news
Breaking Cyber News From Cyberint
Breaking news feed of the latest cyber incidents, breaches, vulnerabilities, malware, ransomware and so much more.
- All Items
- Magouilleur
- Europe
- Education
- Western Europe
- France
- Paris 1 Panthéon-Sorbonne University
- Government
- exclusive
- Real Estate
- Sarcoma
- Suntrust Properties
- South-Eastern Asia
- ransomware
- Asia
- breach
- Philippines
- Sarcoma - Suntrust Properties - Ransom - 2024-10-09
- Energyweaponuser
- Zjj
- Technology
- North America
- Intelbroker
- Cisco
- United States
- Darkraas
- Israel
- Middle East
- global
- Finance
- Handala
- Doscast
- Moneygram - Breach - 2024-09-20
- Moneygram International
- Mb Villar Group
- Deathnote Hackers
- Villar Group - Breach - 2024-09-20
- Dnh@Klammer
- Lordzeroday
- Mossad
- Adobe
- vulnerability
- Retail
- Global
- Toyota Bicutan
- Ikaruz Red Team
- Medusa - Azpired - Ransom - 2024-09-18
- Azpired
- Medusa
- Southern Asia
- Germany
- Sportstech
- Grep
- Erasmus
- European Union
- Suspect
- United Kingdom
- Md Diamonds
- Healthcare
- Rdp Hijacking
- Manufacturing
- Dashoar
- Sweden
- Cobraegyleaks
- Latin America And The Caribbean
- Mexico
- 888
- Argentina
- Tiendup
- Liquid Blood
- Народная Cyberармия
- Noname
- Ukraine
- I2Ptard
- Ukraine Ministry Of Justice
- Philippines Department Of Foreign Affairs (Dfa)
- Government Service Insurance System (Gsis)
- Deathnote Hackers - Government Service Insurance System (Gsis) - Breach / Defacement - 2024-09-12
- Israeli Industrial Batteries
- Vidisco X-Ray
- Mimichan
- Club Atlético Vélez Sarsfield
- India
- Bharat Petroleum
- Energy
- Sorb
- Aerodactyl
- Temu
- 303
- Taiwan
- Chunghwa Telecom
- N1K7
- Telecommunications
- Eastern Asia
- Caterpillar
- Zerosevengroup
- Kale Savunma
- Sacara
- Business Services
- Rapid E - Suite
- Horrormar44
- Cultura
- Truffaut
- G0Dhand
- Mptc - Breach - 2024-09-07
- Transportation
- Metro Pacific Tollways
- Cve-2024-40766
- CVE-2024-40766
- Akira
- Sonicwall
- Spyagent
- South Korea
- Thailand
- Tourism
- Tourism Authority Of Thailand
- Mitsubishi Chemical Group
- Japan
- Chemicals And Allied Products
- Everest
- Indonesia
- Indonesian National Police
- Hikkl-Chan
- Vkontakte
- Vk - Breach - 2024-09-02
- Russia
- Elmi Elettromeccanica
- Cybervolk.
- Italy
- University Of Makati
- Makati Government
- Makati Medical Center
- Wypoondevx
- Denial Of Service
- Ghost Exodus Ph
- Presidential Communications Office
- Philippines Exodus Security
- hacktivist
-
Oct 16, 2024
Data Breach at Sorbonne University Exposes Personal Information of Over 73,000 Users
In a recent post on BreachForums, the TA Magouilleur claimed to have uploaded sensitive data from Université Paris 1 Panthéon-Sorbonne, affecting more than 73,000 users. The data stolen in September 2024 includes login IDs, email addresses, names, studies, photos, and other personal information. The post indicated that 26 files were made available, along with a sample file. According to the post, the data includes easily identifiable personal details, which could be exploited for malicious purposes.
