1667 matches found
Magic Hound Exploiting Old Microsoft Exchange ProxyShell Vulnerabilities
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here APT35 aka Magic Hound, an Iranian-backed threat group, has begun using Microsoft Exchange ProxyShell vulnerabilities as an initial attack vector and to execute code through multiple web shells. The group has primarily targeted...
Chinese 'Mustang Panda' Hackers Spotted Deploying New 'Hodur' Malware
A China-based advanced persistent threat APT known as Mustang Panda has been linked to an ongoing cyber espionage campaign using a previously undocumented variant of the PlugX remote access trojan on infected machines. Slovak cybersecurity firm ESET dubbed the new version Hodur, owing to its...
New Variant of Chinese Gimmick Malware Targeting macOS Users
Researchers have disclosed details of a newly discovered macOS variant of a malware implant developed by a Chinese espionage threat actor known to strike attack organizations across Asia. Attributing the attacks to a group tracked as Storm Cloud, cybersecurity firm Volexity characterized the new...
8 Tips for Securing Networks When Time Is Scarce
"At this particular mobile army hospital, we're not concerned with the ultimate reconstruction of the patient. We only care about getting the kid out of here alive enough for someone else to put on the fine touches. We work fast and we're not dainty, because a lot of these kids who can stand 2...
New Backdoor Targets French Entities via Open-Source Package Installer
Researchers have exposed a new targeted email campaign aimed at French entities in the construction, real estate, and government sectors that leverages the Chocolatey Windows package manager to deliver a backdoor called Serpent on compromised systems. Enterprise security firm Proofpoint attribute...
South Korean DarkHotel Hackers Targeted Luxury Hotels in Macau
Luxury hotels in the Chinese special administrative region of Macau were the target of a malicious spear-phishing campaign from the second half of November 2021 and through mid-January 2022. Cybersecurity firm Trellix attributed the campaign with moderate confidence to a suspected South Korean...
New Variant of Russian Cyclops Blink Botnet Targeting ASUS Routers
ASUS routers have emerged as the target of a nascent botnet called Cyclops Blink, almost a month after it was revealed the malware abused WatchGuard firewall appliances as a stepping stone to gain remote access to breached networks. According to a new report published by Trend Micro, the botnet's...
TrickBot Malware Abusing MikroTik Routers as Proxies for Command-and-Control
Microsoft on Wednesday detailed a previously undiscovered technique put to use by the TrickBot malware that involves using compromised Internet of Things IoT devices as a go-between for establishing communications with the command-and-control C2 servers. "By using MikroTik routers as proxy server...
Cyclops Blink Sets Sights on Asus Routers
This report discusses the technical capabilities of this Cyclops Blink malware variant that targets ASUS routers and includes a list of more than 150 current and historical command-and-control C&C servers of the Cyclops Blink botnet...
Suspected DarkHotel APT Activity Update
Suspected DarkHotel APT activity update One Hotel to rule them all, One Hotel to find them, One Hotel to bring them all and in the darkness bind them. By John Fokker · March 17, 2022 This story was also written by Thibault Seret Introduction: Our advanced threat research team has discovered a...
Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure
Trickbot, a sophisticated trojan that has evolved significantly since its discovery in 2016, has continually expanded its capabilities and, even with disruption efforts and news of its infrastructure going offline, it has managed to remain one of the most persistent threats in recent years. The...
Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure
Trickbot, a sophisticated trojan that has evolved significantly since its discovery in 2016, has continually expanded its capabilities and, even with disruption efforts and news of its infrastructure going offline, it has managed to remain one of the most persistent threats in recent years. The...
Mustang Panda targets European diplomats using enhanced PlugX backdoor
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Mustang Panda, a Chinese cyberespionage group, has been targeting European diplomats with a revised version of the PlugX backdoor in an ongoing campaign linked to the ongoing conflict in Ukraine. The group, also known as...
Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads
The Qakbot botnet is getting more dangerous, sinking its fangs into email threads and injecting malicious modules to pump up the core botnet’s powers. On Thursday, Sophos published a deep dive into the botnet, describing how researchers have recently seen it spreading through email thread hijacki...
Emotet Botnet's Latest Resurgence Spreads to Over 100,000 Computers
The insidious Emotet botnet, which staged a return in November 2021 after a 10-month-long hiatus, is once again exhibiting signs of steady growth, amassing a swarm of over 100,000 infected hosts for perpetrating its malicious activities. "While Emotet has not yet attained the same scale it once...
Broadcom Software Discloses APT Actors Deploying Daxin Malware in Global Espionage Campaign
Broadcom Software—an industry member of CISA’s Joint Cyber Defense Collaborative JCDC—uncovers an advanced persistent threat APT campaign against select governments and other critical infrastructure targets in a publication titled Daxin: Stealthy Backdoor Designed for Attacks Against Hardened...
Cyclops Blink malware: US and UK authorities issue alert
According to a joint security advisory published yesterday by US and UK cybersecurity and law enforcement agencies, a new malware called Cyclops Blink has surfaced to replace the VPNFilter malware attributed to the Sandworm group, which has always been seen as a Russian state-sponsored group...
PseudoManuscrypt Malware Spreading the Same Way as CryptBot Targets Koreans
Numerous Windows machines located in South Korea have been targeted by a botnet tracked as PseudoManuscrypt since at least May 2021 by employing the same delivery tactics of another malware called CryptBot. "PseudoManuscrypt is disguised as an installer that is similar to a form of CryptBot, and ...
Baby Golang-Based Botnet Already Pulling in $3K/Month for Operators
There’s a new, still-under-development, Golang-based botnet called Kraken with a level of brawn that belies its youth: It’s using the SmokeLoader malware loader to spread like wildfire and is already raking in a tidy USD $3,000/month for its operators, researchers report. Though its name may soun...
BlackCat Ransomware group attacks on the rise
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The Blackcat Ransomware gang also known as ALPHV has targeted around 25 organizations belonging to multiple sectors globally since November 2021. The group has claimed responsibility for the recent cyber attack on Swissport...