Tom

Seems like quite some internal systems were infected by InfoStealers.
Quite the irony given the fact that #infostealer like #Lumma, #RedLine, #Raccoon, #Vidar are russion developed and operated #CybercrimeAsaService platforms.

Aeroflot suffers massive outage of their IT systems. | Tom H. Aeroflot suffers massive outage of their IT systems. 🛬🚫 Two groups, Silent Crow and Cyberpartisans BY, claim responsibility in support of Ukraine🇺🇦. 🚩 7,000 servers — physical and virtual — were de...

🚩 Data obtained includes 12TB of databases, 8TB of files from Windows Share, and 2TB of corporate email.

Passengers flight data has also been exfiltrated and is available for researchers for further analysis.

www.linkedin.com/posts/wicked...

#Aeroflot airline got hacked by two pro-ukranian groups, #SilentCrow and #Cyberpartisans. 🛫🚫

🚩 7`000 servers — physical & virtual — destroyed.
🚩 Compromise of 122 hypervisors, 43 installations of ZVIRT virtualization, ~100 iLO interfaces, & 4 Proxmox clusters.

#Ukraine 🇺🇦

Passwörter im Kanton Züri, sind sie zu stark bist du zu schwach.

Erst versucht jemand mein Passwort zu reseten, dann sind leider meine Passwörter zu stark 🥲 und dann gibt es als "starke" Authentifizierung nur SMS 🫠

Schon mal was von Passkeys gehört?

#KantonZH #Zurich #Government #Passwords

Full panel and blog are still functioning.

The hacker supposedly goes by "kho-kho" from Prague. Let me know who he is—I'll pay real money if the information is genuine." 2/2

Lockbit confirmed:

"On 7 May, someone hacked the light panel with auto registration for all comers, stole the database, but not a single decryptor and not a single company's stolen data were compromised. I'm investigating how they managed to hack it and rebuilding it now. 1/2

It reveals the brutal reality of ransomware attacks. They are even attacking #schools: "Dude, we’re #non-profit, educating children,".
Another victim begs: "Dear, $40k is my 6-year salary... Don't spoil my life."

Just remember when #ALPHV / #BlackCat ransomed a breast cancer clinc.

#LockBit #ransomware got breached and leaked tonight. A hacker called "kho-kho" (allegedly from Prague 🇨🇿) breached their panel & leaked a 30MB SQL dump containing:
💶 ~ 60K BTC addresses
💬 Negotiation chats with their victims
🛠️ Build info (dating back to Dec 2024)
📈 Client lists, etc.

- hybrid-analysis.com/sample/1c808...
- www.joesandbox.com/analysis/161...

After some analysis the campaign appears to use Tycoon2FA Phishing Kit.

The website is loading O365 assets from oktacdn[.]com

This domain has been attributed to Tycoon before.
Any.Run: any.run/cybersecurit...

Others like JoeSandbox or Hybrid Analysis currently label it as clean

Proton Drive Securely store, share, and access your important files and photos. Anytime, anywhere.

For anyone interested, here is the sourcode of the phishing site - heavily obfuscated: drive.proton.me/urls/3Z8SZZN...

Be cautious:
As the QR code is ment to be scanned via smartphone, DNS and firewall blocking might have a limited effect!

IOCs:
▶️ [01] no-reply@nepalpottery[.]com
▶️ [02] https://864b5744a8e3e6f83afff7bd2c6.altedsx[.]com/
▶️ [03] https://w5vv.mdernstyle[.]ru/

Defender apparently picks up on it while other mail filters currently let it pass.

Recommended actions:
▶️ Implement a block filter for the nepalpottery
▶️ Implementation of DNS filtering should be implemented.
▶️ Inform your organisation about the current situation.

It contains a lure about an updated company handbook and a QR code.

The QR code leads to Cloudflare protected website [02]. It then forwards to a Microsoft Microsoft 365 themed phishing website [03].

