This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-09T22:36:32+00:00 www.secnews.physaphae.fr RiskIQ - cyber risk firms (now microsoft) 2024-06-03T12:56:15+00:00 https://community.riskiq.com/article/eb5f1088 www.secnews.physaphae.fr/article.php?IdArticle=8512412 False Hack,Tool,Threat,Legislation,Medical None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-28T17:37:40+00:00 https://community.riskiq.com/article/eb5e10a2 www.secnews.physaphae.fr/article.php?IdArticle=8508725 False Ransomware,Malware,Hack,Tool,Threat APT 34 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Targeted Geolocations - Philippines ## Snapshot Ikaruz Red Team, a hacktivist group, has been observed leveraging leaked ransomware builders to conduct attacks against Philippine targets. ## Description The group has been actively distributing modified LockBit 3 ransomware payloads and advertising data leaks from a variety of organizations in the Philippines. The group\'s ransom notes use the original LockBit template almost entirely intact with the exception of the top line, where the LockBit ransomware name is replaced by \'Ikaruz Red Team\'. The group has co-opted imagery and branding developed by the Philippine\'s Department of Information and Communications Technology (DICT) and CERT-PH as part of a Hack4Gov challenge. Ikaruz Red Team is neither a participant in nor affiliated with the official HACK4GOV challenges in any way. The group claims affiliation or alignment with other hacktivist groups, in particular Anka Red Team, Anka Underground Team, and Turk Hack Team. Politically-motivated attacks targeting the Philippines have been on the rise, especially in the last year. Individual actors like Ikaruz Red Team aligning themselves with previously known groups such as Turk Hack Team and PHEDS are becoming increasingly destructive in their actions. ## References ["Ikaruz Red Team | Hacktivist Group Leverages Ransomware for Attention Not Profit"](https://www.sentinelone.com/blog/ikaruz-red-team-hacktivist-group-leverages-ransomware-for-attention-not-profit/) SentinelOne (Accessed 2024-05-22)]]> 2024-05-22T19:32:35+00:00 https://community.riskiq.com/article/624f5ce1 www.secnews.physaphae.fr/article.php?IdArticle=8504993 False Ransomware,Hack None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot The AhnLab Security Intelligence Center (ASEC) has identified a concerning trend where threat actors are exploiting YouTube channels to distribute Infostealers, specifically Vidar and LummaC2. ## Description Rather than creating new channels, the attackers are hijacking existing, popular channels with hundreds of thousands of subscribers. The malware is disguised as cracked versions of legitimate software, and the attackers use YouTube\'s video descriptions and comments to distribute the malicious links. The Vidar malware, for example, is disguised as an installer for Adobe software, and it communicates with its command and control (C&C) server via Telegram and Steam Community. Similarly, LummaC2 is distributed under the guise of cracked commercial software and is designed to steal account credentials and cryptocurrency wallet files.  The threat actors\' method of infiltrating well-known YouTube channels with a large subscriber base raises concerns about the potential reach and impact of the distributed malware. The disguised malware is often compressed with password protection to evade detection by security solutions. It is crucial for users to exercise caution when downloading software from unofficial sources and to ensure that their security software is up to date to prevent malware infections. ## References [https://asec.ahnlab.com/en/63980/](https://asec.ahnlab.com/en/63980/)]]> 2024-04-09T19:48:57+00:00 https://community.riskiq.com/article/e9f5e219 www.secnews.physaphae.fr/article.php?IdArticle=8478894 False Malware,Hack,Threat,Prediction,Commercial None 3.0000000000000000