New Findings Challenge Attribution in Denmark's Energy Sector Cyberattacks

The cyber attacks targeting the energy sector in Denmark last year may not have had the involvement of the Russia-linked Sandworm hacking group, new findings from Forescout show. The intrusions, which targeted around 22 Danish energy organizations in May 2023, occurred in two distinct waves, one...

Threat Actors Increasingly Abusing GitHub for Malicious Purposes

The ubiquity of GitHub in information technology IT environments has made it a lucrative choice for threat actors to host and deliver malicious payloads and act as dead drop resolvers, command-and-control, and data exfiltration points. "Using GitHub services for malicious infrastructure allows...

Atomic Stealer Gets an Upgrade - Targeting Mac Users with Encrypted Payload

Cybersecurity researchers have identified an updated version of a macOS information stealer called Atomic or AMOS, indicating that the threat actors behind the malware are actively enhancing its capabilities. "It looks like Atomic Stealer was updated around mid to late December 2023, where its...

Syrian Hackers Distributing Stealthy C#-Based Silver RAT to Cybercriminals

Threat actors operating under the name Anonymous Arabic have released a remote access trojan RAT called Silver RAT that's equipped to bypass security software and stealthily launch hidden applications. "The developers operate on multiple hacker forums and social media platforms, showcasing an...

RansomwareSim - A Simulated Ransomware

Overview RansomwareSim is a simulated ransomware application developed for educational and training purposes. It is designed to demonstrate how ransomware encrypts files on a system and communicates with a command-and-control server. This tool is strictly for educational use and should not be use...

Microsoft Warns of New 'FalseFont' Backdoor Targeting the Defense Sector

Organizations in the Defense Industrial Base DIB sector are in the crosshairs of an Iranian threat actor as part of a campaign designed to deliver a never-before-seen backdoor called FalseFont. The findings come from Microsoft, which is tracking the activity under its weather-themed moniker Peach...

New JavaScript Malware Targeted 50,000+ Users at Dozens of Banks Worldwide

A new piece of JavaScript malware has been observed attempting to steal users' online banking account credentials as part of a campaign that has targeted more than 40 financial institutions across the world. The activity cluster, which employs JavaScript web injections, is estimated to have led t...

CVE-2023-50987

creationtimestamp| type| source ---|---|--- 2023-12-20 23:42:31+00:00| seen| https://t.me/ctinow/157391 2023-12-22 23:17:03+00:00| seen| https://t.me/ctinow/158656 2024-01-14 07:41:23+00:00| seen| https://t.me/ctinow/167948...

New Go-Based JaskaGO Malware Targeting Windows and macOS Systems

A new Go-based information stealer malware called JaskaGO has emerged as the latest cross-platform threat to infiltrate both Windows and Apple macOS systems. AT&T Alien Labs, which made the discovery, said the malware is "equipped with an extensive array of commands from its command-and-control C...

Hackers Abusing GitHub to Evade Detection and Control Compromised Hosts

Threat actors are increasingly making use of GitHub for malicious purposes through novel methods, including abusing secret Gists and issuing malicious commands via git commit messages. "Malware authors occasionally place their samples in services like Dropbox, Google Drive, OneDrive, and Discord ...

New Malvertising Campaign Distributing PikaBot Disguised as Popular Software

The malware loader known as PikaBot is being distributed as part of a malvertising campaign targeting users searching for legitimate software like AnyDesk. "PikaBot was previously only distributed via malspam campaigns similarly to QakBot and emerged as one of the preferred payloads for a threat...

Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders

The Iranian state-sponsored threat actor known as OilRig deployed three different downloader malware throughout 2022 to maintain persistent access to victim organizations located in Israel. The three new downloaders have been named ODAgent, OilCheck, and OilBooster by Slovak cybersecurity company...

Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans

The notorious North Korea-linked threat actor known as the Lazarus Group has been attributed to a new global campaign that involves the opportunistic exploitation of security flaws in Log4j to deploy previously undocumented remote access trojans RATs on compromised hosts. Cisco Talos is tracking...

Mac Users Beware: New Trojan-Proxy Malware Spreading via Pirated Software

Unauthorized websites distributing trojanized versions of cracked software have been found to infect Apple macOS users with a new Trojan-Proxy malware. "Attackers can use this type of malware to gain money by building a proxy server network or to perform criminal acts on behalf of the victim: to...

Alert: New WailingCrab Malware Loader Spreading via Shipping-Themed Emails

Delivery- and shipping-themed email messages are being used to deliver a sophisticated malware loader known as WailingCrab. "The malware itself is split into multiple components, including a loader, injector, downloader and backdoor, and successful requests to C2-controlled servers are often...

N. Korean Hackers Distribute Trojanized CyberLink Software in Supply Chain Attack

A North Korean state-sponsored threat actor tracked as Diamond Sleet is distributing a trojanized version of a legitimate application developed by a Taiwanese multimedia software developer called CyberLink to target downstream customers via a supply chain attack. "This malicious file is a...

Mustang Panda Targets Philippines Government Using Legitimate Software

Summary: Mustang Panda, a threat actor associated with China, has been implicated in a cyber attack targeting a government entity in the Philippines. The attackers employed a strategy of using legitimate software, such as Solid PDF Creator and SmadavProtect an antivirus solution based in Indonesi...

Atomic Stealer distributed to Mac users via fake browser updates

Atomic Stealer, also known as AMOS, is a popular stealer for Mac OS. Back in September, we described how malicious ads were tricking victims into downloading this piece of malware under the disguise of a popular application. In an interesting new development, AMOS is now being delivered to Mac...

The Continued Evolution of the DarkGate Malware-as-a-Service

The Continued Evolution of the DarkGate Malware-as-a-Service By Ernesto Fernández Provecho, Pham Duy Phuc, Ciana Driscoll and Vinoo Thomas · November 21, 2023 On September 2023, the Trellix Security Operations Center SOC successfully detected and stopped an attack against Musarubra, the holding...

The Continued Evolution of the DarkGate Malware-as-a-Service

The Continued Evolution of the DarkGate Malware-as-a-Service By Ernesto Fernández Provecho, Pham Duy Phuc, Ciana Driscoll and Vinoo Thomas · November 21, 2023 On September 2023, the Trellix Security Operations Center SOC successfully detected and stopped an attack against Musarubra, the holding...