January 2024: Regions and Industries at Risk

The Red Report 2023

The Top 10 MITRE ATT&CK Techniques Used by Adversaries

DOWNLOAD

Welcome to Picus Security's monthly cyber threat intelligence roundup! 

Each month, we aim to provide a comprehensive yet digestible analysis of the evolving threat landscape, including insights into the most targeted and at-risk sectors, industries, and regions by cybercriminals in the wild.

Our research is conducted throughout the entire month, utilizing a diverse range of resources that span across threat intelligence and malware dump platforms, blogs, exploit databases, sandboxes, and network data query results. We draw upon this wealth of information to provide you with a holistic understanding of the cyber threat environment, with a particular focus on dissecting malware campaigns, attack campaigns conducted by threat actors and advanced persistent threat (APT) groups, and new malware samples observed in the wild.

By following our monthly threat report, you'll be able to ascertain which threat actors or malware could potentially impact your sector, gauge if your country is being specifically targeted, and understand if there is a surge in threat activity correlated with geopolitical events or state-backed actions. 

Simulate Emerging Cyber Threats with 14-Day Free Trial of the Picus Platform

Top Four Most Targeted Regions in January

January 2024 witnessed a sharp rise in cyberattacks around the world, highlighting the urgent need for better cybersecurity defenses. Below, we detail the specific threat actors and malware campaigns that have targeted various regions, including 

  1. North America, 

  2. Europe, 

  3. the Middle East, 

  4. East Asia.

We also list the organizations that were impacted by these attacks, along with the relevant sources for this information.

North America (U.S.) Cyber Incidents in January 

In January 2024, the United States became the focal point for an array of cyber threats, with attackers targeting a wide spectrum of sectors, emphasizing the nation's vulnerability. 

Threat Actors & Attack Campaigns

Malware & Tools

SiegedSec Hacker Group [1], NoName Ransomware Group [2], Medusa Ransomware Group [3], Midnight Blizzard [4], LockBit Ransomware Group ([5], [6]), BlackCat/ALPHV Ransomware Gang [7], BlackBasta Ransomware Group [8], Hunters Ransomware Group [9], UTA0178 (with aliases UNC5221) [10], Mind Sandstorm APT (with aliases APT35, Charming Kitten, PHOSPHORUS) [11], UNC3886 [12], COLDRIVER [13], BianLian Ransomware Group [14], Volt Typhoon APT [15], Lulzsec Hacktivist Group [16], Akira Ransomware Group [17], IntelBroker Hacker Group 

MediaPI, MischiefTut, NirCmd, Persistence.vbs [11], VirtualPita and VirtualPie backdoors [12], Spica Malware [13], Androxgh0st Malware [18], Phemodrone Malware [19], Mimic Ransomware [20]

Table 1. North America as the Most Targeted Region by Threat Actors

The SiegedSec hacker group's "Leaksmas" event [1], which disclosed 50 million records, including data from significant entities like Movistar and the Idaho National Labs, illustrates the broad impact of data breaches. Concurrently, the NoName ransomware group [2] and Medusa ransomware group [3] launched attacks against sectors such as banking, with victims like PrivatBank 24, and public transportation, notably the Kansas City Area Transportation Authority, respectively. These incidents underline the dire consequences of ransomware attacks on critical infrastructure and financial stability.

Equally alarming, the LockBit ransomware group's ([5], [6]) dual attacks on EquiLend and the global fast-food chain Subway reveal a disturbing trend of targeting financial services and the food industry, threatening not only operational continuity but also customer data integrity. State-sponsored activities, such as those by Midnight Blizzard [4] and Volt Typhoon APT [15], further complicated the threat landscape by breaching Microsoft's email systems and exploiting vulnerabilities in Cisco routers, signaling a sophisticated espionage agenda against corporate and governmental networks. The healthcare and education sectors were not spared. The BianLian ransomware group [14] targeted Northeast Spine and Sports Medicine, while the Akira ransomware group [17] compromised data from Van Buren Public School in Michigan. This showcases the indiscriminate nature of cyber threats across various domains.

The breadth of these attacks, spanning sectors from healthcare, education, finance, technology, to critical infrastructure, highlights the multifaceted cyber threat landscape in the U.S. This wave of cyber threats in January 2024 underscores the pressing need for enhanced cybersecurity measures across all sectors to protect against the ever-evolving and sophisticated tactics employed by threat actors targeting the United States.

