers from Cisco Talos reported this incident but did not reveal the name of the affected organization.

Experts believe the attackers are linked to a Russian hacking group that has been known to target Ukraine in the past. This discovery adds to the growing concerns about threats to Ukraine’s key systems and services.


How the Cyberattack Happened

According to the researchers, the hackers used a common tool that companies normally use to manage devices in their networks. The attackers seem to have learned exactly how this tool works within the victim’s system and took advantage of it to spread the malware across different computers.

Because the attack was carried out using this familiar software, it likely appeared as normal activity to the system’s security checks. This made the hackers’ movements harder to notice.


What Makes PathWiper Different

Malware that destroys files, known as “wiper” malware, has been used in Ukraine before. However, PathWiper works in a more advanced way than some of the older malware seen in past attacks.

In earlier cases, malware like HermeticWiper simply searched through storage drives in a straight list, going one by one. PathWiper, however, carefully scans all connected storage devices, including those that are currently not active. It also checks each device’s labels and records to make sure it is targeting the right ones.

In addition, PathWiper can find and attack shared drives connected over a network. It does this by looking into the system’s registry, an area where Windows computers store important system details to locate specific paths to these network drives.


Why This Is Serious

The way PathWiper is built shows that cyber attackers are continuing to create more advanced and more damaging tools. This malware’s ability to carefully search and destroy files across many connected devices makes it especially dangerous to organizations that provide essential services.

Even though the war between Russia and Ukraine has been going on for a long time, cyber threats like this are still growing and becoming more complex. Security experts are warning companies in Ukraine to be extra careful and make sure their protective systems are up to date.


Staying Careful and Updated

It is very important to keep track of new information about this malware. Companies often fix security problems quickly, and attackers may also change their methods. Writers and researchers covering such topics must carefully check for updates and confirm facts using reliable sources to avoid sharing old or incorrect details.

Cisco Talos is continuing to watch this situation and advises organizations to stay alert.

Read more »
threat
APT41 Attack Calendar Cybersecurity Detection Google Hacking malware phishing threat

APT41 Exploits Google Calendar in Stealthy Cyberattack; Google Shuts It Down

 

Chinese state-backed threat actor APT41 has been discovered leveraging Google Calendar as a command-and-control (C2) channel in a sophisticated cyber campaign, according to Google’s Threat Intelligence Group (TIG). The team has since dismantled the infrastructure and implemented defenses to block similar future exploits.

The campaign began with a previously breached government website — though TIG didn’t disclose how it was compromised — which hosted a ZIP archive. This file was distributed to targets via phishing emails.

Once downloaded, the archive revealed three components: an executable file and a dynamic-link library (DLL) disguised as image files, and a Windows shortcut (LNK) masquerading as a PDF. When users attempted to open the phony PDF, the shortcut activated the DLL, which then decrypted and launched a third file containing the actual malware, dubbed ToughProgress.

Upon execution, ToughProgress connected to Google Calendar to retrieve its instructions, embedded within event descriptions or hidden calendar events. The malware then exfiltrated stolen data by creating a zero-minute calendar event on May 30, embedding the encrypted information within the event's description field.

Google noted that the malware’s stealth — avoiding traditional file installation and using a legitimate Google service for communication — made it difficult for many security tools to detect.

To mitigate the threat, TIG crafted specific detection signatures, disabled the threat actor’s associated Workspace accounts and calendar entries, updated file recognition tools, and expanded its Safe Browsing blocklist to include malicious domains and URLs linked to the attack.

Several organizations were reportedly targeted. “In partnership with Mandiant Consulting, GTIG notified the compromised organizations,” Google stated. “We provided the notified organizations with a sample of TOUGHPROGRESS network traffic logs, and information about the threat actor, to aid with detection and incident response.”