-
Oct 15, 2024
Sarcoma Ransomware Group Attacked Suntrust Properties
A new threat group, known as Sarcoma Ransomware, recently attacked Suntrust Properties in the Philippines. The attack has led to a massive amount of data exfiltrated (around ~1TB in size) by the threat actor. The leaked information includes confidential files and SQL databases. Sample data has been released by the ransomware group, which mainly includes: - Professional Regulation Commission (PRC) Identifications (IDs) of employees and clients - Government-issued Identifications, such as driver’s licenses and police identification cards - Legal Documents, such as property transaction contracts and buyer acceptance forms - SQL databases containing corporate data related to real estate operations
-
Oct 15, 2024
Threat actors IntelBroker and EnergyWeaponUser Claim To Have Breached Cisco, Leaking API Tokens And Data Belonging To Its Customers
On October 6, 2024, the threat actors "IntelBroker," "EnergyWeaponUser," and "zjj" announced the sale of data from a recent Cisco breach. The compromised data includes GitHub and GitLab projects, SonarQube projects, source code, hardcoded credentials, certificates, customer SRCs, confidential Cisco documents, Jira tickets, API tokens, AWS private buckets, Docker builds, Azure storage buckets, private and public keys, SSL certificates, and details on Cisco premium products. Several major companies, including Verizon, AT&T, Bank of America, Barclays, British Telecom, Microsoft, Vodafone, and Chevron, are reportedly affected.
-
Oct 13, 2024
Access to Compromised Servers of Israeli IT Firm Offered for Sale
A threat actor known as 'DarkRaaS' is offering access to six compromised servers from an Israeli IT and cloud infrastructure company. The servers reportedly have a capacity of 6TB. The access is being sold for $30,000, but the threat actor has not provided any sample data to confirm the breach. The name of the targeted company was not disclosed.
-
Oct 13, 2024
Israeli Municipality Network Access Offered for Sale on Cybercrime Forum
A threat actor known as 'DarkRaaS,' associated with the 'DarkSide Group,' is offering full network access to the cloud infrastructure of an Israeli municipality for sale on the cybercrime forum 'Breached.' The access is priced at $15,000, though no sample data has been provided to verify the breach.
-
Oct 10, 2024
Threat Actors Exploit GitHub Trusted Reputation to Distribute Malware
In a concerning development, threat actors are once again leveraging GitHub’s reputation to bypass security gateways. They are observed distributing malicious GitHub repository links within the comments of trusted repositories to spread malware. Organizations with open-source repositories that permit comments are particularly vulnerable to this attack. Malicious actors can submit comments linking to malicious code , which may then be embedded in a subdirectory of the organization’s main open-source code or archive which can be accessed. Even with the comment removed the file is archived and the link to the malware can remain alive. This also has the opportunity to be a drive-by attack vector for other malware types. Organizations should consider adding additional measures to block Github links that may bypass secure email gateways' security. Add additional warning messages so users are aware of the potential risks, or configure certain policies to protect against unsolicited downloads from GitHub.
-
Oct 10, 2024
'Handala' Claims Breach of Israeli Podcast Website 'Doscast'
The hacker group 'Handala' claims to have breached the Israeli podcast website 'Doscast,' allegedly gaining access to 3 million data entries belonging to over 100,000 users. The compromised data reportedly includes email addresses, names, phone numbers, and other personal details.
-
Oct 10, 2024
Access to Over 85,000 Records from Israeli Loan Company Offered for Sale
A threat actor known as 'DarkRaaS,' affiliated with the 'DarkSide Group,' is offering access to over 85,000 records from an undisclosed Israeli loan company for sale on the cybercrime forum 'Breached.' The records reportedly include sensitive personal and financial data, such as loan application statuses, mortgage information, full names, and residential details. The seller is asking for $50,000 but has not provided any sample data to verify the breach.
-
Oct 10, 2024
Data Breach on Moneygram
On October 07, 2024, MoneyGram Payment Systems, Inc. released an official statement that they had been a victim of a cyber-attack. According to the company, the incident began on September 20, 2024, which led to some disruption in their operations that lasted more than three (3) days. On September 27, 2024, the company detected that threat actors gained unauthorized access to their network and systems between September 20 to 22, 2024. This data breach impacted several customers' information, including names, contact information (such as phone numbers, email and postal addresses), dates of birth, Social Security numbers, copies of identification documents, bank account numbers, MoneyGram Plus Rewards numbers, transactional data, and some criminal investigation information. As per Moneygram, the investigation for this breach is still ongoing.
