2013, Hacking and Malware - Cyber Security Informer

CERT-UA warns of malware campaign conducted by threat actor UAC-0006

Security Affairs

MAY 26, 2024

UAC-0006 has been active since at least 2013. The government experts reported that the group carried out at least two massive campaigns since May 20, threat actors aimed at distributing SmokeLoader malware via email. ” read the advisory published by CERT-UA. . ” read the advisory published by CERT-UA.

Malware

Malware Banking Accountability Phishing

This Service Helps Malware Authors Fix Flaws in their Code

Krebs on Security

MAY 18, 2020

Almost daily now there is news about flaws in commercial software that lead to computers getting hacked and seeded with malware. Here’s a look at one long-lived malware vulnerability testing service that is used and run by some of the Dark Web’s top cybercriminals. is cybercrime forum.

Malware

Malware Cybercrime Ransomware Marketing

New ZLoader malware campaign hit more than 2000 victims across 111 countries

Security Affairs

JANUARY 10, 2022

A malware campaign spreads ZLoader malware by exploiting a Windows vulnerability that was fixed in 2013 but in 2014 Microsoft revised the fix. Experts from Check Point Research uncovered a new ZLoader malware campaign in early November 2021. SecurityAffairs – hacking, Zloader). Zeus OpenSSL). Pierluigi Paganini.

Malware

Malware Banking Software Cybercrime

Webinars

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

MORE WEBINARS

A Member of the FIN7 Hacking Gang Was Sentenced to Five Years in Jail

Heimadal Security

APRIL 8, 2022

A financial-motivated threat organization that has been active since 2013, FIN7 has targeted the retail, restaurant, and hospitality industries in the United States, often deploying point-of-sale malware to achieve its objectives. Combi Security, a front firm for FIN7, was used to administer a component of the organization.

Hacking

Hacking Retail Malware Cybersecurity

New Russia Malware targets firewall appliances

CyberSecurity Insiders

FEBRUARY 23, 2022

A new malware developed by Sandworm hacking group has targeted appliances that are fire walled and reports are in that the military intelligence of the Russian Federation developed the malicious software. Now some statistic facts about malware. billion malware attacks.

Firewall

Firewall Malware IoT Software

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. The proxy lookup page inside the malware-based anonymity service Faceless. In 2013, U.S. Image: spur.us. as a media sharing device on a local network that was somehow exposed to the Internet.

Malware

Malware Passwords Accountability Advertising

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The epidemic went truly mainstream with the release of CryptoLocker back in 2013, and it has since transformed into a major dark web economy spawning the likes of Sodinokibi, Ryuk, and Maze lineages that are targeting the enterprise on a huge scale in 2020. FBI spoofs 2012 – 2013. File encryption 2013 – 2015.

Ransomware

Ransomware Hacking Encryption Penetration Testing

6 cyber-espionage campaigns since 2013 attributed to PKPLUG China-linked group

Security Affairs

OCTOBER 3, 2019

“For three years, Unit 42 has tracked a set of cyber espionage attack campaigns across Asia, which used a mix of publicly available and custom malware. The China-linked APT group has been active for at least six years, it used both custom-made and publicly available malware. Hackers targeted primarily the Uyghurs minority.

Malware

Malware Advertising Cybersecurity Hacking

Ke3chang hacking group adds new Ketrum malware to its arsenal

Security Affairs

MAY 28, 2020

The Ke3chang hacking group added a new malware dubbed Ketrum to its arsenal, it borrows portions of code and features from older backdoors. ” Back in 2013, the security researchers at FireEye spotted a group of China-Linked hackers that conducted an espionage campaign on foreign affairs ministries in Europe.

Hacking

Hacking Malware Advertising Government

Pakistani man sentenced to 12 years of prison for his role in AT&T hacking scheme

Security Affairs

SEPTEMBER 19, 2021

A Pakistani national has been sentenced to 12 years of prison in the US for his role in a hacking scheme against the telecom giant AT&T. “Later in the conspiracy, Fahd had the bribed employees install custom malware and hacking tools that allowed him to unlock phones remotely from Pakistan. ” Pierluigi Paganini.