Google did not disclose the exact number of impacted entities.
Read more »
Hacking
arrest Bangladesh Breach Court Cyber Security Data E-Commerce Evaly Fraud Hacking

Evaly Website Allegedly Hacked Amid Legal Turmoil, Hacker Threatens to Leak Customer Data

 

Evaly, the controversial e-commerce platform based in Bangladesh, appeared to fall victim to a cyberattack on 24 May 2025. Visitors to the site were met with a stark warning reportedly left by a hacker, claiming to have obtained the platform’s customer data and urging Evaly staff to make contact.

Displayed in bold capital letters, the message read: “HACKED, I HAVE ALL CUSTOMER DATA. EVALY STAFF PLEASE CONTACT 00watch@proton.me.” The post included a threat, stating, “OR ELSE I WILL RELEASE THIS DATA TO THE PUBLIC,” signaling the potential exposure of private user information if the hacker’s demand is ignored.

It remains unclear what specific data was accessed or whether sensitive financial or personal details were involved. So far, Evaly has not released any official statement addressing the breach or the nature of the compromised information.

This development comes on the heels of a fresh wave of legal action against Evaly and its leadership. On 13 April 2025, state-owned Bangladesh Sangbad Sangstha (BSS) reported that a Dhaka court handed down three-year prison sentences to Evaly’s managing director, Mohammad Rassel, and chairperson, Shamima Nasrin, in a fraud case.

Dhaka Metropolitan Magistrate M Misbah Ur Rahman delivered the judgment, which also included fines of BDT 5,000 each. The court issued arrest warrants for both executives following the ruling.

The case was filed by a customer, Md Rajib, who alleged that he paid BDT 12.37 lakh for five motorcycles that were never delivered. The transaction took place through Evaly’s website, which had gained attention for its deep discount offers and aggressive promotional tactics.
Read more »
Trojan
cryptocurrency Cyberattack Hacking malware printing Ransomware remoteaccess Security Software Trojan

Malware Discovered in Procolored Printer Software, Users Advised to Update Immediately

 

For at least six months, the official software bundled with Procolored printers reportedly included malicious code, including a remote access trojan (RAT) and a cryptocurrency-stealing malware.

Procolored, a Shenzhen-based manufacturer known for its affordable Direct-to-Film (DTF), UV DTF, UV, and Direct-to-Garment (DTG) printers, has built a strong reputation in the digital printing market. Since its founding in 2018, the company has expanded to over 31 countries and developed a considerable footprint in the United States.

The issue was first identified by Cameron Coward, a tech YouTuber behind the channel Serial Hobbyism. He was installing the driver and companion software for a $7,000 Procolored UV printer when his security tool flagged a threat: the Floxif USB worm.

After further investigation, cybersecurity firm G Data confirmed that malware was being distributed through Procolored’s official software packages—potentially impacting customers for over half a year.

Initially dismissed by Procolored as a “false positive,” Coward found that every time he attempted to download or unzip the printer software, his system immediately quarantined the files.

“If I try to download the files from their website or unzip the files on the USB drive they gave me, my computer immediately quarantines them,” said the YouTuber.

Coward turned to Reddit for support in analyzing the malware before publishing a critical review. G Data researcher Karsten Hahn responded and discovered that six printer models—F8, F13, F13 Pro, V6, V11 Pro, and VF13 Pro—came with software downloads hosted on Mega that were infected with malware.

Mega.nz is the file-sharing platform Procolored uses to distribute printer software via its official website.

Hahn found 39 infected files, including:

  • XRedRAT: A RAT with capabilities such as keylogging, taking screenshots, accessing the remote shell, and file manipulation. Its hardcoded command-and-control (C2) URLs were consistent with previously analyzed samples.
  • SnipVex: A newly identified clipper malware that infects .EXE files and hijacks Bitcoin addresses copied to the clipboard. This malware is believed to have compromised the developer’s machine or software build environment.

According to G Data, the SnipVex malware was used to steal around 9.308 BTC (worth nearly $1 million at current exchange rates).

Company Response and Security Measures

Though Procolored initially denied any wrongdoing, the compromised software was removed from its website on May 8, and the company launched an internal probe.

