Law enforcement agencies in Europe and Latin America have dismantled "iServer," a Phishing-as-a-Service (PhaaS) platform used by criminals to unlock stolen and lost phones. "Operation Kaerb" led to the dismantling of iServer, which targeted over 1.2 million mobile phones and made over 480,000 victims. According to investigators, there have been 483,000 victims, mostly Spanish-speaking nationals in European, North American, and South American countries. This article continues to discuss the iServer PhaaS platform used by criminals to harvest credentials and unlock phones.

Two people have been charged by the US Department of Justice (DOJ) for stealing over $230 million in cryptocurrency from an individual in Washington, DC. Malone Lam and Jeandiel Serrano are accused of stealing cryptocurrency and trying to launder the proceeds through exchanges and mixing services. The two would hack cryptocurrency accounts and transfer funds to wallets controlled by them, using Virtual Private Networks (VPNs) and other tools to hide. This article continues to discuss the hackers charged for the theft of $230 million in cryptocurrency.

Researchers with the Recorded Future Insikt Group reported that a prolific group of threat actors known as "Marko Polo" is responsible for at least 30 cybercrime scams, including malware attacks, phishing attacks, and cryptocurrency fraud. The group's schemes have hit tens of thousands of victims. They have targeted cryptocurrency influencers and online gaming personalities using social engineering techniques. This article continues to discuss findings regarding the Marko Polo hackers.

Thales found that Application Programming Interface (API) adoption and Artificial Intelligence (AI)-powered bot attacks are rising and costing global organizations tens of billions of dollars yearly. The company's "Economic Impact of API and Bot Attacks" report shares findings from the analysis of 161,000 cybersecurity incidents. According to the report, the cost of insecure APIs grew from $12 billion in 2021 to $35-87 billion today, and up to $116 billion can be attributed to bot attacks. Bot and API threats average $94-186 billion in losses.

A recently discovered Remote Access Trojan (RAT) named "SambaSpy" has a Swiss Army knife-like set of spying and data theft functions. Its creators, believed to be Brazilian, have made the RAT difficult to detect and analyze by obfuscating it with "Zelix KlassMaster," a legitimate tool that developers often use to protect their code from reverse engineering and unauthorized modification. This article continues to discuss findings regarding the SambaSpy RAT.

The National Security Agency (NSA) has joined the Federal Bureau of Investigation (FBI), the US Cyber Command's Cyber National Mission Force (CNMF), and international allies in releasing new information regarding People's Republic of China (PRC)-linked cyber actors who have compromised Internet-connected devices to build a botnet and perform malicious activities. According to NSA Cybersecurity Director Dave Luber, the botnet involves thousands of US devices with victims in various sectors.

Microsoft has revealed that a financially motivated threat actor has been targeting US healthcare with "INC" ransomware. The company's threat intelligence team tracks the activity as "Vanilla Tempest," formerly named "DEV-0832." This article continues to discuss findings regarding the new INC ransomware being used against the healthcare sector in the US. 

THN reports "Microsoft Warns of New INC Ransomware Targeting US Healthcare Sector"

Submitted by grigby1

The Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment (FOCAL) plan from the US Cybersecurity and Infrastructure Security Agency (CISA) aims to align the federal enterprise against cyber threats. CISA points out that federal agencies have built their own cyber defense capabilities, but there is no cohesive or consistent baseline security posture across the federal enterprise, so risk management varies widely. CISA's FOCAL plan outlines proven practices and collective cybersecurity goals. This article continues to discuss the FOCAL plan.

Researchers found new activity conducted by "TeamTNT" dating back to 2023, even though the group was believed to have disappeared in 2022. TeamTNT carried out numerous cryptojacking attacks, using victims' Information Technology (IT) resources to mine cryptocurrency illegally. According to Group-IB, the threat actor emerged in 2019 with its "homebrewed" malware involving an advanced toolkit of shell scripts and malicious binaries. The group's cryptojacking campaigns would target vulnerable public instances of "Redis," "Kubernetes" and "Docker" to steal credentials and install backdoors.

Fake human verification pages are tricking Windows users into installing malware. Palo Alto Networks' Unit 42 found seven fake CAPTCHA-style human verification pages in late August 2024. After clicking a button on these pages, victims are instructed to paste a PowerShell script into a Run window. According to Unit 42 threat hunter Paul Michaud II, this copy/paste PowerShell script retrieves and runs a Windows EXE for the "Lumma Stealer" malware. This article continues to discuss findings regarding malware delivery through fake human verification pages.