Hacking

Hacking Malware Cybercrime Information Security

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

last week said they dismantled the “ RSOCKS ” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. Authorities in the United States, Germany, the Netherlands and the U.K.

Advertising

Advertising Cybercrime System Administration Hacking

PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs

Security Affairs

DECEMBER 13, 2020

Palo Alto Networks Unit42 researchers believe that PGMiner can potentially be disruptive due to the popularity of the PostgreSQL, they warn that with additional effort, the malware could target all major operating systems. SecurityAffairs – hacking, PGminer). ” reads the analysis published by Palo Alto Networks Unit42.

Hacking

Hacking Cryptocurrency Authentication Passwords

North Korea-Linked APT Group Kimsuky spotted using new malware

Security Affairs

NOVEMBER 2, 2020

North Korea-linked APT group Kimsuky was recently spotted using a new piece of malware in attacks on government agencies and human rights activists. The new malware appears to have been developed recently, but threat actors might have used Backdating, or timestomping to thwart analysis attempts (anti-forensics).

Malware

Malware Spyware Advertising Government

North Korea-linked malware ATMDtrack infected ATMs in India

Security Affairs

SEPTEMBER 23, 2019

Kaspersky experts spotted a new piece of ATM malware, dubbed ATMDtrack, that was developed and used by North Korea-linked hackers. Kaspersky researchers discovered a new piece of ATM malware, tracked as ATMDtrack, that was developed and used by North Korea-linked hackers. SecurityAffairs – APT, hacking). Pierluigi Paganini.

Malware

Malware Banking Advertising Encryption

North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software

Security Affairs

NOVEMBER 23, 2023

The attackers used a malware-laced version of a legitimate CyberLink application installer that was signed using a valid certificate issued to CyberLink Corp. Microsoft has yet to identify “hands-on-keyboard activity” carried out by the attackers after the compromise via this malware.

Software

Software Malware Media Internet

North Korea-linked Kimsuky used a new Linux backdoor in recent attacks

Security Affairs

MAY 19, 2024

The malware is a version of the GoBear backdoor which was delivered in a recent campaign by Kimsuky via Trojanized software installation packages. Kimsuky cyberespionage group (aka Springtail, ARCHIPELAGO, Black Banshee, Thallium , Velvet Chollima, APT43 ) was first spotted by Kaspersky researcher in 2013.

Software

Software Malware Government Banking

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

From January 2005 to April 2013, there were two primary administrators of the cybercrime forum Spamdot (a.k.a In December 2023, KrebsOnSecurity published new details about the identity of “Rescator,” a Russian cybercriminal who is thought to be closely connected to the 2013 data breach at Target.

Cybercrime

Cybercrime Banking Computers and Electronics DDOS

Microsoft: Two New 0-Day Flaws in Exchange Server

Krebs on Security

OCTOBER 1, 2022

In customer guidance released Thursday, Microsoft said it is investigating two reported zero-day flaws affecting Microsoft Exchange Server 2013, 2016, and 2019. ” These web-based backdoors offer attackers an easy-to-use, password-protected hacking tool that can be accessed over the Internet from any browser.

Hacking

Hacking Passwords Internet Internet

The Belgacom hack was the work of the UK GCHQ intelligence agency

Security Affairs

OCTOBER 28, 2018

Belgian newspaper reported that investigators had found proof that the Belgacom hack was the work of the UK GCHQ intelligence agency. Back to September 2013, Belgacom (now Proximus), the largest telecommunications company in Belgium and primarily state-owned, announced its IT infrastructure had suffered a malware-based attack.

Hacking

Hacking Spyware Telecommunications Malware

PoC Released for Critical CVE-2020-1147 flaw, SharePoint servers exposed to hack

Security Affairs

JULY 23, 2020

depending on the Windows version), SharePoint Enterprise Server 2013 Service Pack 1, SharePoint Enterprise Server 2016 , SharePoint Server 2010 Service Pack 2, SharePoint Server 2019, Visual Studio 2017 version 15.9, SecurityAffairs – hacking, CVE-2020-1147). The CVE-2020-1147 vulnerability impacts.NET Core 2.1,NET NET Framework 2.0

Hacking

Hacking Advertising Software Information Security

Ticketmaster will pay $10 Million fine over hacking a competitor

Security Affairs

JANUARY 2, 2021

Ticketmaster agreed to pay a $10 million fine for hacking into the computer system of the startup rival CrowdSurge. The intrusions into the competitor’s systems took place repeatedly between 2013 and 2015. The intrusions into the competitor’s systems took place repeatedly between 2013 and 2015. Pierluigi Paganini.

