Lucene search
K

11 matches found

The Hacker News
The Hacker News
added 2025/07/07 4:51 a.m.20 views

TAG-140 Deploys DRAT V2 RAT, Targeting Indian Government, Defense, and Rail Sectors

A hacking group with ties other than Pakistan has been found targeting Indian government organizations with a modified variant of a remote access trojan RAT called DRAT. The activity has been attributed by Recorded Future's Insikt Group to a threat actor tracked as TAG-140, which it said overlaps...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2023/04/25 1:4 p.m.65 views

Iranian Hackers Launch Sophisticated Attacks Targeting Israel with PowerLess Backdoor

An Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel that's designed to deploy an updated version of a Windows backdoor called PowerLess. Cybersecurity firm Check Point is tracking the activity cluster under its mythical creature handle Educated...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2023/01/29 5:47 a.m.53 views

Gootkit Malware Continues to Evolve with New Components and Obfuscations

The threat actors associated with the Gootkit malware have made "notable changes" to their toolset, adding new components and obfuscations to their infection chains. Google-owned Mandiant is monitoring the activity cluster under the moniker UNC2565, noting that the usage of the malware is...

1.3AI score
Exploits0
The Hacker News
The Hacker News
added 2022/10/13 7:18 a.m.35 views

Researchers Uncover Custom Backdoors and Spying Tools Used by Polonium Hackers

A threat actor tracked as Polonium has been linked to over a dozen highly targeted attacks aimed at Israelian entities with seven different custom backdoors since at least September 2021. The intrusions were aimed at organizations in various verticals, such as engineering, information technology,...

7.4AI score
Exploits0
hivepro
hivepro
added 2022/10/10 7:18 a.m.9 views

Eternity Threat group is actively evolving its malware arsenal

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Eternity threat group also known as Eternity Team or Eternity Project, a Russian "Jester Group"-affiliated threat group, has been active since at least January 2022. Eternity uses a...

1.5AI score
Exploits0
The Hacker News
The Hacker News
added 2022/09/26 10:33 a.m.42 views

BlackCat Ransomware Attackers Spotted Fine-Tuning Their Malware Arsenal

The BlackCat ransomware crew has been spotted fine-tuning their malware arsenal to fly under the radar and expand their reach. "Among some of the more notable developments has been the use of a new version of the Exmatter data exfiltration tool, and the use of Eamfo, information-stealing malware...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2022/09/15 10:14 a.m.33 views

Webworm Hackers Using Modified RATs in Latest Cyber Espionage Attacks

A threat actor tracked under the moniker Webworm is taking advantage of bespoke variants of already existing Windows-based remote access trojans to fly under the radar, some of which are said to be in pre-deployment or testing phases. "The group has developed customized versions of three older...

1.9AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2022/01/24 12:0 a.m.28 views

Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal

We investigated the most recent activities of APT36, also known as Earth Karkaddan, a politically motivated advanced persistent threat APT group, and discuss its use of CapraRAT, an Android RAT with clear similarities in design to the group’s favored Windows malware, Crimson RAT...

3.8AI score
Exploits0
Securelist
Securelist
added 2021/10/18 11:0 a.m.13 views

Lyceum group reborn

This year, we had the honor to be selected for the thirty-first edition of the Virus Bulletin conference. During the live program, we presented our research into the Lyceum group also known as Hexane, which was first exposed by Secureworks in 2019. In 2021, we have been able to identify a new...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2021/05/13 5:9 a.m.40 views

Transparent Tribe APT expands its Windows malware arsenal

By Asheer Malhotra, Justin Thattil and Kendall McKay. Transparent Tribe, also known as APT36 and Mythic Leopard, continues to create fake domains mimicking legitimate military and defense organizations as a core component of their operations. Cisco Talos' previous research has mainly linked this...

2.7AI score
Exploits0
FireEye
FireEye
added 2019/10/10 12:0 a.m.34 views

Mahalo FIN7: Responding to the Criminal Operators’ New Tools and Techniques

During several recent incident response engagements, FireEye Mandiant investigators uncovered new tools in FIN7’s malware arsenal and kept pace as the global criminal operators attempted new evasion techniques. In this blog, we reveal two of FIN7’s new tools that we have called BOOSTWRITE and...

7.9AI score
Exploits0References27
Rows per page
Query Builder