The company’s ESG appliances were breached, but their other services remain unaffected by the compromise. Read More
Related Posts
Cyberattack chaos and the impact on families.
Cyberattack chaos and the impact on families.
This week we are joined by N2K CyberWire’s very own Catherine Murphy, and she is sharing her family’s experiences with Lurie Children’s Hospital’s recent cybersecurity incident. Dave shares a story on the dangers of Googling airline customer service numbers when an issue occurs. Joe shares another story on scary scams that are costing people millions of dollars, now getting the FBI involved. Our catch of the day was found from the Washington University in St. Louis from their Scam of the Month posting, which shares another tale of a scam, this time trying to recruit for an open vacancy as a research assistant for undergraduates. The scammers pose as a Professor of Computer Science and Engineering to try and get students to sign up for this fake job posting. Read More
The CyberWire
Webinar Tomorrow: The Active Threat Landscape in the Cloud
Webinar Tomorrow: The Active Threat Landscape in the Cloud
[[{“value”:”
Join the webinar to learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.
The post Webinar Tomorrow: The Active Threat Landscape in the Cloud appeared first on SecurityWeek.
“}]] Read More
SecurityWeek RSS Feed
BlueCharlie Hacker Group Builds a 94-Domain Password Stealing Platform
BlueCharlie Hacker Group Builds a 94-Domain Password Stealing Platform
Threat actors are evolving their techniques and tools at a rapid pace that is completely changing the current threat scenario.
BlueCharlie is a Russia-linked threat group that has been active since 2017 and associated with several other names like:-
Callisto
ColdRiver
Star Blizzard
TA446
While this threat group, BlueCharlie (aka TAG-53), mainly focuses on espionage and leak operations.
Recently, researchers at Recorded Future linked 94 new domains from March 2023 to BlueCharlie, indicating infrastructure modifications in response to public disclosures.
BlueCharlie’s evolved TTPs and advanced infrastructure showcase adaptability to disclosures, enhancing operational security.
At the moment, their current targets are unknown, but their past targets are the following:-
Government
Defense
Education
Political sectors
NGOs
Journalists
Think tanks
BlueCharlie Hacker Group New Infrastructure
Insikt Group notes BlueCharlie’s 94 new domains and changed TTPs, signifying evolution in response to industry disclosures, likely for phishing or credential harvesting.
Moreover, the Insikt Group has tracked BlueCharlie since Sep 2022, and since then, they have been witnessing multiple drastic TTP shifts.
Apart from this, major Shifts like these indicate the threat actors’ industry awareness and sophisticated obfuscation to prevent cybersecurity experts.
BlueCharlie adopts a new domain naming pattern with IT and crypto-related keywords like:-
cloudrootstorage[.]com
directexpressgateway[.]com
storagecryptogate[.]com
pdfsecxcloudroute[.]com
Out of 94 new domains, 78 were registered via NameCheap, and others are registered through the following registrar:-
Porkbun
Regway
Recommendations
Here below, we have mentioned all the recommendations offered by the security researchers:-
The network defenders should improve their phishing defenses.
Make sure to implement FIDO2-compliant multi-factor authentication.
Use threat intelligence and report.
Make sure to educate third-party vendors.
In Microsoft Office, make sure to disable macros by default.
Ensure to implement a frequent password reset policy.
Keep yourself informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.
The post BlueCharlie Hacker Group Builds a 94-Domain Password Stealing Platform appeared first on Cyber Security News.
Cyber Security News