1589 matches found
HijackLoader a Deceptive Modular Malware Loader
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new malware loader, HijackLoader, is swiftly gaining prominence within the cybercriminal sphere, being leveraged to disseminate an array of malicious malware strains, including DanaBot, SystemBC, and...
Agniane Stealer’s Cryptocurrency Quest
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Agniane Stealer, coded in C, operates as an information pilferer. It primarily focuses on extracting stored credentials from a wide array of sources, with a specific emphasis on targeting...
JanelaRAT Strikes at Latin American Financial Sector
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary JanelaRAT, a financial malware, is directed toward users in Latin America LATAM with the ability to seize sensitive data. This malicious software primarily focuses on gathering financial and cryptocurren...
Monti Ransomware’s New Linux Variant Enhanced Encryption
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Monti ransomware, resembling Conti, resurfaces after a break, targeting legal and government sectors. A new Linux variant diverges significantly, using distinct tactics for encryption and virtual machine...
Turla Exploits Ukraine’s Defense Sector with DeliveryCheck Backdoor
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary DeliveryCheck, a .NET-based backdoor, targets Ukraines defense sector, attributed to Russian actor Turla; it aims to exfiltrate Signal app data. Notably, it breaches Microsoft Exchange servers using...
Google Addresses High-Stakes Chrome Zero-Day Vulnerability
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Google tackles Chromes zero-day CVE-2023-3079 vulnerability, which is related to a weakness in the Chrome V8 JavaScript engine. It poses a significant threat by allowing attackers to execute...
APT28’s Cyber Espionage Campaigns Targeting Ukraine
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The APT28 intrusion group, linked to the Russian GRU and renowned for its cyber espionage and sabotage endeavors, was observed employing various phishing methodologies to target the Ukrainian civic...
Daggerfly APT Deploys MgBot to Target African Telecoms Organization
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Daggerfly advanced persistent threat group has been observed using previously unseen plugins from the MgBot malware framework in a recent campaign. To receive real-time threat advisories, please foll...
Creal Stealer Preys on Cryptocurrency Users
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A phishing site that is impersonating a cryptocurrency mining platform is disseminating the New Creal Stealer. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...
Chile government’s Windows and Linux servers hit by RedAlert ransomware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Chilean Ministry of Interior asserted that RedAlert ransomware aka N13V attack had disrupted the operations and online services of a government agency in the country. In classic double-extortion...
Chinese APT group targets financial institutions in the campaign “Operation Cache Panda”
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Chinese threat actor APT10 conducted a series of large-scale supply chain attacks that exclusively targeted the financial software systems of Taiwanese financial institutions from the end of November 2021 until the middle of...
Privilege escalation vulnerability in Citrix Workspace for Linux
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. A local privilege escalation vulnerability could allow a local user to gain root privileges on the computer running Citrix Workspace app for Linux. This vulnerability CVE-2022-21825 affects the Citrix Workspace app for Linu...
Critical vulnerabilities found in WordPress plugin affecting 400,000 sites.
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Around 400,000 sites were affected by several critical vulnerabilitiesCVE-2021-34621, CVE-2021-34622, CVE-2021-34623, CVE-2021-34624 discovered in ProfilePress, a WordPress plugin. The vulnerabilities are easily exploitable...
UNC5537 Targeting Snowflake Users for Data Theft and Extortion
...
Critical Flaw In Ivanti Standalone Sentry Leads To Remote Code Execution
Summary: Ivanti Standalone Sentry has been identified as vulnerable to a critical remote code execution flaw, tracked as CVE-2023-41724. Exploiting this vulnerability, a remote attacker could gain unauthorized access to the target system and execute arbitrary commands. Threat Level - Red |...
From Observer to Asuka – The Reinvention of Stealer
Summary: A malware-as-a-service MaaS called AsukaStealer, advertised on a Russian-language cybercrime forum by the alias breakcore, has surfaced. Priced at $80 per month, AsukaStealer is written in C++ and features customizable configurations and a user-friendly interface designed for harvesting...
Evasive Panda China-Linked Cyberespionage Targeting Tibetans
Summary: Evasive Panda, a threat actor associated with China, has masterminded an intricate cyberespionage campaign targeting Tibetan users since at least September 2023. This operation employs both watering hole and supply chain attacks to achieve its objectives. Threat Level - Red | Attack Repo...
