bb491248bb8f6067af39e196b11f4e408a7a3885704cadbd4266db52ae4b03e2
Agenda_Meeting 26 Sep Brussels\.zip #china #apt
e53bc08e60af1a1672a18b242f714486ead62164dda66f32c64ddc11ffe3f0df
c2 racineupci\.org

RedNovember Targets Government, Defense, and Technology Organizations RedNovember, a likely Chinese state-sponsored cyber-espionage group, has targeted global government, defense, and tech sectors using advanced tools like Pantegana and Cobalt Strike. Discover the lates...

#ThreatIntel - CN-nexus #RedNovember (aka TAG-100, overlap w/ Storm-2077) targeting multiple sectors worldwide, incl. in the EU (🇩🇪, 🇵🇹, 🇳🇱) by targeting edge devices, (VPNs, firewalls, load balancers, virtualization infrastructure, email servers).

www.recordedfuture.com/research/red...

North Korea’s IT Workers expand beyond US big tech An Okta Threat Intelligence analysis revealed that the Democratic People’s Republic of Korea IT worker scheme threatens nearly every industry that hires remote talent.

#ThreatIntel - DPRK-nexus #FamousChollima (aka DPRK IT workers) observed seeking jobs across multiple sectors, incl. 50% in the IT sector worldwide, with activity reported in the U.S. and in other countries (27% of targeted countries reportedly outside the U.S.)

www.okta.com/newsroom/art...

Dutch court rules Meta violated European law by pushing users to profiled feeds The decision comes in response to a lawsuit filed by the Dutch nonprofit Bits of Freedom, which argued that by controlling users’ feeds Meta has been improperly skewing what news consumers receive.

Meta says it will appeal a ruling by a Dutch court, which ordered the company to change the way its recommendation feeds work or face steep fines therecord.media/dutch-court-...

🚨 DDoS Alert 🚨

NoName claims to have targeted multiple websites in Denmark.

- Danish State Railways
- Trafikselskabet Movia
- Odense Kommune

🚨 DDoS Alert 🇷🇴

NoName claims to have targeted multiple websites in Romania

- Tim Rail Cargo SRL
- Autoritatea Feroviară Română

#ThreatIntel - ENISA Threat Landscape 2025 🇪🇺

1️⃣ Phishing remains primary initial intrusion vector
2️⃣ Increased targeted cyber dependencies
3️⃣ Targeting of mobile devices
4️⃣ Threat groups converging
5️⃣ Predictable use of AI

www.enisa.europa.eu/publications...

September 2025 cyberattack on Collins Aerospace disrupted major European airports, highlighting critical aviation cybersecurity risks and supply chain vulnerabilities.

ToxicPanda Malware in 2025 | Bitsight TRACE Threat Research What is ToxicPanda? Bitsight Trace dives into detail on the banking malware, from impact breadth, delivery, technical analysis, and more. Learn more now.

#ThreatIntel #EU - ToxicPanda Android banking trojan seen deployed in 🇵🇹 and 🇪🇸

www.bitsight.com/blog/toxicpa...

🚨 DDoS Alert🚨

Z-PENTEST ALLIANCE claims to have targeted the website of European Defence Agency 🇧🇪.

NB: The site is down at the moment.

🚨 DDoS Alert🚨

Z-ALLIANCE claims to have targeted the website of GMV
(gmv.com) 🇪🇸

NB: The site is up and active.

Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats | Microsoft Security Blog Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been ongoing since at least 2024, targeting embassies in Moscow us...

#ThreatIntel Turla intrusion seen leveraging AiTM to target Moscow-based foreign embassies between 2024 and February 2025 www.microsoft.com/en-us/securi...

🚨 Alert: New Hacktivist Alliance 🚨

NoName and Electronic Army Special Forces ​​have officially announced a new alliance. They have recently been targeting Netherlands, Ukraine, Germany, Vietnam, Cambodia and the UK.

Apple notifies new victims of spyware attacks across the world | TechCrunch Two alleged victims came forward claiming they received a spyware notification from Apple.

#ThreatIntel - Following the targeting of an Italian journalist w/ Paragon #spyware, a Dutch right-wing activist was reportedly notified of a spyware infection by Apple 🇮🇹 🇳🇱 techcrunch.com/2025/04/30/a...

BREAKING: another journalist targeted with spyware in #Italy.

Colleague of known Paragon target.

Time for transparency from the Italian government.

They are an admitted Paragon user. Logs Paragon deployments keep should give a quick answer: was it them?

Story [IT]
www.fanpage.it/politica/il-...

Russie – Attribution de cyberattaques contre la France au service de renseignement militaire russe (APT28) (29.04.25) La France condamne avec la plus grande fermeté le recours par le service de renseignement militaire russe (GRU) au mode opératoire d'attaque APT28, (…)

#ThreatIntel - FR MFA 🇫🇷 attributes APT28 (aka Fancy Bear, Forest Blizzard) to RU www.diplomatie.gouv.fr/fr/dossiers-...

