National Oil Ethiopia PLC Suffers Major Data Breach National Oil Ethiopia PLC (NOC) reportedly suffered a major data breach and ransomware attack after a threat actor detailed an eight-step intrusion on a hacker forum. The attacker says they exploited an Exchange ProxyLogon vulnerability to escalate privileges, disable Kaspersky, compromise Veeam backups, deploy ransomware, and exfiltrate four databases including an...

National Oil Ethiopia PLC hit by a major ransomware attack via Exchange ProxyLogon exploit. Attackers disabled Kaspersky, compromised Veeam backups, and stole 800GB ERP data across four databases. #NationalOilEthiopia #ProxyLogon #Ethiopia

Capacità covert cinesi: Silk Typhoon evoluto da Hafnium per spionaggio globale con exploit e tool offensivi.

#cina #evidenza #exploit #Hafnium #proxylogon #SilkTyphoon #zeroday
www.matricedigitale.it/2025/07/31/e...

US indicts Black Kingdom ransomware operator: technical analysis of ProxyLogon exploitation and law enforcement response The U.S. Department of Justice unsealed charges against Yemeni national Rami Khaled Ahmed (36) for deploying Black Kingdom ransomware via ProxyLogon exploits (CVE-2021-26855) against 1,500+ systems, including U.S. healthcare, education, and hospitality sectors. The attacks, occurring between March 2021 and June 2023, leveraged post-exploitation PowerShell commands to deploy web shells and download ransomware payloads. Technical […] The post US indicts Black Kingdom ransomware operator: technical analysis of ProxyLogon exploitation and law enforcement response first appeared on Secure Bulletin.

US indicts Black Kingdom ransomware operator: technical analysis of ProxyLogon exploitation and law enforcement response The U.S. Department of Justice unsealed charges against Yemeni national Rami Khaled Ahmed (36) for deploying Black Kingdom ransomware via ProxyLogon exploits (CVE-2021-26855) against 1,500+ systems, including U.S. healthcare, education, and hospitality sectors. The attacks, occurring between March 2021 and June 2023, leveraged post-exploitation PowerShell commands to deploy web shells and download ransomware payloads. Technical […] The post US indicts Black Kingdom ransomware operator: technical analysis of ProxyLogon exploitation and law enforcement response first appeared on Secure Bulletin.

Eagerbee backdoor deployed against Middle Eastern govt orgs, ISPs New variants of the Eagerbee malware framework are being deployed against government organizations and internet service providers (ISPs) in the Middle East.

Eagerbee バックドアが中東の政府機関、ISP に展開される

Eagerbee backdoor deployed against Middle Eastern govt orgs, ISPs #BleepingComputer (Jan 6)

#Eagerbee #CrimsonPalace #CoughingDown #ProxyLogon #中東サイバー攻撃

Chinese APT40 hackers hijack SOHO routers to launch attacks An advisory by CISA and multiple international cybersecurity agencies highlights the tactics, techniques, and procedures (TTPs) of APT40 (aka "Kryptonite Panda"), a state-sponsored Chinese cyber-espio...

Chinese #APT40 hackers hijack SOHO routers to launch attacks #CyberAttack #cybersecurity #ProxyLogon www.bleepingcomputer.com/news/securit...

"The combination of #Squirrelwaffle, #ProxyLogon, and #ProxyShell against #Microsoft Exchange Servers is being used to conduct financial fraud through email hijacking." #ExchangeServer #phishing #SpearPhishing #Sophos #APT #CyberSecurity #EmailHijacking

Situation in DE
#Exchange
#server
Landscape #ProxyLogon

#NW

#ProxyLogon #Exchange