Tymoteusz Góral

📢 🇵🇱Poland's Pegasus Spyware Investigation The National Prosecutor's Office announced the seizure of Pegasus spyware systems from a state institution in Warsaw. Prosecutors are investigating the "functionality and broad legality" of Pegasus. 🕵️‍♂️🔍 This move follows a national scandal where the previous government allegedly used Pegasus to monitor opposition politicians. Devices were secured at the Central Anti-Corruption Bureau, and documents from various security agencies are under review. 📝🔍 The investigation, launched in March, focuses on who purchased Pegasus for Polish authorities between 2017 and 2022. 🕵️‍♂️💼 The spyware produced by Israeli companies poses a great risk to all actors in the political and bureaucratic political sphere outside the countries of the region. Full Story : https://lnkd.in/eGEwX7gC #Poland #Pegasus #Spyware #AntiCorruption #Security #Investigation

27

Russian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT Variant The Russian threat actor known as RomCom has been linked to a new wave of cyber attacks aimed at Ukrainian government agencies and unknown Polish entities since at least late 2023. The intrusions are characterized by the use of a variant of the RomCom RAT dubbed SingleCamper (aka SnipBot or RomCom 5.0), said Cisco Talos, which is monitoring the activity cluster under the moniker UAT-5647. "This version is loaded directly from the registry into memory and uses a loopback address to communicate with its loader," security researchers Dmytro Korzhevin, Asheer Malhotra, Vanja Svajcer, and Vitor Ventura noted. RomCom, also tracked as Storm-0978, Tropical Scorpius, UAC-0180, UNC2596, and Void Rabisu, has engaged in multi-motivational operations such as ransomware, extortion, and targeted credential gathering since its emergence in 2022. It's been assessed that the operational tempo of their attacks has increased in recent months with an aim to set up long-term persistence on compromised networks and exfiltrate data, suggesting a clear espionage agenda. To that end, the threat actor is said to be "aggressively expanding their tooling and infrastructure to support a wide variety of malware components authored in diverse languages and platforms" such as C++ (ShadyHammock), Rust (DustyHammock), Go (GLUEEGG), and Lua (DROPCLUE). The attack chains start with a spear-phishing message that delivers a downloader -- either coded in C++ (MeltingClaw) or Rust (RustyClaw) -- which serves to deploy the ShadyHammock and DustyHammock backdoors, respectively. In parallel, a decoy document is displayed to the recipient to maintain the ruse. While DustyHammock is engineered to contact a command-and-control (C2) server, run arbitrary commands, and download files from the server, ShadyHammock acts as a launchpad for SingleCamper as well as listening for incoming commands. Despite's ShadyHammock additional features, it's believed that it's a predecessor to DustyHammock, given the fact that the latter was observed in attacks as recently as September 2024. SingleCamper, the latest version of RomCom RAT, is responsible for a wide range of post-compromise activities, which entail downloading the PuTTY's Plink tool to establish remote tunnels with adversary-controlled infrastructure, network reconnaissance, lateral movement, user and system discovery, and data exfiltration. "This specific series of attacks, targeting high profile Ukrainian entities, is likely meant to serve UAT-5647's two-pronged strategy in a staged manner – establish long-term access and exfiltrate data for as long as possible to support espionage motives, and then potentially pivot to ransomware deployment to disrupt and likely financially gain from the compromise," the researchers said. Source: TheHackerNews

