1663 matches found
Recent Lazarus campaign leveraged Crypto App to spread AppleJeus malware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Lazarus Group threat actor was noticed employing fake cryptocurrency apps as a ruse to transmit a previously unidentified version of the AppleJeus malware masquerading as malicious Microsoft Office...
New Go-based Botnet Exploiting Exploiting Dozens of IoT Vulnerabilities to Expand its Network
NOTE: In this blog, Zerobot refers to a botnet that spreads primarily through IoT and web application vulnerabilities. It is not associated with the chatbot ZeroBot.ai. A novel Go-based botnet called Zerobot has been observed in the wild proliferating by taking advantage of nearly two dozen...
North Korean Hackers Spread AppleJeus Malware Disguised as Cryptocurrency Apps
The Lazarus Group threat actor has been observed leveraging fake cryptocurrency apps as a lure to deliver a previously undocumented version of the AppleJeus malware, according to new findings from Volexity. "This activity notably involves a campaign likely targeting cryptocurrency users and...
North Korea Hackers Using New "Dolphin" Backdoor to Spy on South Korean Targets
The North Korea-linked ScarCruft group has been attributed to a previously undocumented backdoor called Dolphin that the threat actor has used against targets located in its southern counterpart. "The backdoor ... has a wide range of spying capabilities, including monitoring drives and portable...
Ducktail Malware Operation Evolves with New Malicious Capabilities
The operators of the Ducktail information stealer have demonstrated a "relentless willingness to persist" and continued to update their malware as part of an ongoing financially driven campaign. "The malware is designed to steal browser cookies and take advantage of authenticated Facebook session...
Nighthawk Likely to Become Hackers' New Post-Exploitation Tool After Cobalt Strike
A nascent and legitimate penetration testing framework known as Nighthawk is likely to gain threat actors' attention for its Cobalt Strike-like capabilities. Enterprise security firm Proofpoint said it detected the use of the software in mid-September 2022 by a red team with a number of test emai...
Google Identifies 34 Cracked Versions of Popular Cobalt Strike Hacking Toolkit in the Wild
Google Cloud last week disclosed that it identified 34 different hacked release versions of the Cobalt Strike tool in the wild, the earliest of which shipped in November 2012. The versions, spanning 1.44 to 4.7, add up to a total of 275 unique JAR files, according to findings from the Google Clou...
Threat Round up for November 11 to 18
Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Nov. 11 and Nov. 18. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...
Deep Packet Inspection vs. Metadata Analysis of Network Detection & Response (NDR) Solutions
Today, most Network Detection and Response NDR solutions rely on traffic mirroring and Deep Packet Inspection DPI. Traffic mirroring is typically deployed on a single-core switch to provide a copy of the network traffic to a sensor that uses DPI to thoroughly analyze the payload. While this...
Malicious Google Play Store App Spotted Distributing Xenomorph Banking Trojan
Google has removed two new malicious dropper apps that have been detected on the Play Store for Android, one of which posed as a lifestyle app and was caught distributing the Xenomorph banking malware. "Xenomorph is a trojan that steals credentials from banking applications on users' devices,"...
Server-side attacks, C&C in public clouds and other MDR cases we observed
Introduction This report describes several interesting incidents observed by the Kaspersky Managed Detection and Response MDR team. The goal of the report is to inform our customers about techniques used by attackers. We hope that learning about the attacks that took place in the wild helps you t...
Fodcha DDoS Botnet Resurfaces with New Capabilities
The threat actor behind the Fodcha distributed denial-of-service DDoS botnet has resurfaced with new capabilities, researchers reveal. This includes changes to its communication protocol and the ability to extort cryptocurrency payments in exchange for stopping the DDoS attack against a target,...
Point-of-sale malware used to steal 167,000 credit cards
In the 19 months between February 2021 and September 2022, two point-of-sale POS malware operators have stolen more than 167,000 payment records, mainly from the US, according to researchers at Group-IB. The researchers were able to retrieve information about infected machines and compromised...
What Does The Fox Hack? Breaking Down the Anonymous Fox F-Automatical Script
While performing routine security research, one of our threat analysts discovered the latest version of a Command and Control C2 script, which is referred to as F-Automatical within the script’s code and was commonly known as FoxAuto in older versions. This is the seventh version of this automati...
Critical RCE Vulnerability Discovered in Popular Cobalt Strike Hacking Software
HelpSystems, the company behind the Cobalt Strike software platform, has released an out-of-band security update to address a remote code execution vulnerability that could allow an attacker to take control of targeted systems. Cobalt Strike is a commercial red-team framework that's mainly used f...
New Chinese Cyberespionage Group Targeting IT Service Providers and Telcos
Telecommunications and IT service providers in the Middle East and Asia are being targeted by a previously undocumented Chinese-speaking threat group dubbed WIP19. The espionage-related attacks are characterized by the use of a stolen digital certificate issued by a Korean company called DEEPSoft...
CISA Releases RedEye: Red Team Campaign Visualization and Reporting Tool
CISA has released RedEye, an interactive open-source analytic tool to visualize and report Red Team command and control activities. RedEye allows an operator to quickly assess complex data, evaluate mitigation strategies, and enable effective decision making. For more information, CISA encourages...
Hunting for Cobalt Strike: Mining and plotting for fun and profit
Introduction Cobalt Strike is a commercial Command and Control framework built by Helpsystems. You can find out more about Cobalt Strike on the MITRE ATT&CK page. But it can also be used by real adversaries. In this post we describe how to use RiskIQ and other Microsoft technologies to see if you...
New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems
A previously undocumented command-and-control C2 framework dubbed Alchimist is likely being used in the wild to target Windows, macOS, and Linux systems. "Alchimist C2 has a web interface written in Simplified Chinese and can generate a configured payload, establish remote sessions, deploy payloa...
Researchers Uncover Custom Backdoors and Spying Tools Used by Polonium Hackers
A threat actor tracked as Polonium has been linked to over a dozen highly targeted attacks aimed at Israelian entities with seven different custom backdoors since at least September 2021. The intrusions were aimed at organizations in various verticals, such as engineering, information technology,...