Ticketmaster and other organizations had their Snowflake accounts claimed to be compromised by a ShinyHunters hacker through the breach of software engineering firm EPAM Systems, supporting a Mandiant report linking some of the breaches to third-party contractor hacks, reports Wired.
Hacked legitimate websites have been exploited by threat actors to facilitate novel BadSpace backdoor distribution on Windows machines, The Hacker News reports.
Indian government organizations have been subjected to a cyberespionage campaign by suspected Pakistan-based threat operation UTA0137 that involved the targeting of Linux systems with the DISGOMOJI malware that uses emojis for command-and-control communications via Discord, The Hacker News reports.
Malicious Android apps have been leveraged by suspected Hamas-linked threat operation Arid Viper — also known as APT-C-23, Grey Karkadann, Two-tailed Scorpion, Desert Falcon, and Mantis — to facilitate the deployment of the AridSpy spyware as part of five mobile espionage campaigns, three of which remain active, The Hacker News reports.
Organizations and individuals in the government, defense, and technology sectors across India have been targeted by Pakistan-linked threat group Cosmic Leopard, also known as SpaceCobra, in attacks with the GravityRAT Android malware and HeavyLift Windows malware loader as part of Operation Celestial Force, which has been ongoing since 2018, reports The Hacker News.
BleepingComputer reports that threat actors have launched phishing campaigns involving phony job and recruitment offers to facilitate the spread of the new advanced Warmcookie malware that enables screenshot capturing, machine fingerprinting, and further payload delivery on Windows machines.