5

🚨 Threat Campaign Alert - NGate Android Malware Targets Czech Bank Clients with Novel NFC Relay Attack🚨 Summary: : A crimeware campaign has been uncovered targeting clients of three Czech banks using a novel NFC relay attack technique via the NGate Android malware, allowing attackers to withdraw money from victims' bank accounts. The malware is spread through phishing and social engineering tactics, and can relay data from victims' payment cards to the attacker's device. Threat Actor/Group: Not mentioned Malware: NGate Android malware Targeted Countries: Czech Republic Targeted Industries: Banking Specific Applications or CVE Targeted: Android Impact: Unauthorized ATM withdrawals, Financial theft, Data compromise IOC: IP 91.222.136[.]153, 104.21.7[.]213, 172.187.98[.]211, 185.104.45[.]51, 185.181.165[.]124 Domain raiffeisen-cz[.]eu, client.nfcpay.workers[.]dev, app.mobil-csob-cz[.]eu, nfc.cryptomaker[.]info SHA1 7225ED2CBA9CB6C038D8615A47423E45522A9AD1, 66DE1E0A2E9A421DD16BD54B371558C93E59874F, DA84BC78FF2117DDBFDCBA4E5C4E3666EEA2013E, E7AE59CD44204461EDBDDF292D36EEED38C83696, 103D78A180EB973B9FFC289E9C53425D29A77229, 11BE9715BE9B41B1C8527C9256F0010E26534FDB MITRE ATT&CK TTP IDs:  T1660 (Phishing),T1417.002 (Input Capture: GUI Input Capture),T1426 (System Information Discovery),T1437.001 (Application Layer Protocol: Web Protocols),T1509 (Non-Standard Port),T1644 (Out of Band Data) Reference: This writing is based on Research Advisory Report published by ‘welivesecurity' Team. ------------------------------------------------------------------------------------------ 🚀Join us on our mission to secure the digital world and make cyber defense affordable to everyone! 🌐 Follow "CyberXTron Technologies" for the timely, relevant and actionable cyber threat insights.  #NGate #AndroidMalware #NFCRelay #BankingFraud #MobileThreats #Phishing #ThreatIntel #InfoSec #ThreatIntelligence #cyberXTron #uncovertheunknown🛡️🔒

2

Over 500 people targeted by Pegasus spyware in Poland, officials say. Why it matters: 1. Extensive Surveillance Exposed: Nearly 578 Polish citizens were targeted with Pegasus spyware between 2017 and 2022, revealing the scale of surveillance undertaken by the government. This powerful tool, sold by Israel's NSO Group, is typically reserved for tracking criminals and conducting foreign intelligence but has been misused to spy on politicians, activists, and journalists, challenging ethical norms and legal boundaries. 2. Political and Electoral Implications: The revelation that the largest number of infections occurred in 2021 underscores concerns about the use of such spyware during politically sensitive periods, such as election seasons. The targeting of opposition figures and the implications for Poland's democratic processes have sparked significant controversy, especially regarding the fairness of the 2019 elections. 3. Calls for Accountability: The current investigation into the unauthorized deployment of Pegasus by former and current government officials highlights a broader push for accountability in the use of surveillance technologies. With Poland's efforts being some of the most extensive in the EU, the outcome could set a precedent for how democracies manage and regulate the use of spyware against their citizens. Learn more by visiting The Record from Recorded Future News: https://lnkd.in/dqdeMcgw

2

🚨Threat Campaign Alert - UAC-0099 Targets Ukrainian Government with Espionage Campaign Using WinRAR Exploit (CVE-2023-38831) and LONEPAGE Malware🚨 Summary: The UAC-0099 threat group has targeted Ukrainian government organizations with phishing emails exploiting WinRAR vulnerability (CVE-2023-38831) and deploying LONEPAGE malware for espionage. Attackers adapted their tactics, using encrypted files and .NET programs to execute PowerShell payloads. Threat Actor/Threat Group: UAC-0099 Malware: LONEPAGE Targeted Countries: Ukraine Targeted Industries: Government,forestry, forensic examination institutions, factories Targeted Applications/CVE: WinRAR vulnerability CVE-2023-38831 Impact: Espionage, data breach, device compromise IOC: Ip Addr and Domain 45[.]61.157.118, newyorktlimes[.]life, webappapiservice[.]life, 160[.]119.251.83, 172[.]86.117.53, captcha-challenge[.]com, URL's hXXps://captcha-challenge[.]com/message/getsecretnumber, hXXps://captcha-challenge[.]com/message/[0-9]{20}/message[0-9]+/, hXXps://captcha-challenge[.]com/message/message[0-9]+, hXXps://newyorktlimes[.]life/api/values/uid, SHA-256 6161be2016a1fd8096b6b43544eb5df97cd3fa73a820b5e0a44618389897d733, 16f809cd9fb1a06f07bb947ea8b6a27f66cfca0947e29666c34ae7b35b6e471b, d4eafc11cd0e4fe417c59db804ca6e8bd8bf9c0d0886627f15165937fcb68395, eb08f96acba2b316408f66ef0c4f45a42eb207e43c605476405324726e97f9e3, 7a0ae128961a6239a2e10059305bb83fa64251bb3f0b44162ec6efdde10fd1e8, 5441cb26f32a433b0abd80dfa98a3a30c78df00ca9d2a0cfc5b20c55f3aaadce, 025b9bdd156b59b18ab08921572501b6386ae45e8c0c0440855a719ae4b4c24a, fbc4fbb3c2926300ee820ff7044f35231c2a1aeeb74d1f49a6caaec7736739c6, 88b64a3eb0dc38e3f8288b977b1cd67af7d4ba959297ac48ef5f06bec3e77560, 8cc89a917ed89a8407aa1e5caa4af585f26946124cf1764e3b178261a27177af, fa331a275d2f966f42a6168f1cb6fdb919d272b32175985c8bf383f2d800ced2, 0af76e87614126042a2c3409d273d606a4562f99cb9f003a9f9ec0596213a35a, 0aaee2882e4a71b25de5722d8936c67d40355e2f79caf994c8e10164468d3272, 0b16ee402ad04a673d61af43f461d475d1e3fcbdaf8714a1183ac35056bbae25, 53f4e38d56946a385a681c66d891d3d70c2b2fee1691ff7e7af317955e0d8b88, 322de3a4e1d356a7db22d6447807bd7576f91ed1910a57d9e8eb6f678ceb6ab4, 4a42bfc95772e2f6ae58ccb37fe74b5e810f6c2973ec7a70e09884e1fe97e794, Mitre ttp: T1193 (Spearphishing Attachment),T1203 (Exploitation for Client Execution),T1059.001 (PowerShell),T1027 (Obfuscated Files or Information),T1573 (Encrypted Channel) Reference: This writing is based on Research Advisory Report published by ‘CERT UA' Team. ------------------------------------------------------------------------------------------ 🚀Join us on our mission to secure the digital world and make cyber defense affordable to everyone! 🌐 Follow "CyberXTron Technologies" for the timely, relevant and actionable cyber threat insights.  Espionage #UAC0099 #LONEPAGE #WinRARExploit #CVE_2023_38831 #CyberAttack #ThreatIntelligence #cyberXTron #uncovertheunknown🛡️🔒