The sender is the compromised mail account Nepal pottery [01].

The subject follows a certain pattern:
<ORG-NAME>-2025 Q1 Staff Pay Adjustment Handbook-<NUMBER>

We currently see an uprising in Adobe QR code based phishing for MS O365 creds 🎣

Recipiens are named, TA apparently did some intel:
▶️ Company name
▶️ Employee names (First and Last)

#Phishing #Adobe #O365 #Microsoft #Cybersecurity #Awareness

mSpy-Leak: So stoppt man Spionage-Apps Mit Überwachungs-Programmen wie mSpy können Privatpersonen einander ausspionieren. Wir erklären, wie man solche Angriffe aufdecken und abwehren kann.

Mit Überwachungs-Programmen wie mSpy können Privatpersonen einander ausspionieren. Wir erklären, wie man solche Angriffe aufdecken und abwehren kann.

netzpolitik.org/2025/mspy-le...

Alle Beiträge zum #mSpyLeak: netzpolitik.org/mspy-leak/

What is the problem of people and companies with the concept „a better place for all of us - no matter who you are“.
It doesn‘t hurt anyone, but it helps people who are already marginalized.

DHS has terminated the memberships of everyone on its advisory committees.

This includes several cyber committees, like CISA's advisory panel and the Cyber Safety Review Board, which was investigating Salt Typhoon.

That review is "dead," person familiar says.

www.documentcloud.org/documents/25...

US president pardons drug market founder and operator to “ honor of her [mother] and the Libertarian Movement, which supported me so strongly”.

What a singal to law enforcement, law abiding citizens and everyone who works to make our society a safer and healthier place. #SilkRoad

Ich war in Bucha🇺🇦, habe mit den Menschen dort gesprochen, gesehen was die Russen verbrochen haben. Menschen haben mir von den Verbrechen erzählt. Und in der sicheren 🇨🇭sitzen Handlanger der Kriegsverbrecher wie Köppel.

#SlavaUkraini #Ukraine

Genau das!
Traurigstes Beispiel ist der institutionelle Rassismus in CH.

www.edi.admin.ch/edi/de/home/...

The inspiration for the domain apparently came from agricamex[.]cl - a Chile food company.
Might be a south american TA.

Right now the website simply redirects to #Google

#ThreatIntel #CyberSecurity #SocialEngineering #Phishing

crt.sh?q=agricamex....

Apparent threat actor: agricamex[.]com 🎣
We observed this domain cloning #MS #Azure #Entra ID websites of our clients.
Domain fronted by #Cloudflare, registered by #GoDaddy.
Cert transparency logs shows activiy since around 2025-01-12. Inc. #Okta, #ADFS, #SCP, #outlook and #O365

‘We’re Fine’: Lying to Ourselves About a Climate Disaster The dystopia of Los Angeles' fires are horrifying, mundane, and everything in between.

We had to evacuate Los Angeles. Most people I know there have also had to leave. We are safe in San Diego and our apartment is unlikely to burn down. We are very lucky. But alongside the visceral horror of the wildfires there is also the mundanity of dystopia

www.404media.co/were-fine-lo...

#VW

Wir wissen wo dein Auto steht - Volksdaten von Volkswagen has been released on media.ccc.de https://media.ccc.de/v/38c3-wir-wissen-wo-dein-auto-steht-volksdaten-von-volkswagen https://events.ccc.de/congress/2024/hub/event/wir-wissen-wo-dein-auto-steht-volksdaten-von-volkswagen/

I love that Apple is trying to do privacy-related services, but this just appeared at the bottom of my Settings screen over the holiday break when I wasn’t paying attention. It sends data about my private photos to Apple.

Orange cat cuddling on their bed.

cat.exe stopped working.
Resource exhaustion.

Chilling after Christmas 🎄 🐈 #cat #catsofbsky #christmas #AdoptDontShop #AnimalRescue #tierschutz