Recorded Future's Insikt Group discovered new infrastructure likely used by the operators of the commercial spyware called Predator in at least 11 countries. Analysts identified potential Predator customers in Angola, Armenia, Botswana, Egypt, and more, by examining the domains most likely used to deliver the spyware. Predator, developed by the Israeli-owned spyware consortium Intellexa, has been active since at least 2019, infecting Android and iPhone devices. The sophisticated spyware can access a device's microphone, camera, and all stored or transmitted data.

YX International has secured a database that exposed one-time security codes that could have given access to Facebook, Google, and TikTok accounts. The Asian technology and Internet company manufactures cellular networking equipment and offers SMS text message routing services. SMS routing facilitates the delivery of time-critical text messages to their intended recipients across different regional cell networks and providers, such as a user receiving an SMS security code or link for logging in to online services.

The Düsseldorf Police in Germany recently seized Crimemarket, the largest German-speaking illicit trading platform on the internet, arresting six people, including one of its operators.  The police noted that Crimemarket was a hub for trading illegal drugs, narcotics, and cybercrime services, while it also hosted tutorials/guides for conducting various crimes.  The police said that during the operation, 102 search warrants were executed throughout the country simultaneously during the evening of February 29th, 2024.

The U.S. Department of Justice (DoJ) recently unveiled an indictment against Alireza Shafie Nasab, a 39-year-old Iranian national, for his role in a cyber-espionage campaign targeting U.S. government and defense entities.  The DoJ noted that the campaign was active from at least 2016 until April 2021 and targeted over a dozen American organizations, including the Departments of the Treasury and State, various defense contractors, and New York-based accounting and hospitality companies.

The MITRE-led Common Weakness Enumeration (CWE) program has added four new microprocessor-related vulnerabilities to its list of common software and hardware flaws. Of the updates included in CWE Version 4.14, the latest version of the popular resource for describing and documenting various types of weaknesses, the new CWEs are the most signficiant.

According to Zscaler researchers, an Advanced Persistent Threat (APT) group dubbed SPIKEDWINE has been targeting European officials with a backdoor called WINELOADER. The group used a PDF document masquerading as an invitation letter from India's Ambassador. The campaign is distinguished by its low volume and the threat actors' advanced tactics, techniques, and procedures (TTPs). Zscaler's evidence suggests that this campaign has been active since at least July 6, 2023. The threat actor used compromised websites to host intermediate payloads or as Command-and-Control (C2) servers.

US government agencies recently warned organizations of ongoing Phobos ransomware attacks targeting government, education, emergency services, healthcare, and other critical infrastructure sectors.  Active since May 2019, Phobos operates under the ransomware-as-a-service (RaaS) business model and has successfully extorted several millions of dollars from victim organizations.

"CryptoChameleon" is a phishing campaign that began by targeting cryptocurrency customers but has since changed to focus on employees at Binance, Coinbase, and the Federal Communications Commission (FCC). According to Lookout researchers, these employees are targeted and phished through fake Single Sign-On (SSO) pages mimicking the actual Okta SSO pages at the targeted organizations, allowing the attackers to steal login credentials as well as personal and enterprise data.

According to Group-IB's Hi-Tech Crime Trends 2023/2024 report, the partnership between ransomware groups and Initial Access Brokers (IABs) remains powerful in the cybercrime industry. There has been a 74 percent year-on-year increase in companies that had their data uploaded on Dedicated Leak Sites (DLS). Global threat actors have also shown an increased interest in Apple platforms, as evidenced by the significant growth in underground sales of macOS information stealers. Group-IB experts observed a 70 percent increase in public posts offering zero-day exploits for sale.

The US Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing and Analysis Center (MS-ISAC), and international partners have released a Cybersecurity Advisory (CSA) in response to the exploitation of multiple vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. According to the organizations and industry partners, these vulnerabilities have been targeted by various cyber threat actors.