-
Oct 08, 2024
Over 2.3M Records for Sale: Villar Group hit by Massive Data Breach conducted by DeathNote Hackers
The vigilante hacker group "DeathNote Hackers" has reportedly breached the Villar Group of Companies. The group claims to have accessed 11 million records containing information about transactions, employees, and clients of the Villar conglomerate but has partially released 2.3 million records, including customer names, contact numbers, addresses, emails, bank details, company names, payslips, employee information, passwords, and production files. The breach is said to have affected various Villar-owned brands, such as: Camella, Lumina Homes, Brittany Corporation, Golden Haven, MGS Construction, PAVI, Vista Land and Lifescapes, Starmall, Bria Homes, AllBank, AllHome, Kratos ResInc
-
Oct 06, 2024
Alleged Mossad Database Offered for Sale on 'BreachForums'
A database allegedly containing confidential documents related to the 'Mossad' has been offered for sale on the cybercrime forum 'BreachForums' by a threat actor named 'LordZeroDay.' The samples provided by the threat actor include names, phone numbers, city of residence, and more.
-
Oct 04, 2024
Widespread E-commerce Websites Compromised Due to Critical CosmicSting Vulnerability
Allegedly, 5% of all Adobe Commerce and Magento stores were compromised due to CVE-2024-34102 (also known as a Magecart attack) since its catalog in mid-July 2024. E-commerce sites that were not patched resulted in the potential silent exfiltration of payment card information to threat actors’ command and control (C2) servers. Combined with other vulnerabilities such as CVE-2024-2961 threat actors can also initiate remote code execution (RCE) and install back-door access to servers for persistence access.
-
Oct 04, 2024
Toyota Bicutan Philippines Breach by Ikaruz Red Team
Following the recent attacks on other Toyota branches in the Philippines, another branch got breached - this time by Ikaruz Red Team. The breach was discovered on September 27, 2024, after the threat group posted the breach information in BreachForums. The breached data mainly contain sensitive customer data, including names, vehicle details, service repair information, and billing/transaction data.
-
Oct 04, 2024
Ransomware Attack on Azpired
Azpired is an outsourcing service center with a number of locations in the Philippines, three offices in Cebu and Cagayan De Oro City. On September 18, 2024, it was discovered that Azpired got hit by a ransomware attack conducted by Medusa Ransomware group. The breach exposed ~200GB worth of sensitive employees and clients data that has already been leaked in several underground forums and channels. The exposed data mainly contains the following: - Employees PIIs, such as identification documents, contact information, and financial records. - Clients PIIs and financial transaction data As of this writing, Azpired still hasn't released any official statement regarding the ransomware attack.
-
Oct 02, 2024
Sportstech - Breach - 2024-09-30
In September 2024, the threat actor "grep" leaked the Sportstech database on a darknet forum following a data breach affecting the German fitness brand. The breach involved the personal information of 44,248 individuals, including names, email addresses, phone numbers, zip codes, countries, states, and registration dates.
-
Oct 02, 2024
-
Sep 26, 2024
Breached database of MD Diamonds And Jewellers is leaked on BF
In a post on Breached Forums, a threat actor named grep shares the breached database of the UK company MD Diamonds And Jewellers. According to the post, the breach occurred in September 2024, and the database he shares contains 2 million lines of contacts, private messages between customers and their data, certificates, and other internal data. A sample of the data is attached to the post. In the post, the TA attributes the attack to himself.
-
Sep 26, 2024
RDP access to a Swedish company in the industrial sector is for sale
A threat actor named "dashoar" is selling unauthorized RDP access to a Swedish company in the industrial machinery and equipment sector for a negotiable price. According to the claim, the targeted company generates an annual revenue of $9.7 billion.
