2000, Information Security and Malware - Cyber Security Informer

New ZLoader malware campaign hit more than 2000 victims across 111 countries

Security Affairs

JANUARY 10, 2022

A malware campaign spreads ZLoader malware by exploiting a Windows vulnerability that was fixed in 2013 but in 2014 Microsoft revised the fix. Experts from Check Point Research uncovered a new ZLoader malware campaign in early November 2021. banking Trojan and was used to spread Zeus-like banking trojan (i.e. Zeus OpenSSL).

Malware

Malware Banking Software Cybercrime

OT attacks increased by over 2000 percent in 2019, IBM reports

Security Affairs

FEBRUARY 11, 2020

According to IBM, OT attacks increased by over 2000 percent in 2019, most of them involved the Echobot IoT malware. According to IBM X-Force, attacks targeting operational technology (OT) infrastructure increased by over 2000 p ercent in 2019 compared to 2018, and most of them involved the Echobot malware.

Advertising

Advertising Malware IoT Technology

Study shows connections between 2000 malware samples used by Russian APT groups

Security Affairs

SEPTEMBER 26, 2019

A joint research from Intezer and Check Point Research shows connections between nearly 2,000 malware samples developed by Russian APT groups. A joint research from Intezer and Check Point Research shed light on Russian hacking ecosystem and reveals connections between nearly 2,000 malware samples developed by Russian APT groups.

Malware

Malware Hacking Advertising Ransomware

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

Security Affairs

FEBRUARY 13, 2025

Seashell Blizzard (aka Sandworm , BlackEnergy and TeleBots ) has been active since 2000, it operates under the control of Unit 74455 of the Russian GRUs Main Center for Special Technologies (GTsST). On September 2022, the Sandworm group was observed impersonating telecommunication providers to target Ukrainian entities with malware.

Telecommunications

Telecommunications DNS Passwords Hacking

US and UK link new Cyclops Blink malware to Russian state hackers?

Security Affairs

FEBRUARY 23, 2022

UK and US cybersecurity agencies linked Cyclops Blink malware to Russia’s Sandworm APT. US and UK cybersecurity and law enforcement agencies published a joint security advisory about a new malware, dubbed Cyclops Blink, that has been linked to the Russian-backed Sandworm APT group. appeared first on Security Affairs.

Malware

Malware Firmware Architecture Firewall

Romanian energy supplier Electrica Group is facing a ransomware attack

Security Affairs

DECEMBER 9, 2024

Electrica Group was established in 1998 as a division of CONEL, Romania’s largest electricity distribution company, and became independent in 2000 after CONEL’s restructuring. The main activities of the Group are the distribution and supply of electricity to final customers. The company serves over 3.8

Ransomware

Ransomware Cyber Attacks Cybercrime Marketing

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Security Affairs

SEPTEMBER 21, 2022

Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. ” reads the report published by Recorded Future.

Malware

Malware Telecommunications DNS Hacking

Cerberus, a new banking Trojan available as malware-as-a-service in the underground

Security Affairs

AUGUST 13, 2019

Security experts analyzed a new interesting Android banking Trojan, dubbed Cerberus, that is offered for rent by its author. A new malware-as-a- service dubbed Cerberus has emerged in the threat landscape, it is an Android RAT developed from scratch that doesn’t borrow the code from other malware.

Banking

Banking Malware Advertising Social Engineering

Security Affairs newsletter Round 251

Security Affairs

FEBRUARY 16, 2020

OT attacks increased by over 2000 percent in 2019, IBM reports. billion malware installs from Third-party stores in 2019. Nedbank client data compromised in security breach at third-party provider. PoS malware infected systems at 71 locations operated by US store chain Rutters. Fix it now! Google Play Protect prevented 1.9

Cyber Attacks

Cyber Attacks Banking Advertising Internet

RansomBoggs Ransomware hit several Ukrainian entities, experts attribute it to Russia

Security Affairs

NOVEMBER 28, 2022

While the malware written in.NET is new, its deployment is similar to previous attacks attributed to #Sandworm. Sandworm (aka BlackEnergy and TeleBots ) has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST).