AllaKore RAT’s Grip Tightens on Mexican Financial Institutions
Summary: A threat actor has been targeting Mexican banks and cryptocurrency trading since at least 2021. Using custom installers, the actor distributes a modified version of the AllaKore RAT, an open-source remote access tool. The campaign cleverly mimics the Mexican Social Security Institute IMS...
Scarred Manticore’s Middle Eastern Gambit
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Scarred Manticore, an actor associated with Irans Ministry of Intelligence and Security MOIS, has been conducting a highly sophisticated cyber espionage campaign with a strong focus on the Middle East...
CISA Known Exploited Vulnerability Catalog September 2023
For a detailed CISAs KEV Catalog, download the pdf file here Summary The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. To be included in the catalog, a vulnerability must meet three criteria: hav...
AtlasCross Exploits Organizations with DangerAds and AtlasAgent Trojans
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new threat actor by the name of AtlasCross has been identified employing phishing tactics that use Red Cross-themed lures as part of their attack strategy. These phishing campaigns are being used to...
STRRAT a Java-Powered Versatile Remote Access Trojan
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary STRRAT, a Java-based RAT, excels in utilizing a wide array of capabilities. Its latest version, STRRAT 1.6, is notable for employing diverse infection paths and conducting startup host queries to...
Kanti Ransomware Strikes Cryptocurrency Users
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Kanti is a novel strain of ransomware that has been specifically designed to target cryptocurrency users. This sophisticated ransomware is cunningly crafted to infiltrate systems and encrypt files,...
Actors, Threats and Vulnerabilities 12 June to 18 June 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of seven attacks executed, taking advantage of twenty different vulnerabilities in...
New LOBSHOT Malware Being Distributed Through Google Ads
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary LOBSHOT is a new malware that is being distributed through Google Ads. It is a remote access trojan that can allow threat actors to take control of an infected Windows devices hidden desktop, execute...
Bitter APT Group Targets Chinese Energy Sector with New phishing Campaign
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary A new cyber espionage campaign targeting the energy sector in China by the South Asian threat group Bitter APT. The campaign involves the use of social engineering tactics through phishing emails that...
Highly Sophisticated SCARLETEEL Cloud Attack That Stole Proprietary Data
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The SCARLETEEL attack was a highly sophisticated cloud operation that involved the theft of proprietary data by exploiting a compromised Kubernetes container,...
Icarus a Versatile Infostealer with Rootkit and hVNC Capabilities
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Icarus Stealer malware is equipped with a Hidden Virtual network computing hVNC feature, which enables the attacker to generate a concealed desktop and traverse the compromised system without any...
Iranian OilRig Group Strikes with AutoHotkey Keylogger and Malicious Macro
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In a recent intrusion, a threat actor utilized AutoHotkey to launch a keylogger. The Iranian OilRig group is suspected to be the culprit behind this attack. The initial compromise was initiated with a...
Infection and Evolution of the GOOTLOADER Malware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary GOOTLOADER malware infects via malicious archive download, executing JavaScript and PowerShell, delivering FONELAUNCH, Cobalt Strike BEACON/SNOWCONE, with the latest variant writing JavaScript to disk an...
QNAP addresses a vulnerability in NAS devices
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary QNAP has released updates to address a security flaw in its network-attached storage NAS devices that allows arbitrary code injection. This vulnerability enables a remote attacker to run any SQL...
SideWinder APT group’s new arsenal named WarHawk
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The SideWinder APT gang operates espionage campaigns against government, military, and business sectors throughout Asia, primarily Pakistan, by employing the WarHawk backdoor to exfiltrate vulnerable syst...
Multiple vulnerabilities affect Mozilla Firefox and Firefox ESR
THREAT LEVEL: Green. For a detailed advisory, download the pdf file here Mozilla has issued two security advisories, which addresses 13 security issues in Firefox and Firefox ESR. Four of the thirteen have been rated as high, and some of these vulnerabilities, if successfully exploited, might all...
Attacks, Vulnerabilities and Actors 4 to 10 March 2024
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of seven attacks were executed, four vulnerabilities were uncovered, and two active adversaries were...
