A malicious campaign against Ukrainian entities based in Finland has been distributing the commercial Remote Access Trojan (RAT) named Remcos RAT through a malware loader called IDAT Loader. The attack, carried out by a threat actor known as UAC-0184, used steganography. IDAT Loader, which overlaps with another loader family called Hijack Loader, has recently been used to serve additional payloads such as DanaBot, SystemBC, and RedLine Stealer. A threat actor tracked as TA544 has also used it to deliver Remcos RAT and SystemBC in phishing attacks.

The Biden administration urges the technology industry to make secure products from the start, recently calling for increased use of memory-safe programming languages. The effort by the Office of the National Cyber Director (ONCD) seeks to reduce coding errors that enable attackers to exploit how software manages computer memory. These flaws can be used to compromise or corrupt data and execute malicious code.

Pikabot has returned with updates to its capabilities and components, as well as a new delivery campaign. It is a loader, primarily acting as a delivery mechanism for other malware. It first appeared in early 2023 and has since been widely used by threat actors to deliver payloads. Following the disruption of the Qakbot botnet, Pikabot surfaced as an alternative, becoming especially active in the second half of 2023. It was initially distributed through malspam and malvertising campaigns that promoted seemingly legitimate software like AnyDesk, Slack, and Zoom.

Less than a week after law enforcement hacked the LockBit gang's servers, the group relaunched its ransomware operation on a new infrastructure, threatening to target the government sector more often. The gang published a message about their negligence in allowing the breach and future plans for the operation in a message under a mock-up FBI leak. On February 19, authorities shut down LockBit's infrastructure, which included 34 servers hosting the data leak website, data stolen from victims, cryptocurrency addresses, decryption keys, and more.

Steel giant ThyssenKrupp recently announced that hackers breached systems in its Automotive division, forcing them to shut down IT systems as part of its response and containment effort.  ThyssenKrupp AG is one of the world's largest steel producers, employing over 100,000 personnel and having an annual revenue of over $44.4 billion (2022).  The firm is a crucial component of the global supply chain of products that use steel as a material across various sectors, including machinery, automotive, elevators and escalators, industrial engineering, renewable energy, and construction.

The National Security Agency (NSA), together with the UK National Cyber Security Centre (NCSC-UK) and other partners, has released a Cybersecurity Advisory (CSA) titled "SVR Cyber Actors Adapt Tactics for Initial Cloud Access." The CSA describes how Russia-based cyber actors are changing their tactics, techniques, and procedures (TTPs) to infiltrate and access intelligence in cloud environments. The cyber actors, known as APT29, Midnight Blizzard, the Dukes, or Cozy Bear, are believed to be linked to the Russian foreign intelligence service (SVR).

In an update on January 22, LoanDepot estimated the number of potentially impacted individuals at 16.6 million without providing details on the type of personal information that might have been compromised.  Recently, the mortgage giant revised those numbers and announced that 16.9 million individuals were, in fact, impacted and that it has started sending out notification letters to them.

U-Haul has recently notified tens of thousands of customers that their personal data was compromised in a breach last year. The truck and trailer rental giant confirmed that 67,000 US and Canadian customers were impacted by the incident, which took place between July 20 and October 2 last year. The company says that it learned on December 5, 2023, that legitimate credentials were used by an unauthorized party to access a system U-Haul Dealers and Team Members use to track customer reservations and view customer records.