Ransomware

Ransomware Encryption Telecommunications Malware

Security Affairs newsletter Round 349

Security Affairs

JANUARY 16, 2022

Threat actors stole $18.7M Threat actors stole $18.7M Threat actors stole $18.7M US NCSC and DoS share best practices against surveillance tools Swiss army asks its personnel to use the Threema instant-messaging app Russian submarines threatening undersea cables, UK defence chief warns.

Ransomware

Ransomware Surveillance Malware Hacking

Previously unknown Kapeka backdoor linked to Russian Sandworm APT

Security Affairs

APRIL 18, 2024

The nature of the targets, low detection rate, and sophisticated malware-supported features suggest that an APT group developed it. The malware masqueraded as a Microsoft Word Add-In (.wll) The malware has a multi-threaded implementation, utilizing event objects for thread synchronization and signaling.

Malware

Malware Ransomware Hacking Technology

Security Affairs newsletter Round 457 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 4, 2024

Clorox estimates the costs of the August cyberattack will exceed $49 Million Mastodon fixed a flaw that can allow the takeover of any account Iranian hackers breached Albania’s Institute of Statistics (INSTAT) Operation Synergia led to the arrest of 31 individuals Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison Cloudflare breached (..)

Identity Theft

Identity Theft VPN Malware Ransomware

8220 Gang Cloud Botnet infected 30,000 host globally

Security Affairs

JULY 21, 2022

This month, the experts noticed that the number of infected hosts passed from 2000 to around 30,000. The growth is linked to the increased use of Linux and common cloud application vulnerabilities and poorly secured configurations for services such as Docker, Apache WebLogic, and Redis. PwnRig cryptocurrency miner execution.

Cryptocurrency

Cryptocurrency Malware Internet Internet

EU Digital Services and Digital Markets Acts aim at setting new rules for tech giants

Security Affairs

DECEMBER 16, 2020

Eu authorities pointed out that the rules were never revisioned since 2000, the new laws have been anticipated by commissioners Margrethe Vestager and Thierry Breton. ” “Our rules on digital services in Europe – the most coveted single market in the world – date back to 2000.

Marketing

Marketing Hacking Risk Information Security

A new botnet named M?ris is behind massive DDoS attack that hit Yandex

Security Affairs

SEPTEMBER 9, 2021

The analysis of the sources of the attack revealed that they were devices with open ports 2000 and 5678 (2000 “Bandwidth test server” and port 5678 “Mikrotik Neighbor Discovery Protocol”), a combination that suggests the involvement of Mikrotik systems. ris botnet. million RPS.

DDOS

DDOS Internet Internet Hacking

Retired Malware Samples: Everything Old is New Again

Lenny Zeltser

JULY 27, 2018

Finding real-world malware samples that illustrate practical analysis techniques is tricky. When training professionals how to reverse-engineer malware , I’ve gone through lots of malicious programs for the purpose of educational examples. A Backdoor with a Backdoor. A good joke never gets old? Clipboard Manipulation.

Malware

Malware Engineering Education Advertising

GUEST ESSAY: Supply chain vulnerabilities play out in latest Pentagon personnel records breach

The Last Watchdog

OCTOBER 15, 2018

In that caper, criminals got away with Social Security numbers, passwords, and in some cases, fingerprints. The OPM breach put most federal workers since the year 2000 are at risk. Then in August 2017, the FBI arrested a Chinese national suspected of helping to create the malware used in the OPM breach. Cross-referencing.

Risk

Risk Government Cyber Attacks Passwords

SolarWinds hackers also breached the US NNSA nuclear agency

Security Affairs

DECEMBER 20, 2020

At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission essential national security functions of the Department, including the National Nuclear Security Administration (NNSA). . Department of Energy that was established by Congress in 2000.