6

Ukrainian police identify suspected affiliate of Conti, LockBit groups. Why it matters: 1. The identification of a hacker involved with the infamous Conti and LockBit ransomware gangs is significant, as these groups have disrupted numerous businesses worldwide. Their specialties in cryptors make malware detection difficult. 2. Ongoing investigations might yield deeper insights into the ransomware network and figure out other affiliated persons, potentially impacting international cybersecurity defense strategies. 3. The fact that this individual allegedly sold encryption services to Russia-linked ransomware gangs underscores the growing complexity and international nature of cybercriminal networks. It also raises concerns regarding the reach of these corrupt networks in global cybercrime. Learn more by visiting The Record from Recorded Future News: https://lnkd.in/e_zP5NDv

3

Dot-dash.... data Wrapping up at MSPO 2024, the defence conference in Kielce, Poland. A crisp presentation from Jakub Rumian on how the sector can best exploit data-driven technologies and more effectively use information regarding its assets for operational and business advantage. #MSPO24 #connecteddata #assetmanagement #digitaltransformation #Maximo

31

If you are looking for a private detective or want to investigate on target person or searching for important information, then "Congrace!" You are at the right place. I can help you in that. I am an OSINT Expert with 4 years of experiences in this field. I have a lot of experiences in different types of online investigation. At first you need to know what is OSINT process in online investigation? OSINT is an online investigation legal process. In this investigation, we will find out the information which is publicly available on internet and investigate on them to reach our target destination. It's a very powerful process. Nowadays, everyone use internet, when we use internet, we left some footprint on there. And we are not aware of them. Which is publicly available. My job is to find the footprint and investigate on them. What is included in my service- Personal Profile Discovery Social Networks Photos and videos background check IP tracking Information gathering Why choice me- A lot of experience in this field Provide 100% accurate report Fast delivery 24/7h support If you want to place an order, please contact me before placing the order. Thanks. https://lnkd.in/gyfM_WTk https://lnkd.in/gbktpWYY

1

Maksim Silnikau, accused of leading international cybercrime operations, has been extradited from Poland to the U.S. to face charges. Silnikau allegedly ran a multi-year "malvertising" campaign, spreading malware through fraudulent online ads, and developed ransomware such as Reveton and Ransom Cartel, which extorted U.S. businesses. - From 2013 to 2022, he and his associates reportedly infected millions of devices, stole personal data, and demanded payments to prevent data leaks by the use of the Angler Exploit Kit, malvertising, and other online scams. - Between 2012 and 2014, Reveton extorted approximately $400,000/mth from victims. - Silnikau and his associates are also believed to have sold stolen data and ransomware tools on the dark net. This significant arrest was the result of collaborative efforts between U.S. federal agencies, Polish authorities, and international partners. Read more from the 'National Crime Agency': https://lnkd.in/efd8T4ce #Cybersecurity #InternationalLaw #JusticeDepartment #GlobalSecurity #News