Europe Cyber Incidents in January 2024

In January 2024, Europe faced a complex cybersecurity threat landscape, with entities across various sectors falling prey to sophisticated cyberattacks.

Threat Actors & Attack Campaigns

Malware & Tools

NoName Ransomware Group [2],  BlackBasta Ransomware Group [8], COLDRIVER ([13], [21]), Mind Sandstorm APT (with aliases APT35, Charming Kitten, PHOSPHORUS) [11], UTA0178 (with aliases UNC5221) [10], Mimic Ransomware [20], Akira Ransomware Group [22], Blackwood APT [23], Slug Ransomware Group [24], LockBit Ransomware Group ([25], [26]), Anonymous Sudan Hacktivist Group [27], Medusa Locker Ransomware [28], Cactus Ransomware Group [29]

Spica Malware [13], GIFTEDVISITOR Webshell, ZIPLINE Backdoor, WARPWIRE Credential Harvester, THINSPOOL Shell-script Dropper, LIGHTWIRE Webshell ([10], [30]), Mimic Ransomware [20], NSPX30 Backdoor [23], 

The NoName ransomware group [2] targeted financial and technology firms across Ukraine, Finland, and other parts of Europe, including PrivatBank 24 and Credit Agricole Bank, highlighting the persistent risk to the financial sector. Meanwhile, the Akira ransomware group's [22] attack on British cosmetics company Lush, resulting in the theft of 110 GB of sensitive data, underscores the vulnerability of the retail sector to data breaches involving personal and financial information.

The Blackwood APT group [23], associated with China, demonstrated the ongoing threat of cyberespionage with its use of the NSPX30 backdoor [23] to target entities in the UK, among other countries, emphasizing the cybersecurity challenges faced by educational and manufacturing sectors. Additionally, the Black Basta ransomware's [8] attacks on water companies, such as Southern Water in the UK, reveal the critical infrastructure's susceptibility to ransomware, impacting operational capabilities and risking sensitive customer data.

The LockBit ransomware group ([25], [26]) expanded its list of victims to include organizations across Germany, Belgium, and other European countries, targeting sectors from health and wellness to public housing and automotive services, showcasing the wide-reaching impact of ransomware across various industries. Russia’s ColdRiver APT’s ([13], [21]) evolution from spear-phishing to deploying custom malware like Spica [13] in its cyberespionage campaigns further illustrates the sophisticated tactics employed by state-sponsored actors targeting Europe, focusing on government, military, and NGO sectors for intelligence gathering.The Medusa Locker ransomware's [28] attack on Water for People, a non-profit organization, highlights the increasing threat to the nonprofit sector, demonstrating that cybercriminals do not discriminate by sector or size when it comes to their targets. 

These incidents collectively paint a picture of a highly diversified threat landscape in Europe, with financial institutions, retail companies, critical infrastructure, non-profit organizations, and sectors involving national security all facing significant cybersecurity threats. This situation underscores the need for robust cybersecurity measures and international cooperation to mitigate the risks posed by both criminal and state-sponsored cyber activities.

East Asia Cyber Incidents in January 2024

In East Asia, January 2024 saw a surge in sophisticated cyber threats, highlighting the region's critical role in the global cybersecurity landscape.

Threat Actors & Attack Campaigns

Malware & Tools

Blackwood APT [23], BlackBasta Ransomware Group [33], ScarCruft APT [34], LockBit Ransomware Group [25], UTA0178 (with aliases UNC5221) [35]  

NSPX30 Backdoor [23], LODEINFO Malware [36], GIFTEDVISITOR Webshell [35], Remcos RAT [37], ThinSpool, LightWire, WireFire, WarpWire, ZipLine [38]

The deployment of Remcos RAT [37] in South Korea, through deceptive means involving webhards and adult-themed game files, showcases innovative tactics by cybercriminals to infiltrate and control systems for data theft and surveillance.

UTA0178's [35] exploitation of Ivanti Connect Secure VPN devices using the GIFTEDVISITOR [35] webshell, likely linked to China, underscores the strategic cyber espionage efforts targeting the region. This campaign, along with the use of malware families like ThinSpool and LightWire  [38], signifies a focused attempt to penetrate high-value targets across East Asia for espionage.

