GhostWriter, also known as UAC-0057, used PicassoLoader and Cobalt Strike Beacon to infect victims, including local government offices and groups associated with USAID’s Hoverla project.

The vulnerabilities are as follows: CVE-2012-4792, a decade-old vulnerability in Internet Explorer allowing remote code execution, and CVE-2024-39891, an information disclosure flaw in Twilio Authy.

APT28-linked hackers have targeted Ukraine's scientific institutions in a cyber-espionage campaign, believed to have ties to the Kremlin-backed group APT28, also known as Fancy Bear and BlueDelta.

Initially, the targets of MirrorFace were media, political organizations, think tanks, and universities, but by 2023, the focus shifted to manufacturers and research institutions.

The attacks were detected earlier this year, with indicators of compromise shared by AhnLab Security Intelligence Center. The attackers initiate their attacks with phishing emails containing malicious attachments disguised as documents.

Federal authorities are warning about social engineering and phishing scams that target IT help desk workers and allow attackers to steal login credentials in order to access healthcare sector entities' IT systems.

CISA urges manufacturers to reduce memory safety vulnerabilities by ditching memory-unsafe languages, implementing secure coding practices, and adopting routine security testing measures.

According to the Dutch NCSC, before a patch was released, the threat actors compromised at least 14,000 targets, including governments, international organizations, and defense industry companies.

The attack utilizes the legitimate file-syncing software SyncThing in combination with malware called SPECTR. Vermin's apparent motive is to steal sensitive information from military organizations.

In the aftermath of the arrest of the ransomware group, the FBI is now urging LockBit victims to come forward to retrieve their encrypted data without fear of financial or legal consequences.