-
Sep 25, 2024
Mexico 130K Lines Combolist exposed
The threat actor "CobraEgyLeaks, posted on the cybercrime forum known as "BreachForums," an EMAIL:PASS (Username and Password) combo list with over 130K lines. According to the file, the emails are related to multiple government, educational, and private companies from Mexico. Anyone with access to this information could potentially try to brute force into specific websites, putting at risk to the users and relevant companies.
-
Sep 24, 2024
-
Sep 23, 2024
Tiendup e-commerce platform Data breach
The threat actor **888** offered on the cyber crime forum "BreachForums" a potential Database of the e-commerce for digital businesses "TiendUp". According to the threat actor, the file contains more than 47K rows of Order information as well over 300K unique emails. The compromised data includes: First Name, Last Name, Email Address, Phone Number, Date Created, Currency, Total Amount, Promo Code, Payment Status, Payment Method, Delivery Status, Quantity, Price, etc.
-
Sep 22, 2024
People's CyberArmy and Liquid Blood have announced alliance
In a Telegram post by People's CyberArmy (Russian- Народная CyberАрмия) they announce: "Today we have entered into an alliance with a young but extremely promising team- Liquid Blood. We hope for long and fruitful cooperation." Both are pro-Russian hacktivist groups.
-
Sep 22, 2024
NoName and Liquid Blood have announced a new alliance.
On their Telegram channel they posted- "The enemy is not slumbering - that's why we must build up our collective cyber fist to fight back the banderites and other evil!" Both of the groups are known for their pro-Russian activities; they have recently been targeting Ukraine, Taiwan, Sweden, France, the UK, South Korea, Australia, and Kenya.
-
Sep 22, 2024
Email data for the Ministry of Justice of Ukraine offered for sale
A post by the threat actor i2ptard on onniforums offers access to an email data belonging to Ukraine's Ministry of Justice (mail.minjust.gov.ua). The seller claims the email follows a specific format based on location and department codes and includes a significant number of files, such as Word documents (docx), PDFs, and some database files (mdb). The account is offered for sale at 1 Monero (XMR), with the TA willing to use escrow for the transaction and provide proof of access by sending an email from the compromised account.
-
Sep 20, 2024
Alleged Breach on Personal Data of 28 Million Philippine Passport Holders
The Department of Foreign Affairs (DFA) in the Philippines revealed that the personal data of 28 million passport holders may be compromised due to the national printing office's failure to implement sufficient cybersecurity protections. This issue came to light during a Senate hearing, raising concerns about the security of sensitive information. The DFA is now working to address these vulnerabilities to protect the data of passport holders moving forward.
-
Sep 20, 2024
Government Service Insurance System (GSIS) Breach by DeathNote Hackers
On September 12, 2024, DeathNote Hackers revealed that they breached the Government Service Insurance System (GSIS), accessing its system using an administrator account without detection. They manipulated modules and apps, pointing out that the IT department failed to notice any red flags. This highlights serious vulnerabilities in GSIS's security and monitoring systems. The hackers warned that if this had been a malicious attack, the damage could have been significant. They emphasized the importance of addressing these security gaps to prevent future exploitation, especially from more dangerous actors. The incident calls for an urgent review of GSIS's cybersecurity defenses.
-
Sep 19, 2024
'Handala' Claims Breach of Israeli Producer of Industrial Batteries 'IIB'
The hacker group 'Handala' claims to have breached 'IIB' (Israeli Industrial Batteries), a producer of industrial batteries, as part of their OPIsrael campaign. According to the group, they obtained 6 TB of sensitive data, including emails, financial and administrative documents, design files, and more, though no samples have been provided yet.
-
Sep 19, 2024
'Handala' Claims Breach of Israeli Defense and Space Manufacturer 'Vidisco X-ray'
The hacker group 'Handala' claims to have breached the Israeli defense and space manufacturer 'Vidisco X-ray,' which they allege collaborates with the Israeli Ministry of Defense, as part of their OPIsrael campaign. According to the group, they obtained 10 GB of confidential company information, including design and development documents. They have also released samples of the purportedly breached data.
