TeamFiltration was built to safeguard systems, but now it's fueling attacks on over 80,000 accounts. How did a trusted tool flip sides and empower hackers? Discover the twist behind this dual-use dilemma.
#teamfiltration
#cybersecurity
#cyberattacks
#penetrationtesting
#passwordspraying
Leer van Laundry Bear: tips voor digitale weerbaarheid
De AIVD en MIVD hebben op 27 mei 2025 een gezamenlijke waarschuwing uitgebracht over de Russische cybergroep Laundry Bear. Deze groep zat achter de hack op de Nederlandse politie in september 2024. Daarbij werden werkgerelateerde contactgegevens van alle agenten buitgemaakt. De publicatie gaat in op hoe de groep te werk gaat en hoe je je organisatie beschermt tegen dergelijke aanvallen.
Laundry Bear voert sinds 2024 gerichte cyberaanvallen uit op westerse overheden en organisaties. Hun focus ligt op de overheid, defensie, defensieleveranciers, maatschappelijke organisaties en digitale dienstverleners.
De groep gebruikt bekende aanvalsmethoden, zoals passwordspraying, het misbruiken van sessiecookies en Living-off-the-Land-technieken (gebruikmaken van bestaande software binnen een systeem).
Tips van AIVD en MIVD
De AIVD en MIVD adviseren organisaties in deze sectoren – en daarbuiten – om hun digitale weerbaarheid te versterken. Belangrijke aanbevelingen zijn:
Lees meer over de publicatie. Bekijk ook de 5 basisprincipes op de website van het NCSC.
Dit is een automatisch geplaatst bericht. Vragen of opmerkingen kun je richten aan @DigitaleOverheid@social.overheid.nl
#bringYourOwnDevice #cyberaanvallen #cybergroep #cybersecurity #LivingOffLandTechnieken #nieuwsbrief102025 #passwordspraying #phishing #sessiecookies #weerbaarheid
De Russische cyberactor Laundry Bear is een nieuwe, maar alarmerende speler op het wereldtoneel van cyberdreigingen.
Podcast Spotify: https://open.spotify.com/episode/4Mtg8ieEiANP2D9engr4F7?si=GvOX_uqMSgOnuLDPWF3jIg
Podcast Youtube: https://youtu.be/TIfFZ3RfOq8?si=JP-RIwSvnSsQLVZK
Artikel Cybercrimeinfo: https://www.ccinfo.nl/menu-onderwijs-ontwikkeling/cybercrime/cyberoorlog/2532381_laundry-bear-de-russische-cyberdreiging-die-nederland-en-de-politie-raakt
#LaundryBear #RussischeCyberdreiging #Cybercrime #Cyberoorlog #AIVD #MIVD #Nederland #Politie #GeopolitiekeDreiging #Cybersecurity #Phishing #PasswordSpraying #Cyberaanvallen #Spionage
#PasswordSpraying-Angriff auf #M365-Konten von #Botnet mit über 130.000 Drohnen | Security https://www.heise.de/news/Password-Spraying-Angriff-auf-M365-Konten-von-Botnet-mit-ueber-130-000-Drohnen-10294301.html
🚨 A botnet of 130,000 hacked devices is launching a massive Password-Spraying attack on Microsoft 365 and bypassing MFA 🔓⚠️
Read: https://hackread.com/botnet-devices-microsoft-365-password-spraying-attack/
Ever heard of 'password spraying'? No? It's where scammers try to gain access to all your accounts using a common password. Protect your business with strong, unique passwords and two-factor authentication
#PasswordSpraying #DataSecurity #CyberCrime https://www.techtarget.com/whatis/definition/password-spraying
Researchers from HUMAN’s Satori Threat Intelligence discovered a significant number of VPN apps on Android phones that, without users' knowledge, turned their devices into criminal proxies as part of a campaign named PROXYLIB. Cybercriminals and state actors use proxies to hide their activities, making it harder for them to be caught. They found 28 apps on Google Play that did this, including 17 free VPNs, which have since been removed. The apps used a shared code library, PROXYLIB, to enroll devices into the criminal network. HUMAN also found hundreds of apps in third-party repositories that appeared to use the LumiApps toolkit, a Software Development Kit (SDK) which can be used to load PROXYLIB. They also tied PROXYLIB to another platform that specializes in selling access to proxy nodes, called Asocks.