7

The Cyber Security Training Centre of Excellence (CST CoE) of the Polish Ministry of Defence, in collaboration with the European Security and Defence College, hosted the “Cyber Range – Pentester Tools” course from 24-26 September 2024. Amid growing cyber threats across sectors reliant on Information and Communication Technologies, cybersecurity is a critical priority for global stability. To address this, the CST CoE and the ESDC developed this course as part of the ESDC’s Cyber Education, Training, Exercise, and Evaluation platform. 📌 For more information on this important joint activity of the CST CoE and the ESDC, please visit our website 👇 https://lnkd.in/eCBUcb7e Eksperckie Centrum Szkolenia Cyberbezpieczeństwa #ESDC #CyberSecurity #Cyber

22

📢 MEDIA MONDAY 📢 🌍 Operation Endgame: Ukrainian, Western security services bust international #hacking group 🌍 In a joint operation called "Endgame," Ukrainian, British, EU and American #lawenforcement agencies exposed a #hackinggroup that was breaking into the internal networks of well-known companies and then selling access to other #hackers, including Russian groups BlackBasta, Revil and Conti. “This is the largest ever operation against #botnets, which play a major role in the deployment of #ransomware,” Europol stated. https://hubs.li/Q02z35NQ0 🎨 Ransomware Group Claims Responsibility for Christie’s Hack 🎨 In a post on the #darkweb last Monday, the group #RansomHub claimed that it had gained access to #sensitiveinformation about the world’s wealthiest art collectors. Hackers said that Christie’s failed to pay a #ransom when one was demanded. “We attempted to come to a reasonable resolution with them but they ceased communication midway through,” the hackers wrote in their dark web post. “It is clear that if this information is posted they will incur heavy fines from #GDPR as well as ruining their reputation with their clients.” https://hubs.li/Q02z37yg0 🇰🇵 Microsoft Uncovers 'Moonstone Sleet' — New North Korean Hacker Group 🇰🇵 A never-before-seen North Korean #threatactor codenamed #MoonstoneSleet has been attributed as behind #cyberattacks targeting individuals and organizations in the #software and #informationtechnology, #education, and #defense industrial base sectors with ransomware and bespoke #malware previously associated with the infamous #LazarusGroup. "Moonstone Sleet is observed to set up fake companies and job opportunities to engage with potential targets, employ #trojanized versions of legitimate tools, create a #malicious game, and deliver a new #customransomware," the Microsoft Threat Intelligence team said in a new analysis. https://hubs.li/Q02z340F0 🖥️ Hackers Created Rogue VMs to Evade Detection in Recent MITRE Cyber Attack 🖥️ The MITRE Corporation has revealed that the #cyberattack targeting the not-for-profit company towards late December 2023 by exploiting #zerodayflaws in #IvantiConnectSecure (ICS) involved the #threat #actor creating rogue #virtualmachines (VMs) within its VMware environment. "As adversaries continue to evolve their tactics and techniques, it is imperative for organizations to remain vigilant and adaptive in defending against #cyberthreats," MITRE said. https://hubs.li/Q02z37TL0 #cybersecurity #vulnerabilitymanagement #nextgenvulnerabilitymanagement #riskmitigation #protectyourassets #cyber #security #zeroday #exploit #exploited #cybercriminal #cybercriminals

5

1 Comment

https://lnkd.in/e5fP-RZT https://lnkd.in/e5fP-RZT Why and how #ssi #wallet is differ from #crypto wallets

Poland has already had 80,000 cyber attacks in 2024. Are we ready for what is ahead? Poland, a key friend and trusted ally of Ukraine, has become the EU's most targeted state in russia's cyberwarfare campaign. In addition to hacking, there have been various disinformation and sabotage attempts and plans to influence the next Polish presidential election. Meanwhile, Poland is taking proactive measures to increase funding for #cybersecurity through the creation of a national coordination center, which is fortifying the country’s defenses. It is important to be prepared, have an action plan, and take all required steps to enhance defense methods immediately. Our FS Group team of cyber experts can assist you with this. What precautions should countries and #businesses take to protect themselves against #cyberthreats in this turbulent environment?

13