Issue #151 - May 26, 2025
- Weekly INK
- May 26
- 2 min read
ConnectWise breached in cyberattack linked to nation-state hackers
Source: Bleeping Computer
IT management software firm ConnectWise says a suspected state-sponsored cyberattack breached its environment and impacted a limited number of ScreenConnect customers. "ConnectWise recently learned of suspicious activity within our environment that we believe was tied to a sophisticated nation state actor, which affected a very small number of ScreenConnect customers," ConnectWise shared in a brief advisory.
Infostealer Attackers Deploy AI-Generated Videos on TikTok
Source: Data Breach Today
A social engineering campaign that uses TikTok videos to trick users into installing information-stealing malware appears to rely on bulletproof servers hosted in Ukraine, say researchers. Trend Micro first detailed earlier this month the social-engineering campaign, involving TikTok videos likely generated using artificial intelligence tools, designed to make users install the Vidar and StealC infostealers.
Danabot Takedown Deals Blow to Russian Cybercrime
Source: Dark Reading
A multiyear investigation by a public-private partnership has resulted in the seizure of the botnet's US-based infrastructure and indictments for its key players, significantly disrupting a vast cybercriminal enterprise. Federal authorities, international law enforcement, and a slew of private organizations have collaborated in a multiyear effort to cripple Danabot, dealing a major blow not only to the notorious malware operation but also to the Russian government's use of cybercriminal proxies for state objectives.
NATO Countries Targeted By New Russian Espionage Group
Source: Info Risk Today
'Laundry Bear' Has Been Active Since 2024. Dutch intelligence agencies and Microsoft say a novel Russian state intelligence hacking group is likely buying stolen credentials from criminal marketplaces to gain entry to North American and European networks.
'Hazy Hawk' Cybercrime Gang Swoops In for Cloud Resources
Source: Dark Reading
Attackers have long exploited sloppy DNS configurations to hijack domain names and redirect users to shady sites for scams, malware distribution, and other malicious activities. Now, a threat actor tracked by Infoblox as "Hazy Hawk" is leveraging a different version of the attack vector to seize control of abandoned cloud resources, like S3 buckets and Azure endpoints, linked to prominent organizations.