The evolution of LODEINFO malware [36], attributed to Chinese actor Stone Panda (APT10), against Japanese political targets, and the BlackBasta ransomware group's [33] claims against companies like Southern Water and Asahi Glass Co., further illustrate the diverse and persistent cyber threats in East Asia. These incidents, ranging from ransomware to targeted espionage, highlight the sophisticated nature of attacks that entities in the region face.

Moreover, the North Korean ScarCruft APT's [34] phishing campaigns against cybersecurity experts, aiming to steal non-public intelligence, reveal the strategic depth and focus of regional cyber espionage activities. These varied cyber incidents underscore the multifaceted cybersecurity challenges in East Asia, emphasizing the need for heightened security measures and vigilance across sectors.

Middle East Cyber Incidents in January 2024

In the Middle East, cybersecurity threats have become increasingly sophisticated, with significant incidents underscoring the region's strategic geopolitical importance.

Threat Actors & Attack Campaigns

Malware & Tools

Mint Sandstorm APT (with aliases Charming Kitten) [31], Anonymous Sudan and Muddy Water APT Groups [32], UTA0178 (with aliases UNC5221) [35]  

MediaPl Backdoor, MischiefTut PowerShell Backdoor [31], GIFTEDVISITOR Webshell [35]

The UTA0178 group [35], likely linked to China, exploited Ivanti Connect Secure VPN devices' vulnerabilities, affecting thousands of systems potentially. This campaign, identified through the use of the GIFTEDVISITOR [35] webshell and exploiting zero-day vulnerabilities (CVE-2023-46805 and CVE-2024-21887), highlights the strategic targeting of critical infrastructure and government agencies for espionage purposes. The attackers aimed to gain access to internal networks for data theft, demonstrating the high stakes of cybersecurity in the region. The involvement of over 7,000 internet-exposed instances, primarily in the United States, Japan, and Europe, alongside the Middle East, emphasizes the global implications of these vulnerabilities.

Simultaneously, the Mint Sandstorm APT [31], aligned with Iranian state interests and also known as Charming Kitten, has been targeting experts on Middle Eastern affairs, particularly those with insights into the Israel-Hamas conflict. This campaign leverages sophisticated social engineering tactics, masquerading as journalists to deploy novel backdoor malware like MediaPl and MischiefTut [31]. These tools facilitate espionage activities, showcasing the operationally mature capabilities of Mint Sandstorm in conducting cyber espionage aligned with Tehran's objectives. The focus on "high-profile" individuals across several countries, including Belgium, France, Gaza, Israel, the United Kingdom, and the United States, underscores the geopolitical motivations behind these cyberattacks and the broad reach of state-aligned threat actors in the Middle East.

These incidents illustrate the multifaceted nature of cybersecurity threats in the Middle East, where geopolitical tensions often translate into sophisticated cyber espionage campaigns. The targeting of critical infrastructure, government agencies, and individuals with strategic knowledge of regional affairs highlights the need for robust cybersecurity defenses and international cooperation to mitigate the risks posed by these and other sophisticated threat actors in the region.

Top Five Most Targeted Sectors in January 2024

In this section, we will list the most targeted sectors: 

  1. Technology, 

  2. Government and Administration, 

  3. Finance, and

  4. Education.

For each sector, we will provide the corresponding threat actors and APT (Advanced Persistent Threat) groups, as well as their malware campaigns.

Technology: A Prime Sector for Cyberattackers in January 2024

In January 2024, the technology sector witnessed a marked escalation in cyber threats, characterized by a wide range of sophisticated cyber attacks. 

Threat Actors & Attack Campaigns

Malware & Tools

Midnight Blizzard (with aliases Nobelium, APT29, Cozy Bear) [4], UTA0178 (with aliases UNC5221) [10], UNC3886 [12], COLDRIVER [13], LockBit Ransomware Group [46],  Anonymous Sudan and Muddy Water APT Groups [32], Killnet 2.0 Hacker Group [42]

VirtualPita and VirtualPie backdoors [12], Spica Malware [13], Androxgh0st Malware [18], GIFTEDVISITOR Webshell, ZIPLINE Backdoor, WARPWIRE Credential Harvester, THINSPOOL Shell-script Dropper, LIGHTWIRE Webshell ([10], [30]), Phemodrone Malware [19], Mimic Ransomware [20], ThinSpool, LightWire, WireFire, WarpWire, ZipLine [38], MetaStealer Malware [42]

The sector faced challenges from state-sponsored groups like Midnight Blizzard [4], known for its breach of Microsoft's cloud-based email system, and UTA0178 [10], which exploited Ivanti Connect Secure and Ivanti Policy Secure products' vulnerabilities. These incidents highlight the strategic targeting of technology infrastructure for espionage and data theft.