Midnight Blizzard Exploiting Legacy OAuth for Lateral Movement
Summary: Midnight Blizzard exploited a legacy test OAuth application with elevated access due to a common password and lack of multi-factor authentication MFA. The attackers leveraged this access to move laterally within Microsofts network, potentially exfiltrating data and gaining broader contro...
Mirai Botnet’s Offspring InfectedSlurs Exploits Dual Zero-Days
Summary: A new Mirai-based malware botnet, InfectedSlurs, is actively conducting a sophisticated campaign by exploiting two zero-day remote code execution RCE vulnerabilities in routers and video recorder NVR devices. These vulnerabilities, currently being exploited in the wild, facilitate the...
Lazarus Group Orchestrates Supply Chain Attack on CyberLink Corp
Summary: The Lazarus Group Labyrinth Chollima orchestrated a supply chain attack on CyberLink Corp., manipulating a legitimate application installer to impact over 100 devices globally. The attack involves a second-stage payload, labeled LambLoad, communicating with compromised infrastructure and...
Microsoft’s November 2023 Patch Tuesday Addresses Five Zero-day Vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary In the November Patch Tuesday release, Microsoft addressed a total of 63 CVEs, including three zero-day vulnerabilities. Within this range of vulnerabilities, the security update covered the typic...
BunnyLoader: The New Malware-as-a-Service Threat
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary BunnyLoader is a Malware-as-a-Service threat, boasting advanced features like anti-sandbox techniques, keylogging, stealing data, cryptocurrency wallets, and remote command execution, posing risks to...
Fenix Botnet Preys on Mexico and Chile
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Fenix Botnet targets tax-paying individuals in Mexico and Chile, aiming to infiltrate specific networks and pilfer valuable data. To receive real-time threat advisories, please follow HiveForce Labs ...
New DBatLoader Malware Campaign Targets European Countries
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new malware campaign using DBatLoader to target European businesses through phishing emails. The attackers use obfuscation techniques and various file formats to distribute the malware, including Remco...
Revamped Prometei Botnet Version Infects Over 10,000 Systems
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Prometei v3 botnet, an upgraded version of the Prometei botnet malware, has compromised over 10,000 systems mining the Monero cryptocurrency. To receive real-time threat advisories, please follow...
New KamiKakaBot Malware Targeting Government Entities in ASEAN Countries
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The new KamiKakaBot malware has been discovered targeting government entities in ASEAN countries, with the Dark Pink APT group believed to be behind the campaign...
Snip3 Crypter an Advanced RAT Loader Targeting Multiple Industries
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary A multi-stage remote access trojan RAT loader called Snip3 crypter was recently discovered deploying RAT families, including QuasarRAT and DcRAT, to target victims...
TA866 New Financially-Motivated Threat Actor Targeting US and Germany Organizations
Threat Level Actor Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary A new financially motivated threat actor named TA866 has been active since October 2022 and targets organizations in the United States and Germany. The attack chain...
Actors, Threats and Vulnerabilities 6 February to 12 February 2023
For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here Hive Pro identified three active actors over the past week. The first, OilRig, is a well-known threat actor known for its information theft and espionage activities. The secon...
Korean Word Processor Scam Alert Orcus RAT Lurking in Cracked Versions
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Orcus RAT, formerly known as Schnorchel, first appeared in April 2016 and allows for remote control of infected systems. Intruders are attempting to deploy a variant of Orcus RAT along with XMRig...
Linux Malware Using SHC Compiler Installs CoinMiner and DDoS Bots
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new strain of Linux malware, developed using the Shc compiler, has been found to install a CoinMiner on infected systems. It is believed that this malware is being spread through dictionary attacks on...
New Ransomware Variants Created Using Leaked Conti Source Code
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The leaked source code of the Conti ransomware has been used to create new strains of the ransomware. These new strains include Putin Team, ScareCrow, BlueSky, and Meow ransomware are being distributed...
What can you do about the critical vulnerability in OpenSSL 3.0
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary OpenSSL has a critical vulnerability that affects all the versions from 3.0 to 3.0.6. Due to the criticality of the vulnerability, OpenSSL has pre-announced the security update for security teams ...