Hacking

Hacking Passwords Accountability Cybercrime

Gamaredon group uses a new Outlook tool to spread malware

Security Affairs

JUNE 12, 2020

The group was first discovered by Symantec and TrendMicro in 2015 but evidence of its activities has been dated back to 2013. “We have seen this module implemented in two different languages: C# and VBScript” The arsenal of the group includes also multiple malware, most of them downloaders and backdoors. Pierluigi Paganini.

Malware

Malware Phishing Advertising Government

2013 Target Breach Exposes Much More Than Data

SiteLock

AUGUST 27, 2021

Want to infect computers with data-stealing malware? Looking to hack into someone else’s website or steal their data? A date of birth costs just $11. That will cost you around $20 for 1,000 computers and $250 to infect 15,000 computers. Need someone to develop a Trojan to plant on those infected computers?

Data breaches

Data breaches Banking Identity Theft Accountability

French Firms Rocked by Kasbah Hacker?

Krebs on Security

MARCH 2, 2020

A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned. ‘FATAL’ ERROR.

DNS

DNS Penetration Testing Malware Hacking

Breach Exposes Users of Microleaves Proxy Service

Krebs on Security

JULY 28, 2022

Launched in 2013, Microleaves is a service that allows customers to route their Internet traffic through PCs in virtually any country or city around the globe. The very first discussion thread started by the new user Microleaves on the forum BlackHatWorld in 2013 sought forum members who could help test and grow the proxy network.

Advertising

Advertising Software Computers and Electronics Internet

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Security Affairs

FEBRUARY 13, 2020

Microsoft is recommending administrators to disable the SMBv1 network communication protocol on Exchange servers to prevent malware attacks. Microsoft is urging administrators to disable the SMBv1 protocol on Exchange servers as a countermeasure against malware threats like TrickBot and Emotet. ” continues Microsoft.

Authentication

Authentication Malware Advertising Hacking

CERT-UA warns of an ongoing SmokeLoader campaign

Security Affairs

MAY 8, 2023

Ukraine’s CERT-UA warns of an ongoing phishing campaign aimed at distributing the SmokeLoader malware in the form of a polyglot file. CERT-UA warns of an ongoing phishing campaign that is distributing the SmokeLoader malware in the form of a polyglot file. ” reads the alert published by Ukraine’s CERT.

Malware

Malware Phishing VPN Accountability

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, data breach) The post Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack appeared first on Security Affairs.

Education

Education Data breaches Ransomware Hacking

Ten years old NSA backed Linux Backdoor Vulnerability detected now

CyberSecurity Insiders

MARCH 2, 2022

Dubbed as Bvp47 and linked to Equation Group-an NSA funded threat actor was first detected by anti-virus firm Virus Total in 2013. In the year 2013, Edward Snowden, a former employee of NSA, revealed some startling facts about the activities taking place inside the agency in the name of National Integrity.

Education

Education Malware Engineering Internet

Attor malware was developed by one of the most sophisticated espionage groups

Security Affairs

OCTOBER 10, 2019

New espionage malware found targeting Russian-speaking users in Eastern Europe. ESET found an advanced malware piece of malware named Attor, targeting diplomats and high-profile Russian-speaking users in Eastern Europe. Threat actors have been using Attor since 2013, the malicious code remained under the radar until last year.