The LockBit ransomware group's attack on Foxsemicon Integrated Technology, a subsidiary of Foxconn, and the deployment of various malware tools like the GIFTEDVISITOR webshell and ZIPLINE Backdoor across different entities ([10], [30]), underscore the persistent threat of ransomware and the constant risk of sensitive data breaches within the technology sector. Additionally, the UNC3886 group's [12] exploitation of a critical vCenter Server vulnerability further illustrates the sector's vulnerability to cyber espionage, especially from groups with the capability to exploit zero-day vulnerabilities for extended periods.

Furthermore, the technology sector also faced threats from decentralized hacker collectives like Killnet 2.0 [42], demonstrating the evolving landscape of cyber threats where traditional hierarchical structures are abandoned for more elusive and distributed approaches to cyber warfare. The sector's challenges were compounded by groups like Anonymous Sudan and Muddy Water APT [32], which targeted telecommunications providers, reflecting the broad spectrum of cyber threats from data theft to service disruption aimed at espionage or geopolitical motivations.

These incidents collectively portray a technology sector under siege from a variety of sophisticated cyber threats. From ransomware attacks compromising major manufacturing entities to state-sponsored espionage targeting critical infrastructure and software vulnerabilities, the sector's wide-ranging challenges necessitate robust cybersecurity defenses and proactive measures to mitigate these risks and protect sensitive information and essential services.

Government and Administration: January's Second Most Targeted in Cybersecurity Breaches

In January 2024, the government sector globally faced a significant surge in cyber threats, showcasing the strategic targeting of government infrastructure and services by a variety of sophisticated threat actors. These attacks ranged from ransomware campaigns to data breaches, emphasizing the critical vulnerabilities within governmental digital infrastructure.

Threat Actors & Attack Campaigns

Malware & Tools

Medusa Ransomware [3], UTA0178 (with aliases UNC5221) [10], Midnight Blizzard [39], Phoenix Hacking Group [40], ColdRiver APT [41], SiegedSec Hacker Group [1] 

GIFTEDVISITOR Webshell, ZIPLINE Backdoor, WARPWIRE Credential Harvester, THINSPOOL Shell-script Dropper, LIGHTWIRE Webshell ([10], [30]), Spica Malware [41] 

The Medusa ransomware group's [3] attack on the Kansas City Area Transportation Authority (KCATA) serves as a stark example of how ransomware can disrupt essential public services. This incident not only paralyzed communication systems but also raised alarms about the potential theft of sensitive user data, illustrating the broader implications of such attacks on public trust and service delivery. The claim by this ransomware group to have compromised sensitive data further highlights the ongoing risks of ransomware attacks against government-related entities.

Additionally, the SiegedSec hacker group's  [1] orchestration of the "Leaksmas" event, resulting in the release of 50 million records, including data from government agencies like the Idaho National Labs, underscores the severe impact of data breaches. This widespread dissemination of sensitive personal and financial information across multiple countries reflects the global scale and reach of cyber threats targeting the government sector. The involvement of government agencies in these breaches points to the critical need for enhanced cybersecurity measures and digital identity protection strategies to mitigate the risks of identity theft and financial fraud.

These incidents, along with targeted campaigns by other actors like UTA0178 [10] and ColdRiver APT [41], leveraging sophisticated tools like the GIFTEDVISITOR webshell and Spica malware [41], underscore the diverse and advanced nature of cyber threats facing the government sector. The deployment of backdoors, credential harvesters, and shell-script droppers against government targets reveals the strategic intent of these actors to infiltrate, disrupt, and extract sensitive information from government systems.

The government and administration sector's prime focus for cyberattacks in January 2024 demonstrates the imperative for governments globally to bolster their cybersecurity defenses. This includes implementing robust cyber hygiene practices, enhancing threat detection and response capabilities, and fostering international cooperation to combat the evolving and sophisticated cyber threat landscape targeting governmental entities.

Finance's Fiscal Firewall Breached: Ranking Third in January's Cybersecurity Siege

In January 2024, the finance sector was a prime target for cyber threats, with multiple actors deploying sophisticated malware and ransomware. 

