Vault 33 | Cyber News & Intel

Intelligence from encrypted platforms such as Sky ECC and ANOM has facilitated the arrest of 232 individuals and the seizure of millions in assets. This marks a significant achievement in a European law enforcement operation targeting drug trafficking. Coordinated International Effort A collaborative effort among international law enforcement agencies, known

The cryptocurrency sector is reeling from a massive cyberattack, allegedly orchestrated by North Korea, which resulted in the theft of $1.5 billion from the Dubai-based exchange, Bybit. This incident marks the largest digital asset heist in history, highlighting significant vulnerabilities within the industry. The Heist Unfolds Bybit officials revealed

Recent cyberattacks have highlighted a vulnerability in Signal's device linking feature, allowing hackers to gain unauthorized access to user accounts. These attacks, primarily attributed to Russian-aligned threat actors, exploit the app's legitimate functionality to eavesdrop on communications. Exploitation of Signal's Device Linking The attacks

A novel malware named FinalDraft has been identified leveraging Outlook email drafts for command-and-control (C2) communications. This sophisticated attack has targeted a government ministry in a South American nation, as discovered by Elastic Security Labs. Malware Attack Overview The attack employs a comprehensive toolkit, including a custom malware loader called

Recent alerts from the Cybersecurity Infrastructure & Security Agency (CISA) and the U.S. Food and Drug Administration (FDA) have raised concerns about potential vulnerabilities in the CONTEC CMS8000 patient monitors. These alerts suggest the presence of a backdoor communicating with a Chinese IP address. However, upon investigation, it appears

The emergence of GeoSpy, an AI-powered tool, underscores the growing need for caution in online photo sharing. This innovative software swiftly determines a location through image analysis, presenting notable privacy and security concerns. GeoSpy's Capabilities and Development GeoSpy, created by Graylark Technologies, employs artificial intelligence to identify locations

A significant breach of AT&T's network by the Chinese state-sponsored group, Salt Typhoon, has led to unauthorized access to sensitive U.S. telecommunications data. Active undetected for over 18 months until 2023, the breach exposed critical communications metadata of FBI informants, potentially creating a crisis for

A Chinese cyber adversary known as UNC5337 has resumed its focus on uncovering vulnerabilities within Ivanti remote access devices, marking another chapter in a series of security challenges faced by the IT vendor. This latest threat leverages a critical remote code execution (RCE) vulnerability discovered in Ivanti’s products, reigniting

The United States has announced a reward of up to $5 million for information leading to the disruption of North Korean IT worker schemes. These operations involve illicit remote work practices that fuel the nation's prohibited missile programs. Involved Entities Two companies, Yanbian Silverstar based in China and

In a groundbreaking discovery, researchers have identified "the first UEFI bootkit specifically engineered to target Linux systems". This represents a significant evolution in bootkit threats, which have historically concentrated on Windows environments. Innovative Threat The UEFI bootkit is a sophisticated form of malware designed to integrate into the

Russian APT28 Hackers Exploit US Company Wi-Fi from Afar In a remarkable demonstration of their capabilities, Russian cyber espionage group APT28, also known as Fancy Bear and linked to Russia's military intelligence agency GRU, successfully infiltrated a U.S. company's Wi-Fi network from a distant location.