Residential proxies are a network of proxy servers sourced from real IP addresses provided by internet service providers (ISPs), helping users hide their actual IP addresses by routing their internet traffic through an intermediary server. The anonymity benefits aside, they are ripe for abuse by threat actors to not only obfuscate their origins but also to conduct a wide range of attacks. Many threat actors purchase access to these networks to facilitate their operations. Some of these networks can be created by malware operators tricking unsuspecting users into installing bogus apps that essentially corral the devices into a botnet that's then monetized for profit by selling the access to other customers.
The Android VPN apps discovered by HUMAN are designed to establish contact with a remote server, enroll the infected device to the network, and process any request from the proxy network. This operation has been codenamed PROXYLIB by the company. The 29 apps in question have since been removed by Google. The anonymity benefits of residential proxies allow threat actors to not only hide their origins but also to conduct a wide range of attacks, including advertising fraud, password spraying, and credential stuffing attacks.
#cybersecurity #android #malware #vpn #proxylib #google #googleplay #apps #lumiapps #sdk #proxy #asocks #network #server #passwordspraying #humansecurity #satori #threatintelligence
#Russia's #CozyBear (#APT29) dives into cloud environments with a new bag of tricks
One of the ways Cozy Bear breaks into victims' cloud services is via #bruteforce and #passwordspraying attacks aimed at getting access to accounts used to manage apps and services, and to those belonging to users who no longer work at the victim org – in other words, which that aren't regularly monitored by a human. Additionally, #Kremlin's spies frequently use tokens to access accounts
https://www.theregister.com/2024/02/27/russia_cozy_bear_new_ttps/
Among the many articles reporting that Russian hackers accessed Microsoft Execs' Emails, I found this explanation of #passwordspraying - the alleged access method - usefully clear and concise:
"The company in its regulatory disclosure said attackers had executed a password spraying attack in late November and gained access to "a legacy non-production test tenant account." Password spraying is a technique in which hackers enter the same password guess into a number of accounts in an attempt to avoid account lockout by betting that at least one user uses a previously leaked password or has one that is easy to guess."
https://www.databreachtoday.com/microsoft-russian-hackers-had-access-to-executives-emails-a-24152
@securityincidents "(...)Zugang zu einem #Testkonto erlangt. Über die weitreichenden #Berechtigungen dieses Kontos(...)"
Merke: Auch Testkonten sind kein Spielzeug.
Aber was ist eigentlich #PasswordSpraying? Ein fancy Term für Trial & Error?
Microsoft network breached through password-spraying by Russian-state hackers
https://arstechnica.com/security/2024/01/microsoft-network-breached-through-password-spraying-by-russian-state-hackers/ #Microsoft #network #breach #PasswordSpraying #Russian #MidnightBlizzard #SecureFutureInitiative
Post-Breach, Peatix Data Reportedly Found on Instagram, Telegram - Events application Peatix this week disclosed a data breach, after user account information report... https://threatpost.com/breach-peatix-data-instagram-telegram/161560/ #credentialstuffing #passwordspraying #useraccountdata #phishingattack #websecurity #databreach #stolendata #instagram #telegram #breach #peatix #hacks
APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins - The Russia-linked threat group is harvesting credentials for Microsoft's cloud offering, and targe... https://threatpost.com/apt28-theft-office365-logins/159195/ #2020presidentialelection #credentialharvesting #passwordspraying #cloudsecurity #bruteforcing #websecurity #government #fancybear #microsoft #office365 #strontium #russia #sofacy #hacks #apt28
Been hearing a lot about this in the security news, and now it seems as though it's been taken up a notch. #iran #passwordspraying #usa #security #cyberwarfare
Iranian hackers have been “password spraying” the US grid | Ars Technica
https://arstechnica.com/information-technology/2020/01/iranian-hackers-have-been-password-spraying-the-us-grid/