Threat Actors & Attack Campaigns

Malware & Tools

NoName057 Ransomware Group [2], LockBit Ransomware Group [5], BlackCat (ALPHV) Ransomware Group [7], ColdRiver APT [13], Lulzsec Hacktivist Group [16], Killnet 2.0 Hacker Group [42], BlackWood Threat Actors [43]

AllaKore RAT [44], Trickbot, NSPX30 ([44], [43]), PANDA (PandaX) [45], MetaStealer Malware [42], Spica Malware [13]

In January 2024, the finance sector was heavily targeted by cyber threats, demonstrating its appeal to a wide array of cybercriminals and state-aligned actors. The NoName057 ransomware group's [2] coordinated attacks on key banking and technology firms, such as PrivatBank 24 and Credit Agricole Bank, underscored the global risk landscape facing financial institutions. These incidents highlighted the sector's ongoing battle against cyber threats aiming to disrupt financial operations and compromise sensitive data.

The LockBit ransomware group's [5] breach of EquiLend, a significant U.S. securities lender, further illustrated the impact of ransomware on the sector, disrupting services and threatening data integrity. Similarly, the use of AllaKore RAT [44] in a spear-phishing campaign targeting Mexican banks and cryptocurrency entities showcased the diverse tactics employed by financially motivated threat actors to commit fraud.

Threats from state-aligned entities like ColdRiver APT [13], using sophisticated phishing and custom malware like Spica [13], revealed the complex cyber espionage challenges faced by the finance sector, linked to broader geopolitical tensions. Additionally, the emergence of PandaX Infostealer Malware [45] targeting MacOS users and cryptocurrency wallets highlighted the increasing cyber risks in the digital currency space, emphasizing the need for enhanced security measures.

These varied cyber incidents across the finance sector in January 2024 underscore the urgent need for advanced cybersecurity defenses, proactive threat intelligence, and sector-wide collaboration to safeguard financial operations and sensitive data against a sophisticated and evolving threat landscape.

Education in the Crosshairs: The Fourth Most Targeted Sector in January's Cyber Threat Landscape

In January 2024, the education sector was significantly impacted by cyber threats, highlighting its vulnerability to sophisticated cyberattacks.

Threat Actors & Attack Campaigns

Malware & Tools

Mind Sandstorm APT (with aliases APT35, Charming Kitten, PHOSPHORUS) [11], Hunters International Ransomware Group [47], BlackSuit Ransomware Group [48], Akira Ransomware Group [17], ColdRiver APT [41], Medusa Ransomware [49] 

Spica Backdoor Malware [41], MediaPI Custom Backdoor, NirCmd and Persistence.vbs Scripts [11]

The Mint Sandstorm APT [11], associated with Iran's Islamic Revolutionary Guard Corps, targeted university researchers with a sophisticated phishing scam, focusing on individuals involved in the Israel-Hamas conflict. This campaign utilized social engineering and custom backdoor malware named MediaPl [11] to compromise sensitive information, emphasizing the need for heightened cybersecurity awareness and protection within academic institutions.

Additionally, various ransomware groups, including Hunters International [47], BlackSuit [48], and Akira [17], targeted educational entities ranging from Gallup-McKinley County Schools to Kershaw County School District and Van Buren Public School. These incidents, involving claims of data breaches and unauthorized data extraction, underscore the ongoing threat of ransomware against the education sector. Despite operational websites and unverified claims, these attacks highlight the sector's appeal to cybercriminals seeking to exploit sensitive data, including personal information of students and staff.

The education sector's experience with cyber threats in January 2024 underscores the critical need for robust cybersecurity measures, including user training against unsolicited messages, application of network protection, and cloud-delivered protection. The sector must prioritize safeguarding digital infrastructure to protect against the evolving and increasingly sophisticated landscape of cyber threats targeting educational institutions.

READ MORE

References

[1] P. Nair and R. Ross, “Merry ‘Leaksmas’! Hackers Give Away 50 Million Pieces of PII.” Available: https://www.govinfosecurity.com/merry-leaksmas-hackers-give-away-50-million-pieces-pii-a-24010. [Accessed: Jan. 29, 2024]

[2] A. Khaitan, “Alleged NoName Ransomware Attack Targets Multiple Organizations in a Single Day,” The Cyber Express, Jan. 29, 2024. Available: https://thecyberexpress.com/noname-ransomware-attack-2/. [Accessed: Jan. 29, 2024]