In communication with G Data, Procolored explained that the infected files had been uploaded via a USB drive possibly infected with the Floxif worm.

“As a precaution, all software has been temporarily removed from the Procolored official website,” explained Procolored to G Data.

“We are conducting a comprehensive malware scan of every file. Only after passing stringent virus and security checks will the software be re-uploaded.”

G Data later confirmed that the newly uploaded software packages are clean and safe to install.

Customers who previously downloaded Procolored software are urged to update to the new versions and perform a system scan to remove remnants of XRedRAT and SnipVex. Given the nature of SnipVex's binary tampering, experts recommend a thorough system cleaning.

In a comment to BleepingComputer, Procolored emphasized that all of its software has now been verified and is secure:

“Procolored confirms that its software is completely safe, clean, and has no connection whatsoever to any cryptocurrency-related incidents. All software packages have been thoroughly scanned and verified by third-party tools including VirusTotal and G Data, with no threats detected. Users can purchase and use Procolored products with complete confidence, as there is no risk of Bitcoin or other cryptocurrency theft linked to their software.”

“To further reassure customers, Procolored has provided third-party certifications and conducted strict technical checks to prove its software is secure.”

“In particular, the hash values of the key ‘PrintExp.exe’ file were verified and confirmed to match the official values published on Procolored’s website, proving the file is authentic, untampered, and free of any viruses or malware.”

“The company remains fully committed to customer care — no matter the issue, whether software or hardware, Procolored promises to resolve it to customer satisfaction, supported by their dedicated after-sales team and U.S.-based service resources.”


Read more »
Vulnerability
AI Cybersecurity Data Encryption Hacking Passwords penetration redteam SharePoint Vulnerabilities and Exploits Vulnerability

Pen Test Partners Uncovers Major Vulnerability in Microsoft Copilot AI for SharePoint

 

Pen Test Partners, a renowned cybersecurity and penetration testing firm, recently exposed a critical vulnerability in Microsoft’s Copilot AI for SharePoint. Known for simulating real-world hacking scenarios, the company’s redteam specialists investigate how systems can be breached just like skilled threatactors would attempt in real-time. With attackers increasingly leveraging AI, ethical hackers are now adopting similar methods—and the outcomes are raising eyebrows.

In a recent test, the Pen Test Partners team explored how Microsoft Copilot AI integrated into SharePoint could be manipulated. They encountered a significant issue when a seemingly secure encrypted spreadsheet was exposed—simply by instructing Copilot to retrieve it. Despite SharePoint’s robust access controls preventing file access through conventional means, the AI assistant was able to bypass those protections.

“The agent then successfully printed the contents,” said Jack Barradell-Johns, a red team security consultant at Pen Test Partners, “including the passwords allowing us to access the encrypted spreadsheet.”

This alarming outcome underlines the dual-nature of AI in informationsecurity—it can enhance defenses, but also inadvertently open doors to attackers if not properly governed.

Barradell-Johns further detailed the engagement, explaining how the red team encountered a file labeled passwords.txt, placed near the encrypted spreadsheet. When traditional methods failed due to browser-based restrictions, the hackers used their red team expertise and simply asked the Copilot AI agent to fetch it.

“Notably,” Barradell-Johns added, “in this case, all methods of opening the file in the browser had been restricted.”

Still, those download limitations were sidestepped. The AI agent output the full contents, including sensitive credentials, and allowed the team to easily copy the chat thread, revealing a potential weak point in AI-assisted collaborationtools.

This case serves as a powerful reminder: as AItools become more embedded in enterprise workflows, their securitytesting must evolve in step. It's not just about protecting the front door—it’s about teaching your digital assistant not to hold it open for strangers.

For those interested in the full technical breakdown, the complete Pen Test Partners report dives into the step-by-step methods used and broader securityimplications of Copilot’s current design.

