FlagThis

US and Dutch authorities have seized 39 domains and servers linked to the HeartSender cybercrime group, based in Pakistan. This group, also known as Saim Raza and Manipulators Team, was known for selling hacking and fraud tools. The coordinated law enforcement operation aimed to disrupt the network’s activities, which had caused over $3 million in victim losses.

The HeartSender network had been active since at least 2020, providing malicious software and phishing toolkits to transnational organized crime groups. These tools were marketed as “fully undetectable” and were used for various cybercrimes, including business email compromise (BEC) attacks, identity theft, and credential harvesting. The seizure marks a significant step in combating cybercrime and protecting potential victims from financial losses.

Multiple critical vulnerabilities in Ivanti CSA have been actively exploited by Chinese state-sponsored actors, prompting warnings from CISA and the FBI. These vulnerabilities allow attackers to gain unauthorized access and execute arbitrary code. The agencies have released detailed technical information and IOCs for network defenders. These exploits highlight the need for immediate patching and robust security measures, and demonstrates the speed at which attackers are weaponizing disclosed vulnerabilities.

The US Department of Justice, with the FBI, conducted a multi-month operation to remove the PlugX malware from over 4,200 infected computers in the United States. PlugX is a remote access trojan (RAT) widely used by threat actors associated with the People’s Republic of China. This action targeted the command and control infrastructure used by these actors to compromise systems, disrupting their ability to maintain persistent access and conduct further malicious activities on affected networks. The operation underscores the US government’s proactive efforts in combating state-sponsored cyber espionage activities, aiming to neutralize threats before they can be further leveraged for malicious purposes.

The FBI has issued a warning regarding a new HiatusRAT malware campaign which is targeting web cameras and DVRs, particularly those made by Chinese manufacturers. The attackers are exploiting vulnerabilities like weak default passwords, and are using tools like Ingram and Medusa to gain unauthorized access. Once compromised the devices are used as proxies and converted into covert communication channels. This campaign is targeting IoT devices in the US, Australia, Canada, New Zealand, and the UK. System administrators are urged to limit the use of the affected devices or isolate them from the rest of the network to prevent further exploitation.