[3] B. Toulas, “Kansas City public transportation authority hit by ransomware,” BleepingComputer, Jan. 27, 2024. Available: https://www.bleepingcomputer.com/news/security/kansas-city-public-transportation-authority-hit-by-ransomware/. [Accessed: Jan. 29, 2024]

[4] M. J. Schwartz and R. Ross, “Microsoft Says Test Account Gave Hackers Keys to the Kingdom.” Available: https://www.govinfosecurity.com/microsoft-says-test-account-gave-hackers-keys-to-kingdom-a-24195. [Accessed: Jan. 29, 2024]

[5] C. Jones, “EquiLend drags systems offline after admitting attacker broke in,” The Register, Jan. 25, 2024. Available: https://www.theregister.com/2024/01/25/cybersecurity_incident_forces_equilend_to/. [Accessed: Jan. 29, 2024]

[6] D. Ahmed, “LockBit Ransomware Gang Claims Subway as New Victim,” Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News, Jan. 23, 2024. Available: https://www.hackread.com/lockbit-ransomware-gang-claims-subway-victim/. [Accessed: Jan. 29, 2024]

[7] S. Jain, “BlackCat Hackers Hit Healthcare Provider BrightStarCare, Threaten Data Leak to HHS,” The Cyber Express, Jan. 25, 2024. Available: https://thecyberexpress.com/cyberattack-on-brightstar-care/. [Accessed: Jan. 29, 2024]

[8] E. Kovacs, “Major US, UK Water Companies Hit by Ransomware,” SecurityWeek, Jan. 24, 2024. Available: https://www.securityweek.com/major-us-uk-water-companies-hit-by-ransomware/. [Accessed: Jan. 29, 2024]

[9] A. Khaitan, “Double Eagle Energy Holdings Targeted by Hunters Ransomware Attack,” The Cyber Express, Jan. 24, 2024. Available: https://thecyberexpress.com/hunters-ransomware-attack/. [Accessed: Jan. 29, 2024]

[10] 2024newsroom Jan 20, “CISA Issues Emergency Directive to Federal Agencies on Ivanti Zero-Day Exploits,” The Hacker News, Jan. 20, 2024. Available: https://thehackernews.com/2024/01/cisa-issues-emergency-directive-to.html. [Accessed: Jan. 29, 2024]

[11] D. Ahmed, “Iran’s Mint Sandstorm Hits Universities with Hamas-Israel Phishing Scam,” Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News, Jan. 19, 2024. Available: https://www.hackread.com/iran-mint-sandstorm-hamas-israel-phishing-scam/. [Accessed: Jan. 29, 2024]

[12] S. Gatlan, “Chinese hackers exploit VMware bug as zero-day for two years,” BleepingComputer, Jan. 19, 2024. Available: https://www.bleepingcomputer.com/news/security/chinese-hackers-exploit-vmware-bug-as-zero-day-for-two-years/. [Accessed: Jan. 29, 2024]

[13] “Russian COLDRIVER Hackers Expand Beyond Phishing with Custom Malware,” The Hacker News, Jan. 18, 2024. Available: https://thehackernews.com/2024/01/russian-coldriver-hackers-expand-beyond.html. [Accessed: Jan. 29, 2024]

[14] S. Jain, “BianLian Ransomware Hits Northeast Spine and Sports Medicine,” The Cyber Express, Jan. 16, 2024. Available: https://thecyberexpress.com/northeast-spine-and-sports-medicine/. [Accessed: Jan. 29, 2024]

[15] P. Nair and R. Ross, “Chinese Nation-State Hacker Is Exploiting Cisco Routers.” Available: https://www.govinfosecurity.com/chinese-nation-state-hacker-exploiting-cisco-routers-a-24093. [Accessed: Jan. 29, 2024]

[16] A. Khaitan, “Lulzsec Hacktivists Leak American Bank Logins in Protest Against Yemen Airstrikes,” The Cyber Express, Jan. 12, 2024. Available: https://thecyberexpress.com/lulzsec-responds-to-yemen-airstrikes/. [Accessed: Jan. 29, 2024]

[17] I. Tripathi, “Akira Ransomware Allegedly Targets Van Buren Public School, Leaks Sensitive Data,” The Cyber Express, Jan. 09, 2024. Available: https://thecyberexpress.com/van-buren-public-school-data-breach/. [Accessed: Jan. 29, 2024]

[18] J. L. Hardcastle, “FBI: Beware of thieves building Androxgh0st botnets using stolen creds,” The Register, Jan. 17, 2024. Available: https://www.theregister.com/2024/01/17/fbi_botnet_warning/. [Accessed: Jan. 29, 2024]