-
Sep 18, 2024
Database of Velez Sarsfield Club members for sale
The threat actor MimiChan is offering for sale on the cyber crime forums know as "BreachForums" a database of over 180K members of the Football club Club Atletico Velez Sarsfield. According to the threat actor, the database includes personal information such as member status, ID, alias, full name, address, phone, CUIT, Picture, etc. A sample with a potential proof of access was also shown. No specific selling price was posted.
-
Sep 18, 2024
A Threat Actor Claims To Have Breached Fortune 500 Company Bharat Petroleum
On September 3, 2024, the threat actor "Sorb" claimed to have breached Bharat Petroleum, a service for purchasing and delivering bottled gas. According to the threat actor, the dataset comprises 592 CSV tables totaling 143 gigabytes, with the main orders table containing 148 million rows, including 21 million unique entries. The compromised data includes personal information such as phone numbers, names, delivery addresses, and additional details related to delivery, payment, and order lists. The data is being offered for $1,500.
-
Sep 17, 2024
Threat Actor Claims To Have Breached Temu And To Have Stolen 87 million Records
On September 16, 2024, the threat actor "Aerodactyl" announced that a database from the company Temu is up for sale. According to the threat actor, this database, which was accessed via a subdomain contains over 87 million lines of data. The sample provided includes various personal details such as names, addresses, phone numbers, and more.
-
Sep 17, 2024
Threat Actors Claim To Have Breached Taiwan's Biggest Telecommunications Company - Chunghwa Telecom
In September 2024, the threat actors "303" and "N1k7" claimed to have breached Chunghwa Telecom, a Taiwan-based Telecommunications company, and to have gained access to its database. According to the threat actor, 400GB of data belonging to Chunghwa Telecom's customers, including sensitive information and documents, was taken.
-
Sep 16, 2024
Threat Actors Claim To Have Exfiltrated 80 GB Of Data Belonging To Caterpillar
In September 2024, the threat actor group ZeroSevenGroup claimed to have breached CAT (Caterpillar Inc.), alleging the theft and release of 80GB of data. This purportedly includes sensitive information such as projects, employee and customer details, financial records, engine and machinery designs, and email communications.
-
Sep 15, 2024
Database of Israeli Defense Companies Offered for Sale on a Cyber Crime Forum
The threat actor group “ZeroSevenGroup" offers for sale a database allegedly related to several Israeli companies from the defense sector. According to the group, the database contains confidential governmental information, such as contracts from secret meetings with governments and companies, reports on organizations purportedly tied to Israel, and sensitive data on diplomatic and military relations, defense technologies, airports, ports, etc. The database is priced at 200K XMR (Monero) and is allegedly being offered exclusively to seven entities: Hamas, Hezbollah, Houthis, the Iranian government, Kata'ib Hizballah, the Russian government, North Korean government, and Chinese government.
-
Sep 15, 2024
Threat Actors Claim Breach Of Turkish Defense Contractor Kale Savunma
On September 14, 2024, the threat actor group “ZeroSevenGroup” announced the sale of a comprehensive data dump from KALE SAVUNMA, a Turkish defense and space manufacturing company. The breach reportedly includes 70 GB of sensitive information, such as backups, database contents, project details, manufacturing designs, and personal data of employees, customers, and partners. Additional exposed data encompasses research, agreements, financial details, applications, photos, IDs, and system schematics. The leak also contains confidential data related to major Turkish defense companies including Aselsan, Havelsan, and Roketsan.
-
Sep 12, 2024
A Threat Actor claims to have breached Israeli-based Sacara
In September 2024, a threat actor named 888 claimed to have breached Sacara and to have gained access to its database. According to the threat actor, nearly 700 thousand rows of user data belonging to Sacara's customers were taken, including club codes, customer names, addresses, phone numbers, dates of birth, and email addresses.
-
Sep 12, 2024
IntelBroker Claims To Have Breached Rapid E-Suite, Stealing Entirety Of Its Source Code
In September 2024, a threat actor named intelbroker claimed to have breached Rapid E-Suite and to have gained access to its database. According to the threat actor, the entire source code, along with PDFs and hardcoded credentials belonging to rapidesuite's customers, was taken.
