#GroupIB

@matricedigitale.bsky.social

3 months ago

Bloody Wolf usa SocGholish, Rhadamanthys e Bloody RAT in attacchi globali dal 2024, colpendo Europa, Asia e Sud America con tecniche avanzate.

#BloodyRAT #BloodyWolf #GroupIB #Rhadamanthys #SocGholish
www.matricedigitale.it/2025/11/29/b...

Red Hot Cyber

@redhotcyber.bsky.social

3 months ago

Bancomat nel mirino! Gli esperti di cybersecurity rivelano una campagna di attacco agli sportelli bancomat

📌 Link all'articolo : www.redhotcyber.com/post/ban...

#redhotcyber #news #cybersecurity #hacking #malware #raspberrypi #bancomat #intrusioni #unc2891 #groupib #banche #indonesia

TechNadu

@technadu.com

4 months ago

Advanced Phishing Campaign Targets Customers of Major Italian Web Host Aruba S.p.A. A sophisticated phishing campaign using Telegram bots is targeting Aruba S.p.A. customers to steal credentials and payment data, according to a new report.

Full breakdown:
www.technadu.com/advanced-phi...

💬 Have you seen similar Telegram-driven phishing operations? What trends are you noticing this year? Comment your opinion below.
#Aruba #CyberSecurity #GroupIB #PhishingAttack #Infosec #Italy #CredentialTheft #TelegramBots

TechNadu

@technadu.com

4 months ago

Advanced phishing campaign hits Aruba S.p.A. users with CAPTCHA evasion, pre-filled emails, and Telegram bots for instant data exfiltration.

#Cybersecurity #Phishing #Aruba #GroupIB

Hackread.com

@hackread.bsky.social

5 months ago

Police Bust GXC Team, One of the Most Active Cybercrime Networks Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

🚔 Spanish police have busted the GXC Team, one of the most active cybercrime networks led by #GoogleXcoder, a 25-year-old Brazilian.

Read: hackread.com/police-bust-...

#Cybercrime #CyberSecurity #Infosec #GXC #GroupIB #Spain #Brazil

TechNadu

@technadu.com

5 months ago

Major Phishing Network ‘GXC Team’ Dismantled, Network's Suspected Leader Arrested in Spain Spain's Guardia Civil has dismantled a major phishing network, arresting the lead developer of credential theft kits and disrupting a widespread operation.

Full story: www.technadu.com/major-phishi...

Do you think international law enforcement collaboration is catching up fast enough with these CaaS operations? Let’s discuss.
#CyberSecurity #Phishing #CaaS #GXCteam #ThreatIntel #GuardiaCivil #GroupIB #TechNadu

@matricedigitale.bsky.social

6 months ago

Group-IB svela ShadowSilk: malware evoluto da YoroTrooper che colpisce governi asiatici con esfiltrazione dati, persistenza stealth e abuso di Telegram.

#apt #Asiacentrale #esfiltrazionedati #GroupIB #malware #ShadowSilk #YoroTrooper
www.matricedigitale.it/2025/08/31/s...

CySecurity News

@cysecuritynews.bsky.social

7 months ago

Hackers Use 4G-Connected Raspberry Pi to Breach Bank’s ATM Network   A cybercriminal group has used a surprising method to infiltrate a bank’s internal systems, by planting a tiny Raspberry Pi computer inside the bank’s network. The attackers reportedly used the device to gain access to critical parts of the bank’s infrastructure, including systems that control ATM transactions. The incident was reported by cybersecurity firm Group-IB, which called the approach “unprecedented.” The attackers managed to bypass all external cybersecurity defenses by physically placing the small computer inside the bank’s premises and connecting it to the same switch that handles ATM traffic. This gave them direct access to the bank’s internal communications. The Raspberry Pi was fitted with a 4G modem, which allowed the hackers to control it remotely over mobile networks, meaning they didn’t need to be anywhere near the bank while carrying out their attack. The main target was the bank’s ATM switching server — a system responsible for processing ATM transactions, and its hardware security module (HSM), which stores sensitive information like encryption keys and passwords. By gaining access to these systems, the attackers hoped to manipulate transaction flows and extract funds undetected. The hacking group behind the attack, known in cybersecurity circles as UNC2891, has been active since at least 2017. They are known for targeting financial institutions and using custom-built malware, especially on Linux, Unix, and Solaris systems. In this latest attack, the group also compromised a mail server within the bank to maintain long-term access. This mail server had continuous internet connectivity and acted as a bridge between the Raspberry Pi and the rest of the bank’s network. A monitoring server, which had access to most internal systems, was used to route communications between the devices. During their investigation, Group-IB researchers noticed strange behavior from the monitoring server. It was sending signals every 10 minutes to unknown devices. Further analysis revealed two hidden endpoints, the planted Raspberry Pi and the compromised mail server. The attackers had gone to great lengths to stay hidden. They disguised their malware by giving it the name “lightdm,” which is the name of a legitimate Linux display manager. They even mimicked normal command-line behavior to avoid raising suspicion during forensic reviews. To make detection harder, the hackers used a lesser-known technique called a Linux bind mount, typically used in system administration, but now added to the MITRE ATT&CK cybersecurity database under “T1564.013.” This allowed the malware to function like a rootkit — a type of software that hides its presence from both users and security tools. This incident is your call to be hyperaware of how attackers are becoming more creative, blending physical access with advanced software tactics to infiltrate secure environments.

Hackers Use 4G-Connected Raspberry Pi to Breach Bank’s ATM Network #ATMHacking #Banks #GroupIB

@pyramidofpain2.bsky.social

1 year ago

#apt #advancedpersistenthreat #cti #cyberthreatintelligence
#incidentattribution #namingconvention #holisticnaming #mitre
#mandiant #crowdstrike #trendmicro #paloalto #recordedfuture #groupib
#fortinet #secureworks #google #microsoft #pyramidofpain
#pyramidofpain2.0

@jennamahoney.bsky.social

1 year ago

Blackhat MEA day one exceeded expectations.
#GroupIB #CTI #Fraud #Scams