APT36 Targets Indian Government: Credential Theft Campaign Uncovered

Threat Score:

GB Hackers

19 hours ago

Part of cluster #1685

Overview

APT36 Targets Indian Government: Credential Theft Campaign Uncovered A sophisticated phishing campaign attributed with medium confidence to the Pakistan-linked APT36 group, also known as Transparent Tribe or Mythic Leopard, has been uncovered targeting Indian defense organizations and government entities. This operation employs typo-squatted domains that mimic official Indian government platforms, such as mail.mgovcloud.in and virtualeoffice.cloud, to deceive users into surrendering credentials....

Continue Reading on Original Site

5 articles

CISA Warns of D-Link Vulnerabilities Actively Exploited in Attacks

Cybersecurity News • 5 hours ago

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new alert, adding three vulnerabilities affecting D-Link devices to its Known Exploited Vulnerabilities (KEV) Catalog. The inclusion of these flaws in the catalog signifies that they are being actively exploited by malicious cyber actors in real-world attacks, posing a significant threat to networks. The […]

Score

SonicWall firewalls hit by active mass exploitation of suspected zero-day

CyberScoop • 8 hours ago

20 organizations have been impacted and the pace of attacks is rising. Threat researchers and SonicWall are scrambling to determine the root cause.

Score

Stop Reacting; Start Anticipating: The Global State of Threat Intelligence

Brighttalk • 17 hours ago

Presented by Jitin Shabadu, Forrester Analyst | Jayce Nichols, Director, Intelligence Solutions, Google Threat Intelligence Group

Score

Risky Bulletin: Russia's war on foreign software continues

Risky • 6 hours ago

Brought to you bytines The smart, secure workflow builder Show notes Risky Bulletin: Russia to designate ERPs as "critical information infrastructure"

Score

SonicWall Probes Potential Zero-Day After Ransomware Hits

Data Breach Today UK • 11 hours ago

Akira Ransomware Exploited MFA-Protected SonicWall SSL VPNs, Say Researchers SonicWall said it is probing a surge in attacks against its Gen 7 firewalls, running various firmware versions, which have SSL VPN enabled. Researchers said attackers may have been exploiting a zero-day vulnerability and that multiple victims have been infected with Akira ransomware.

Score

IP ADDRESSES

37.221.64.202

99.83.175.80

DOMAINS

Cisco.com

mail.mgovcloud.in

virtualeoffice.cloud

ATTACK TYPES

Credential Theft

Phishing

Social Engineering

Typosquatting

INDUSTRIES

Aerospace

Education

Government

COUNTRIES

India

Pakistan

VULNERABILITIES

DDoS

DoS

COMPANIES

AMD

Adobe

Amazon

Apple

Cisco

SECURITY VENDORS

Cloudflare

PLATFORMS

AWS

Android

Apache

Azure

IIS

APT GROUPS

APT36

Operation C-Major

RANSOMWARE

AnDROid

Korean

One

Rapid

Zlader

MITRE ATT&CK

Phishing

Phishing for Information

Process Discovery

System Owner/User Discovery

T1003

MALWARE

Dark

IP ADDRESSES

99.83.175.80

37.221.64.202

DOMAINS

virtualeoffice.cloud

Cisco.com

mail.mgovcloud.in

ARTICLE INFORMATION

Article #8715

Published 19 hours ago

GB Hackers

THREAT HUNTING

THREAT INTELLIGENCE

BUSINESS INTELLIGENCE

Save to Folder

Article Intelligence

THREAT HUNTING

THREAT INTELLIGENCE

BUSINESS INTELLIGENCE

Overview

Related Articles

CISA Warns of D-Link Vulnerabilities Actively Exploited in Attacks

SonicWall firewalls hit by active mass exploitation of suspected zero-day

Stop Reacting; Start Anticipating: The Global State of Threat Intelligence

Risky Bulletin: Russia's war on foreign software continues

SonicWall Probes Potential Zero-Day After Ransomware Hits

Save to Folder

Article Intelligence

We use cookies

Cookie Settings

Essential Cookies

Analytics Cookies

Performance Cookies

Marketing Cookies