-
Sep 11, 2024
Database of 'Cultura' Offered for Sale on a Cyber Crime Forum
The French retailer Cultura fell victim to a data breach in which threat actors gained access to a portion of its customer information. The hacker, known as 'horrormar44,' claims to have obtained over 2 million records containing sensitive details such as email addresses, phone numbers, home addresses, and more. The threat actor has also provided samples of the stolen data, along with a Telegram contact for further inquiries.
-
Sep 11, 2024
Database of 'Truffaut' Offered for Sale on a Cyber Crime Forum
The French company 'Truffaut' has fallen victim to a data breach, where threat actors gained access to a portion of its customer information. The hacker, known as 'horrormar44', claims to have obtained over 270,000 records containing sensitive details such as email addresses, phone numbers, home addresses, and more. The threat actor has also provided samples of the stolen data and shared a Telegram contact for further inquiries.
-
Sep 10, 2024
Database of the Government of Godoy Cruz, Argentina exposed
The threat actor **GODHAND ** posted on the cybercrime forum, known as "BreachForums," a DataBase related to the "Obras Particulares of Godoy Cruz, Argentina government", mainly related to the Architecture, Construction, and Fire Prevention Plans. According to the threat actor, the information contains multiple plans from different private buildings with electrical, fire prevention, and architectural details, as well as JSON API responses containing emails and user details. Furthermore, They claim to have additional internal files and documents that can be negotiated via PM.
-
Sep 10, 2024
Metro Pacific Tollways Corporation's EasyTrip RFID Systems Breached by DeathNote Hackers
On September 07, 2024, the DeathNote Hackers announced via their official channels that they have breached Metro Pacific Tollways Corporation's (MPTC) EasyTrip RFID systems. Nearly 1 million (~972,848) EasyTrip records were impacted by this breach, including customers' reloading balances, pre-loaded toll accounts, reload transactions, toll card insertion logs, successful and invalid adjustment activities, API logs, OBUID Number,Exit Plaza Name , RFID Numbers, Support Numbers, TID, EPC, Plate Numbers, Account Numbers, Customer Names, Ref Numbers, Balance Amount, Email logs, Extension logs, General logs, Service Action logs, Mobile Request logs, Integration logs, Screen logs, Timer logs, Credentials, and Active Directory Configurations. As Philippine tollway corporations slowly migrate to 100% contactless payment and toll access using RFIDs, this data breach could highly impact EasyTrip customers. Threat actors could use exposed customers' data to conduct malicious campaigns and social engineering attacks.
-
Sep 09, 2024
Akira Ransomware Group exploited SonicWall SSLVPN access control flaw in their attacks
SonicWall has issued a warning that a recently patched access control vulnerability, tracked as CVE-2024-40766, is potentially being exploited in the wild. It urges administrators to apply the necessary updates immediately. The flaw, with a critical CVSS score of 9.3, affects SonicWall Firewall Gen 5, Gen 6, and Gen 7 devices. It allows unauthorized access to resources and potentially crashes the firewall, thus compromising network protections. Initially disclosed in August 2024, the flaw was believed to impact only SonicOS management access, but SonicWall has since confirmed that it also affects the firewall’s SSLVPN feature. The company advises administrators to limit firewall management to trusted sources, restrict SSLVPN access, and implement multi-factor authentication (MFA). Reports suggest that the Akira ransomware group is among the attackers exploiting this vulnerability. SonicWall emphasizes the importance of applying patches promptly to protect against these ongoing threats.
-
Sep 09, 2024
New Android SpyAgent Malware Steal Crypto Wallet Recovery Keys
Android users in South Korea have become the target of a new malware campaign distributing a threat called SpyAgent. This malware, according to McAfee Labs, scans devices for images containing mnemonic keys, which are recovery phrases used to access cryptocurrency wallets. The campaign has expanded beyond South Korea, now affecting users in the U.K. as well. SpyAgent spreads through fake Android apps disguised as legitimate banking, government, streaming, and utility apps, with over 280 such apps detected this year. Users are tricked into downloading the malware via SMS messages containing links to APK files hosted on deceptive websites. Once installed, SpyAgent requests intrusive permissions to access sensitive data like contacts, photos, SMS messages, and other device information. The malware’s key feature is its use of optical character recognition (OCR) to steal mnemonic keys, potentially giving attackers access to victims' cryptocurrency wallets. McAfee Labs also discovered significant security lapses in the malware's command-and-control (C2) infrastructure, including an exposed server hosting victim data and an admin panel for remotely controlling infected devices. Moreover, the malware has shifted its communication method from HTTP to WebSocket connections, making it harder to detect by traditional network monitoring tools.