[19] B. Toulas, “Windows SmartScreen flaw exploited to drop Phemedrone malware,” BleepingComputer, Jan. 15, 2024. Available: https://www.bleepingcomputer.com/news/security/windows-smartscreen-flaw-exploited-to-drop-phemedrone-malware/. [Accessed: Jan. 29, 2024]

[20] P. Nair and R. Ross, “Turkish Hackers Exploit MS SQL Servers to Deliver Ransomware.” Available: https://www.govinfosecurity.com/turkish-hackers-exploit-ms-sql-servers-to-deliver-ransomware-a-24086. [Accessed: Jan. 29, 2024]

[21] S. Sharma, “Russian hacker Coldriver extends tactics to include custom malware,” CSO Online, Jan. 19, 2024. Available: https://www.csoonline.com/article/1294806/russian-hacker-coldriver-extends-tactics-to-include-custom-malware.html. [Accessed: Jan. 29, 2024]

[22] C. Jones, “Akira ransomware gang says it stole passport scans from Lush in 110 GB data heist,” The Register, Jan. 26, 2024. Available: https://www.theregister.com/2024/01/26/akira_lush_ransomware/. [Accessed: Jan. 29, 2024]

[23] D. Ahmed, “China-Linked Blackwood APT Deploys Advanced NSPX30 Backdoor in Cyberespionage,” Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News, Jan. 26, 2024. Available: https://www.hackread.com/china-blackwood-apt-nspx30-backdoor-cyberespionage/. [Accessed: Jan. 29, 2024]

[24] I. Arghire, “Aviation Leasing Giant AerCap Hit by Ransomware Attack,” SecurityWeek, Jan. 23, 2024. Available: https://www.securityweek.com/aircraft-lessor-aercap-confirms-ransomware-attack/. [Accessed: Jan. 29, 2024]

[25] A. Khaitan, “LockBit Ransomware Group Expands Operations with New Cyberattack Victims,” The Cyber Express, Jan. 22, 2024. Available: https://thecyberexpress.com/lockbit-ransomware-attack/. [Accessed: Jan. 29, 2024]

[26] A. Khaitan, “Tura Scandinavia AB Encounters Another Cyberattack Following intrusion in December,” The Cyber Express, Jan. 15, 2024. Available: https://thecyberexpress.com/tura-scandinavia-ab-cyberattack/. [Accessed: Jan. 30, 2024]

[27] J. Gold, “London internet attack highlights confusing hacktivism movement,” CSO Online, Jan. 17, 2024. Available: https://www.csoonline.com/article/1291724/london-internet-attack-highlights-confusing-wide-ranging-hacktivism-movement.html. [Accessed: Jan. 29, 2024]

[28] A. Martin, “Ransomware gang targets nonprofit providing clean water to world’s poorest.” Available: https://therecord.media/water-for-people-medusa-ransomware. [Accessed: Jan. 30, 2024]

[29] L. Abrams, “Energy giant Schneider Electric hit by Cactus ransomware attack,” BleepingComputer, Jan. 29, 2024. Available: https://www.bleepingcomputer.com/news/security/energy-giant-schneider-electric-hit-by-cactus-ransomware-attack/. [Accessed: Jan. 30, 2024]

[30] D. Ahmed, “Ivanti VPN Zero-Day Flaws Fuel Widespread Cyber Attacks,” Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News, Jan. 16, 2024. Available: https://www.hackread.com/ivanti-vpn-zero-day-flaws-cyber-attacks/. [Accessed: Jan. 29, 2024]

[31] M. Bagwe and R. Ross, “Iranian Hackers Targeting Middle East Experts.” Available: https://www.govinfosecurity.com/iranian-hackers-targeting-middle-east-experts-a-24128. [Accessed: Jan. 29, 2024]

[32] A. Khaitan, “Surge in Telecommunications Cyberattacks: After Orange, and Kyivstar, Now Thuraya Targeted,” The Cyber Express, Jan. 17, 2024. Available: https://thecyberexpress.com/cyberattacks-on-telecommunications/. [Accessed: Jan. 30, 2024]

[33] S. Jain, “BlackBasta Ransomware Expands Victim List: Southern Water and Asahi Glass Co. Hit,” The Cyber Express, Jan. 23, 2024. Available: https://thecyberexpress.com/blackbasta-ransomware-expands-victim-list/. [Accessed: Jan. 30, 2024]

