National CSIRT-CY | National Computer Security Incident Response Team of Cyprus

A decryptor for the ThunderX ransomware has been released by cybersecurity firm Tesorion that lets victims recover their files for free. ThunderX is a relatively new ransomware that became active towards the end of August 2020.

On 9 August, QuoIntelligence disseminated a Warning to its government customers about a new APT28 (aka Sofacy, Sednit, Fancy Bear, STRONTIUM, etc.) campaign targeting government bodies of NATO members (or countries cooperating with NATO). In particular, we found a malicious file uploaded to VirusTotal, which ultimately drops a Zebrocy malware and communicates with a C2 in France. After our discovery, we reported the malicious C2 to the French law enforcement as part of our responsible disclosure process.

A hacker has gained access and exfiltrated data from a federal agency, the Cybersecurity and Infrastructure Security Agency (CISA) said on Thursday.

icrosoft has confirmed that a bug in Windows 10 version 1607 and Windows Server 2016 is causing the Group Policy Editor to display errors.

In a report this week, Microsoft said that it disrupted operations of a nation-state threat group that was using its Azure cloud infrastructure for cyber attacks.

QNAP NAS devices are being targeted in attacks by the AgeLocker ransomware, which encrypts the device’s data, and in some cases, steal files from the victim.

Microsoft has warned that attackers are actively using the Windows Server Zerologon exploits in attacks and advises all Windows administrators to install the necessary security updates.

A new ransomware group has been targeting large corporate networks using self-made backdoors and file-encrypting malware for the initial and final stages of the attack.