-
Sep 08, 2024
ASD3312 - Tourism Authority of Thailand - 06-09-2024
On September 6th, a threat actor named "ASD3312" posted regarding a data breach on Breachforums targeting "Polri" - The Tourism Authority of Thailand. The breach contains personal information of Tourism Authority of Thailand customers such as Name, Phone Number, Address, Destination, Planned Duration, Accommodation and more
-
Sep 08, 2024
Everest Ransomware Group has allegedly attacked Mitsubishi Chemical Group - 2024-08-31
Everest Ransomware group has claimed to have attacked Mitsubishi Chemical Group, a chemical manufacturing company based in Tokyo, Japan. The group claims to have gained access to 6TB of organizational data and offers it for sale.
-
Sep 08, 2024
EagleCyber--74 - Polri (Indonesian National Police) - 05-09-2024
On September 5th, a threat actor named "EagleCyber--74" posted regarding a data breach on Breachforums targeting "Polri" - The Indonesian National Police. The breach contains personal information of Polri employees, including ID numbers, rank, first and last names, position, unit, address, phone number, and more.
-
Sep 08, 2024
Database of VK is offered for sale
The threat actor Hikkl-Chan is offering the DB for download on Breached Forums. VKontakte (VK), one of Russia's largest social networking platforms, suffered a significant data breach, exposing personal information belonging to hundreds of millions of users. The leaked data includes user IDs, names, surnames, gender, profile images, countries, and cities. The database, containing 390,425,718 records, is available in a 27.66GB uncompressed file (7.04GB compressed).
-
Sep 08, 2024
Pro-Russian Hacktivist Group CyberVolk Claims Infiltration of Elmi Elettromeccanica
The pro-Russian hacktivist group CyberVolk has claimed responsibility for an alleged infiltration of Elmi Elettromeccanica, an Italian company. In a recent post, the group stated that they had "examined" the company's systems, describing the results as “usual.” The message, shared on their Telegram channel, included a link to the company’s website and was tagged with hashtags like #OpItaly and #Global, suggesting a continued focus on Italian targets.
-
Sep 05, 2024
City of Makati - Under Cyber-Attack by "wypoondevx"
This week, the City of Makati, Philippines experienced multiple cyber-attacks conducted by a threat actor - wypoondevx. The breaches occurred in different sectors within Makati City, namely - Makati Government (makati.gov.ph), Makati Medical Center, and University of Makati. The threat actor is quite new in the Philippine Threat Landscape who started conducting cyber-attacks in May 2024, following the recent April Lulz campaign. He initially used the alias "executivedevx" and later on changed to "wypoondevx." As observed from his nefarious activities, he mainly targets organizations located in Makati City. In June 2024, he attacked Toyota Makati Philippines (TMP) which exposed sensitive customer information.
-
Sep 03, 2024
The Comeback of Philippines Exodus Security (PHEDSS) Gang
In June 2024, a Philippine threat group — Philippines Exodus Security — announced its end of operation. They were behind the Denial-of-Service attacks targeting local banks and government organizations during the "April Lulz 2024" campaign in the Philippines. On September 01, 2024, their Botnet known as "Exodus," is back online. Their comeback was announced on their official Telegram channel, and they started by attacking the Presidential Communications Office (pco.gov.ph). One of their administrators — Ghost Exodus PH (a.k.a. GhostXPH) — has mentioned that new configurations were added to their Botnet tool, namely: Rossetta_SKY, Volcano_V3, and ZMB_POWER.