#ThreatIntel - Volexity recently observed RU-nexus threat actors conducting spearphishing campaigns. UTA0307 was notably impersonating a member of the European Parliament belonging to the Committee on Foreign Affairs. Read more 👇

The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation | Microsoft Security Blog Microsoft is publishing for the first time our research into a subgroup within the Russian state actor Seashell Blizzard and its multiyear initial access operation, tracked by Microsoft Threat Intelli...

#ThreatIntel - subgroup of RU-nexus GRU affiliated Sandworm observed conducting initial access near-global campaign "BadPilot". 19 EU Member States targeted www.microsoft.com/en-us/securi...

WhatsApp says journalists and civil society members were targets of Israeli spyware Messaging app said it had ‘high confidence’ some users were targeted and ‘possibly compromised’ by Paragon Solutions spyware

#ThreatIntel - Paragon' spyware Graphite reportedly targeting civil society by exploiting a WhatsApp vulnerability. Victimo notably includes an IT journalist 🇮🇹 www.theguardian.com/technology/2...

Cyber Brief 25-02 - January 2025 Cyber Brief 25-02 - January 2025

#ThreatIntel - CERT-EU's January 2025 Cyber briefing is out 🇪🇺 😊 cert.europa.eu/publications...

Law enforcement takes down two largest cybercrime forums in the world | Europol Law enforcement takes down two largest cybercrime forums in the world. The platforms combined had over 10 million users worldwide.

#ThreatIntel - The #Europol coordinated operation « Talent » led by DE 🇩🇪 authorities & involving law enforcement from 8 countries ( incl. 🇫🇷, 🇮🇹, 🇬🇷, 🇷🇴, 🇪🇸) took down the Cracked and Nulled cybercrime platforms www.europol.europa.eu/media-press/...

ScatterBrain: Unmasking the Shadow of PoisonPlug's Obfuscator | Google Cloud Blog We been tracking multiple espionage operations conducted by China-nexus actors utilizing POISONPLUG.SHADOW malware.

#ThreatIntel - New report by Google on the leveraging of Shadowpad ( aka ScatteredBrain)since 2022, associated to CN-nexus #APT41. Victimo includes SE and NL cloud.google.com/blog/topics/...

Poland arrests former justice minister in deepening political row Zbigniew Ziobro accuses Tusk government of ‘criminal’ action

Poland arrests ex justice minister in Pegasus probe

www.ft.com/content/1e37...

New: We've uncovered over 100 websites set up by a group known as Storm-1516. After the US elections the Russian influence operation has set its sights on Germany's federal elections. Some of these sites have already been used to attack German politicians. correctiv.org/faktencheck/...

🚨 DDoS Alert 🚨

Mr Hamza claims to have targeted the website of German Federal ministry of defense.

NB: The site is up and active now.

#Germany
#cyberattack #infosec #threatintel

#ThreatIntel - Over the weekend, DK car dealer Jan Nygaard listed on #dragonforce DLS, RO clothing manufacturer Bigotti and FR food packaging cie Nutripack listed on #safepay DLS, and FR platform DataSociete listed on #killsec DLS www.ransomfeed.it

Falconfeeds.io on LinkedIn: Cybercrime Hits Europe 🔴 983 Cyber Attacks. 31 Countries. 1 Month.  December wasn’t just another month for Europe—it was a battleground. Hackers hit France, Ukraine, and Italy the…

#ThreatIntel - @falconfeedsio.bsky.social monthly report on ransomware attacks and DDoS carried out against Europe www.linkedin.com/feed/update/...

Chcieli wpływać na wybory w Polsce. Minister o szczegółach Zidentyfikowano kolejną grupę, zainspirowaną przez rosyjski wywiad wojskowy, której celem jest wpływanie na polskie wybory - oznajmił Krzysztof Gawkowski. Szef resortu cyfryzacji wyjaśnił, że chodzi o...

#ThreatIntel - PL Minister of Digital Affairs declared having identified an ongoing information operation targeting the country's electoral process in the context of the Presidential elections (May 2025'). This campaign would be associated to RU military intel www.polsatnews.pl/wiadomosc/20...

Major location data broker reports hack to Norwegian authorities The location data broker Gravy Analytics confirmed to Norwegian authorities that it was breached by a hacker — potentially exposing a trove of sensitive information.

Part II - Gravy Analytics reported the breach to NO authorities. Hackers reportedly gained access to the company AWS environment through a “misappropriated access key.” Hacked data reportedly appears to have originated in 1000+ apps, incl. Tinder, Grindr, Candy Crush therecord.media/location-dat...

#ThreatIntel - NL Eindhoven University victim of a cyberattack. Nature and extent of the attack unknown, no sign of stolen data, investigation ongoing. While lectures have been cancelled today, limited impact expected. Update to be expected on Tuesday.