Malware

Malware Encryption Advertising Mobile

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Beta, D6220, D6400, D7000 CVE-2018-10561, CVE-2018-10562 GPON home routers CVE-2013-3307 Linksys X3000 1.0.03 d26m CVE-2013-5223 D-Link DSL-2760U Gateway CVE-2020-8958 Guangzhou 1GE ONU V2801RW 1.9.1-181203 “To deliver its exploit, the malware first queries the target with a simple “GET” request. A2pvI042j1.d26m

IoT

IoT Firmware Malware Wireless

The Mysterious Return of Years-Old APT1 Malware

WIRED Threat Level

OCTOBER 17, 2018

Security researchers have discovered a new instance code associated with APT1, a notorious Chinese hacking group that disappeared in 2013.

Malware

Malware Hacking

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Security Affairs

APRIL 23, 2020

A security expert uncovered an old APT operation, tracked Nazar, by analyzing the NSA hacking tools included in the dump leaked by Shadow Brokers in 2017. Guerrero-Saade discovered that the SIG37 campaign references hacking activities dated back as far as 2008 that was carried out by an unknown threat actor, the expert tracked it as Nazar.

Hacking

Hacking Advertising Malware Engineering

Experts spotted two Android spyware used by Indian APT Confucius

Security Affairs

FEBRUARY 11, 2021

Confucius is a pro-India APT group that has been active since 2013, it mainly focused on Pakistani and other South Asian targets. Since 2018, the hackers started targeting mobile users with an Android surveillance malware ChatSpy. The malware can download content from FTP shares and run arbitrary commands as root.

Spyware

Spyware Surveillance Malware Mobile

3 of the Worst Data Breaches in the World That Could Have Been Prevented

Security Affairs

DECEMBER 1, 2022

In 2013, Yahoo suffered one of the worst data breaches in history, exposing over 3 billion user accounts. While no plaintext passwords or financial data was stolen, the hack did expose answers to security questions. Weak passwords are the easiest way hackers can hack into a system. SecurityAffairs – hacking, data breaches).

Data breaches

Data breaches Passwords Social Engineering Encryption

A member of the FIN7 group was sentenced to 10 years in prison

Security Affairs

APRIL 18, 2021

The Carbanak gang (aka FIN7 , Anunak or Cobalt ) stole over a billion euros from banks across the world, the name “Carbanak” comes with the name of the malware they used to compromise computers at banks, other financial institutions, restaurants, and other industries. SecurityAffairs – hacking, FIN7). Pierluigi Paganini.

System Administration

System Administration Penetration Testing Malware Banking

Researchers shared technical details of NSA Equation Group’s Bvp47 backdoor

Security Affairs

FEBRUARY 23, 2022

The Bvp47 backdoor was first discovered in 2013 while conducting a forensic investigation into a security breach suffered by a Chinese government organization. In 2016 and 2017, the hacking group The Shadow Brokers l eaked a bunch of data allegedly stolen from the Equation Group, including many hacking tools and exploits.

Encryption

Encryption Hacking Government Engineering

Y2k22 bug in Microsoft Exchange causes failure in email delivery

Security Affairs

JANUARY 1, 2022

Microsoft Exchange on-premise servers cannot deliver emails starting on January 1st, 2022, due to a bug in the FIP-FS anti-malware scanning engine dubbed Y2k22 bug. FIP-FS is the anti-malware scanning engine used by Microsoft to protect its users, it was used starting with Exchange Server 2013. SecurityAffairs – hacking, Y2k22).

Engineering

Engineering Malware Hacking Information Security

US DoJ indicts four members of China-linked APT40 cyberespionage group

Security Affairs

JULY 19, 2021

US DoJ indicted four members of the China-linked cyberespionage group known as APT40 for hacking various entities between 2011 and 2018. The APT40 group has been active since at least 2013 and appears to be focused on supporting naval modernization efforts of the Government of Beijing. Ltd. (????) and Zhu Yunmin (???),

Hacking

Hacking Technology Government Malware

Sextortion campaign uses Goontact spyware to target Android and iOS users

Security Affairs

DECEMBER 16, 2020

Security experts spotted a new malware strain, named Goontact, that allows its operators to spy on both Android and iOS users. The malware allows operators to retrieve phone identifiers and steal contacts, SMS messages, photos, and even location data. SecurityAffairs – hacking, Goontact). ” conclude the experts. .

