Grandoreiro is a modular backdoor that supports the following capabilities: Keylogging Auto-Updation for newer versions and modules Web-Injects and restricting access to specific websites Command execution Manipulating windows Guiding the victim’s browser to a certain URL C2 Domain Generation via DGA (Domain Generation Algorithm) Imitating mouse and keyboard movements The campaign began in June 2022 and is still ongoing, the attacks hit organizations in multiple industries, such as Automotive, Chemicals Manufacturing, and others. The threat actors behind this campaign impersonate Mexican Government Officials, the malware uses multiple anti-analysis techniques along with implementation of Captcha for evading Sandboxes. Read more about it : here

Threat intelligence firm Recorded Future has identified several government entities in Latin America (LATAM) that have been affected by ransomware attacks, likely involving Russian or Russian-speaking hackers, beginning on or around April this year. “If unaddressed, ransomware attacks on local, provincial, or federal government entities in LATAM could constitute a credible national and geopolitical security risk,” Recorded Future said in a post this week. The firm observed at least four high-credibility ransomware gangs targeting LATAM government entities, including Conti, ALPHV, LockBit 2.0, and BlackByte. These incidents constitute a significant escalation in ransomware targeting. ]ec), Recorded Future said. Read more about it: here

The Fast Shop chain would have been the victim of a cybercriminal attack on Wednesday night (22). The blow would have hit internal infrastructure and technology systems, as well as the company's user data and corporate information; even sales platforms would have been impacted, with the company announcing the closure of stores and the suspension of e-commerce orders until early next week. Read more about it: here