Davey Winder reached out to Microsoft, and a spokesperson said:

“SharePoint information protection principles ensure that content is secured at the storage level through user-specific permissions and that access is audited. This means that if a user does not have permission to access specific content, they will not be able to view it through Copilot or any other agent. Additionally, any access to content through Copilot or an agent is logged and monitored for compliance and security.”

Further, Davey Winder then contacted Ken Munro, founder of Pen Test Partners, who issued the following statement addressing the points made in the one provided by Microsoft.

“Microsoft are technically correct about user permissions, but that’s not what we are exploiting here. They are also correct about logging, but again it comes down to configuration. In many cases, organisations aren’t typically logging the activities that we’re taking advantage of here. Having more granular user permissions would mitigate this, but in many organisations data on SharePoint isn’t as well managed as it could be. That’s exactly what we’re exploiting. These agents are enabled per user, based on licenses, and organisations we have spoken to do not always understand the implications of adding those licenses to their users.”
Read more »
Web3
Blockchain cryptocurrency Cyber Attacks CyberCrime Cybersecurity global threat Hacking IT workers North Korea Sanctions Web3

North Korea’s Global Cybercrime Network Uncovered: Fake IT Workers Funding Regime's Ambitions

 

A new report by cybersecurity firm DTEX has exposed how North Korea is operating a sophisticated international cybercrime network by embedding fake information technology workers within leading global corporations. These operatives, disguised as freelance developers, are channeling millions in stolen cryptocurrency to fund the reclusive nation’s military and weapons programs.

According to the report, North Korean agents are not driven by ideology but by a systemic need to survive. Trained from a young age, many are groomed to become covert cyber operatives or IT contractors. Two individuals, using the aliases “Naoki Murano” and “Jenson Collins,” were found residing in Russia and are believed to be involved in infiltrating Western companies. They’ve been linked to a $6 million cryptocurrency theft.

The regime operates through shadowy IT entities like Chinyong, which positions agents in countries like China, Laos, and Russia. These agents gain trust within blockchain and cryptocurrency projects, ultimately diverting digital assets back to Pyongyang. Since 2017, North Korea has reportedly funneled tens of millions of dollars through such schemes—prompting U.S. sanctions for financing weapons development (see: US Sanctions North Korean Entities for Sending Regime Funds).

The report states that North Korea’s cyber program has reached a pivotal stage, with its tactics becoming more aggressive and unpredictable. The regime now deploys techniques ranging from supply chain attacks to financial sector infiltration and even online propaganda. DTEX researchers noted that these operatives are so deeply integrated into major cryptocurrency and Web3 initiatives that, “it would seem that every other Web3 project has a North Korean on the payroll.”

“The threat of unintentionally hiring North Korean IT workers is larger than most people realize,” Kevin Mandia, founder and former CEO of Mandiant, said in a statement accompanying the report. “It's cover is global and active right now - which is why the industry and government need to work together to come up with solutions to counter the threat.”

The study also challenges the notion that North Korean cyber operatives follow rigid roles. Instead, many shift between missions, take on leadership responsibilities, and reuse false identities—suggesting a highly adaptive and fluid structure.

Past investigations have revealed that North Korean attacks on European tech firms were often facilitated by individuals operating from the U.S. and the U.K. An April report by Mandiant warned of increasing attempts by North Korean IT workers to secure positions in defense and government agencies, with U.S. businesses being their primary focus—even as operations grow across Europe (see: North Korean IT Scammers Targeting European Companies).

Michael Barnhart, the lead analyst behind the DTEX report, said his research is based on open-source intelligence, testimonies from defectors, blockchain forensics, and insights from Web3 infrastructure. He also leveraged proprietary datasets from unnamed partners to trace how North Korean agents shift money, access, and identities across borders.

“DPRK operatives are persistent,” Barnhart wrote, adding that North Korean cyber agents “do not take kindly to scrutiny” and “will try to uncover who is studying them and how.”
Read more »
Subscribe to: Posts (Atom)