Los Angeles Unified confirms student data stolen in Snowflake account hack
The Los Angeles Unified School District has confirmed a data breach after threat actors stole student and employee data by breaching the company's Snowflake account. [...]
Coverage of named threat actors and intrusion sets examines reported incidents, infrastructure, disruption, and defensive guidance.
Search across headline titles and summaries.
Background for this topic.
Coverage under this tag concerns a named threat actor or intrusion set: an individual, group, or organized operation assessed to be responsible for malicious cyber activity. Reports may describe incidents, malware, attack infrastructure, disruption efforts, or analyst assessments. Attribution is often provisional, so actor names and reported links should be treated as intelligence judgments rather than established identity, nationality, sponsorship, or motive.
For defenders, such reporting can help connect incidents and prioritize monitoring, but indicators and techniques may be reused or become obsolete. Validate reported infrastructure, hashes, and behaviors against local telemetry; use confirmed weaknesses to guide vulnerability remediation and access controls. If activity is suspected, preserve relevant logs and evidence, contain affected accounts or systems, and coordinate investigation without relying on an actor label alone.
The Los Angeles Unified School District has confirmed a data breach after threat actors stole student and employee data by breaching the company's Snowflake account. [...]
A previously undocumented Chinese-speaking threat actor codenamed SneakyChef has been linked to an espionage campaign primarily targeting government entities across Asia and EMEA (Europe, Middle East, and Africa) with SugarGh0st malware since at least August 2023
Cybersecurity researchers have shed light on a new phishing campaign that has been identified as targeting people in Pakistan using a custom backdoor
CDK Global has cautioned customers about unscrupulous actors calling them and posing as CDK agents or affiliates to gain unauthorized systems access. The warning follows ongoing cyberattacks that have hit CDK, a software-as-a-service (SaaS) platform that thousands of US car dealerships rely upon. [...]
A suspected Chinese threat actor tracked as UNC3886 uses publicly available open-source rootkits named 'Reptile' and 'Medusa' to remain hidden on VMware ESXi virtual machines, allowing them to conduct credential theft, command execution, and lateral movement. [...]
The "Markopolo" threat actors built a convincing brand and Web presence for fake software to deliver the dangerous Atomic macOS stealer, among other malware, to carry out cryptocurrency heists.
Threat actors are actively exploiting a SolarWinds Serv-U path-traversal vulnerability, leveraging publicly available proof-of-concept (PoC) exploits. [...]
The French cybersecurity agency has warned that Russian-aligned threat actor has been targeting public organizations for years
Notorious threat actor IntelBroker is claiming to have stolen data from Apple and AMD
T-Mobile has denied it was breached or that source code was stolen after a threat actor claimed to be selling stolen data from the telecommunications company. [...]
Advance Auto Parts has confirmed it suffered a data breach after a threat actor attempted to sell stolen data on a hacking forum earlier this month. [...]
Chinese-speaking users are the target of a never-before-seen threat activity cluster codenamed Void Arachne that employs malicious Windows Installer (MSI) files for virtual private networks (VPNs) to deliver a command-and-control (C&C) framework called Winos 4.0
A threat actor who goes by alias markopolo has been identified as behind a large-scale cross-platform scam that targets digital currency users on social media with information stealer malware and carries out cryptocurrency theft
We recently discovered a new threat actor group that we dubbed Void Arachne. This group targets Chinese-speaking users with malicious Windows Installer (MSI) files in a recent campaign. These MSI files contain legitimate software installer files for AI software and other popular software but are bundled with malicious Winos payloads.
Chinese Threat Actor 'Velvet Ant' Evaded Detection for Years in Victim NetworkA Chinese threat actor used state-sponsored techniques to carry out a cyberespionage campaign targeting a major organization's networks after exploiting legacy technology to gain multiple footholds across the enterprise infrastructure, researchers said in a Monday blog post.
AMD is investigating whether it suffered a cyberattack after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains AMD employee information, financial documents, and confidential information. [...]
Threat actors were able to breach Blackbaud's systems and compromise sensitive data, largely because of the company's poor cybersecurity practices and lack of encrypted data, the AG said.
Threat actors are luring unsuspecting users with free or pirated versions of commercial software to deliver a malware loader called Hijack Loader, which then deploys an information stealer known as Vidar Stealer
Microsoft last year described the threat actor — known as UNC3944, Scattered Spider, Scatter Swine, Octo Tempest, and 0ktapus — as one of the most dangerous current adversaries.