Spyware

Spyware Mobile Surveillance Malware

North Korea-linked TA406 cyberespionage group activity in 2021

Security Affairs

NOVEMBER 19, 2021

The TA406 cyber espionage group was first spotted by Kaspersky researchers in 2013. TA406 doesn’t usually employ malware in its campaigns, however, researchers tracked two campaigns that were attempting to distribute information-stealer malware. SecurityAffairs – hacking, North Korea). Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Malware Government Education

Russia-linked Gamaredon APT continues to target Ukraine

Security Affairs

AUGUST 16, 2022

Russia-linked Gamaredon APT group targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad. Russia-linked Gamaredon APT group (aka Shuckworm , Actinium , Armageddon , Primitive Bear , and Trident Ursa) targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad, Symantec warns.

Malware

Malware Phishing Hacking Government

CIRWA Project tracks ransomware attacks on critical infrastructure

Security Affairs

SEPTEMBER 14, 2020

The project was launched in September 2019 and as of August 2020, the experts collected 680 records of ransomware attacks that took place since November 2013. now has 687 records assembled from publicly disclosed incidents between November 2013 and August 2020.” SecurityAffairs – hacking, ransomware). Pierluigi Paganini.

Ransomware

Ransomware Advertising Data collection Healthcare

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

Security Affairs

APRIL 5, 2022

ua,” the campaign aims at infecting the target systems with malware. The Gamaredon group was first discovered by Symantec and TrendMicro in 2015, but evidence of its activities has been dated back to 2013. SecurityAffairs – hacking, Armageddon). The phishing messages have been sent from “vadim_melnik88@i[.]ua,”

Phishing

Phishing Government Hacking Malware

CERT-UA warns of malware campaign conducted by threat actor UAC-0006

This Service Helps Malware Authors Fix Flaws in their Code

Webinars

Trending Sources

New ZLoader malware campaign hit more than 2000 victims across 111 countries

Webinars

A Member of the FIN7 Hacking Gang Was Sentenced to Five Years in Jail

New Russia Malware targets firewall appliances

Giving a Face to the Malware Proxy Service ‘Faceless’

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

6 cyber-espionage campaigns since 2013 attributed to PKPLUG China-linked group

Ke3chang hacking group adds new Ketrum malware to its arsenal

Pakistani man sentenced to 12 years of prison for his role in AT&T hacking scheme

Meet the Administrators of the RSOCKS Proxy Botnet

PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs

North Korea-Linked APT Group Kimsuky spotted using new malware

North Korea-linked malware ATMDtrack infected ATMs in India

North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software

North Korea-linked Kimsuky used a new Linux backdoor in recent attacks

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Microsoft: Two New 0-Day Flaws in Exchange Server

The Belgacom hack was the work of the UK GCHQ intelligence agency

PoC Released for Critical CVE-2020-1147 flaw, SharePoint servers exposed to hack

Ticketmaster will pay $10 Million fine over hacking a competitor

Gamaredon group uses a new Outlook tool to spread malware

2013 Target Breach Exposes Much More Than Data

French Firms Rocked by Kasbah Hacker?

Breach Exposes Users of Microleaves Proxy Service

Microsoft recommends Exchange admins to disable the SMBv1 protocol

CERT-UA warns of an ongoing SmokeLoader campaign

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Ten years old NSA backed Linux Backdoor Vulnerability detected now

Attor malware was developed by one of the most sophisticated espionage groups

BotenaGo botnet targets millions of IoT devices using 33 exploits

The Mysterious Return of Years-Old APT1 Malware

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Experts spotted two Android spyware used by Indian APT Confucius

3 of the Worst Data Breaches in the World That Could Have Been Prevented

A member of the FIN7 group was sentenced to 10 years in prison

Researchers shared technical details of NSA Equation Group’s Bvp47 backdoor

Y2k22 bug in Microsoft Exchange causes failure in email delivery

US DoJ indicts four members of China-linked APT40 cyberespionage group

Sextortion campaign uses Goontact spyware to target Android and iOS users

North Korea-linked TA406 cyberespionage group activity in 2021

Russia-linked Gamaredon APT continues to target Ukraine

CIRWA Project tracks ransomware attacks on critical infrastructure

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

Stay Connected