[34] C. Brumfield, “North Korea’s ScarCruft APT group targets infosec pros,” CSO Online, Jan. 22, 2024. Available: https://www.csoonline.com/article/1296496/north-koreas-scarcruft-apt-group-targets-infosec-pros.html. [Accessed: Jan. 30, 2024]

[35] C. Jones, “Ivanti zero-day exploits explode as bevy of attackers get in on the act,” The Register, Jan. 16, 2024. Available: https://www.theregister.com/2024/01/16/ivanti_zeroday_exploits_explode_into/. [Accessed: Jan. 30, 2024]

[36] “LODEINFO Fileless Malware Evolves with Anti-Analysis and Remote Code Tricks,” The Hacker News, Jan. 25, 2024. Available: https://thehackernews.com/2024/01/lodeinfo-fileless-malware-evolves-with.html. [Accessed: Jan. 30, 2024]

[37] “Remcos RAT Spreading Through Adult Games in New Attack Wave,” The Hacker News, Jan. 16, 2024. Available: https://thehackernews.com/2024/01/remcos-rat-spreading-through-adult.html. [Accessed: Jan. 30, 2024]

[38] E. Kovacs, “Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout,” SecurityWeek, Jan. 12, 2024. Available: https://www.securityweek.com/malware-used-in-ivanti-zero-day-attacks-shows-hackers-preparing-for-patch-rollout/. [Accessed: Jan. 30, 2024]

[39] Guru, “Russian Hackers Who Hacked Microsoft Also Targeted Other Organizations,” Cyber Security News, Jan. 29, 2024. Available: https://cybersecuritynews.com/russian-hackers-microsoft/. [Accessed: Jan. 30, 2024]

[40] S. Jain, “Alleged Phoenix Group DDoS Attack Disrupts US Congress Website,” The Cyber Express, Jan. 05, 2024. Available: https://thecyberexpress.com/phoenix-hit-us-congress-website-in-ddos-attack/. [Accessed: Jan. 30, 2024]

[41] E. Kovacs, “Russian APT Known for Phishing Attacks Is Also Developing Malware, Google Warns,” SecurityWeek, Jan. 18, 2024. Available: https://www.securityweek.com/russian-apt-known-for-phishing-attacks-is-also-developing-malware-google-warns/. [Accessed: Jan. 30, 2024]

[42] A. Khaitan, “Killnet 2.0 Emerges as a Dark Web Force; New Features and Capabilities Discussed,” The Cyber Express, Jan. 29, 2024. Available: https://thecyberexpress.com/killnet-2-0-on-dark-web/. [Accessed: Jan. 30, 2024]

[43] “Website.” Available: https://thecyberwire.com/newsletters/daily-briefing/13/18

[44] “AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks,” The Hacker News, Jan. 27, 2024. Available: https://thehackernews.com/2024/01/allakore-rat-malware-targeting-mexican.html. [Accessed: Jan. 29, 2024]

[45] A. Khaitan, “Unveiling the Latest Threat: A MacOS Stealer Emerges on the Dark Web,” The Cyber Express, Jan. 25, 2024. Available: https://thecyberexpress.com/macos-stealer-alert-on-dark-web/. [Accessed: Jan. 29, 2024]

[46] E. Kovacs, “Ransomware Group Targets Foxconn Subsidiary Foxsemicon,” SecurityWeek, Jan. 18, 2024. Available: https://www.securityweek.com/ransomware-group-targets-foxconn-subsidiary-foxsemicon/. [Accessed: Jan. 30, 2024]

[47] S. Jain, “Hunters International Targets Gallup-McKinley County Schools as Their Latest Victim,” The Cyber Express, Jan. 19, 2024. Available: https://thecyberexpress.com/hunters-targets-gallup-mckinley-county-schools/. [Accessed: Jan. 30, 2024]

[48] S. Jain, “Kershaw County School Hit by Black Suit Ransomware, Data Leak Alert,” The Cyber Express, Jan. 04, 2024. Available: https://thecyberexpress.com/cyberattack-on-kershaw-county-school/. [Accessed: Jan. 30, 2024]

[49] “Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion,” The Hacker News, Jan. 12, 2024. Available: https://thehackernews.com/2024/01/medusa-ransomware-on-rise-from-data.html. [Accessed: Jan. 30, 2024]