Hacking

Hacking Software Malware Risk

Security Affairs newsletter Round 433 by Pierluigi Paganini – International edition

Security Affairs

AUGUST 20, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cybercrime

Cybercrime Hacking Malware Phishing

Sandworm APT targets Ukraine with new SwiftSlicer wiper

Security Affairs

JANUARY 28, 2023

1/3 pic.twitter.com/pMij9lpU5J — ESET Research (@ESETresearch) January 27, 2023 The Sandworm group has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST). The #SwiftSlicer wiper is written in Go programing language.

Telecommunications

Telecommunications Malware Hacking Ransomware

Sectigo says that most of certificates reported by Chronicle analysis were already revoked

Security Affairs

MAY 26, 2019

According to Sectigo, most of the certificates used to sign the malware submitted to VirusTotal and issued by the company were expired and were already revoked. According to Sectigo, most of the certificates used to sign the malware submitted to VirusTotal and issued by the company were expired and were already revoked.

Malware

Malware Advertising Cybersecurity Information Security

Chinese actors behind attacks on industrial enterprises and public institutions

Security Affairs

AUGUST 9, 2022

The CVE-2017-11882 flaw is a memory-corruption issue that affects all versions of Microsoft Office released between 2000 and 2017. Other malware employed in the attacks linked to TA428 are nccTrojan, Logtu, Cotx, and DNSep, and previously undetected malware named CotSam.

Encryption

Encryption Antivirus Malware Hacking

Muddling Meerkat, a mysterious DNS Operation involving China’s Great Firewall

Security Affairs

MAY 1, 2024

Attackers used “super-aged” domains, usually registered before the year 2000, to avoid DNS blocklists and blending in with old malware at the same time The attackers manipulate MX (Mail Exchange) records by injecting fake responses through China’s Great Firewall.

DNS

DNS Firewall DDOS Hacking

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

The Sandworm group (aka BlackEnergy , UAC-0082 , Iron Viking , Voodoo Bear , and TeleBots ) has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST). The malware maintains persistence through Cron jobs.

Telecommunications

Telecommunications Authentication Data collection Passwords

Russia-linked Sandworm continues to conduct attacks against Ukraine

Security Affairs

MAY 21, 2022

Security experts from ESET reported that the Russia-linked cyberespionage group Sandworm continues to launch cyber attacks against entities in Ukraine. Sandworm (aka BlackEnergy and TeleBots ) has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST).

Malware

Malware Government Cyber Attacks Hacking

US dismantled the Russia-linked Cyclops Blink botnet

Security Affairs

APRIL 6, 2022

“The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used for command and control (C2) of the underlying botnet.” Cyclops Blink is sophisticated malware with a modular structure. The malware leverages the firmware update process to achieve persistence.

Malware

Malware Government Firmware Firewall

Russia-linked Cyclops Blink botnet targeting ASUS routers

Security Affairs

MARCH 18, 2022

The Cyclops Blink malware has been active since at least June 2019, it targets WatchGuard Firebox and other Small Office/Home Office (SOHO) network devices. Sandworm (aka BlackEnergy and TeleBots) has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST).

IoT

IoT Firewall Malware Internet

Sandworm APT group hit Ukrainian news agency with five data wipers

Security Affairs

JANUARY 30, 2023

The Sandworm group has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST). On September 2022, the Sandworm group was observed impersonating telecommunication providers to target Ukrainian entities with malware.

Telecommunications

Telecommunications Malware Hacking Ransomware

Security Affairs newsletter Round 233

Security Affairs

SEPTEMBER 29, 2019

North Korea-linked malware ATMDtrack infected ATMs in India. Study shows connections between 2000 malware samples used by Russian APT groups. Malware-based attacks disrupted operations of Rheinmetall AG and Defence Construction Canada. Nodersok malware delivery campaign relies on advanced techniques.

Data breaches

Data breaches Advertising Malware Ransomware

CISA adds WatchGuard flaw to its Known Exploited Vulnerabilities Catalog

Security Affairs

APRIL 12, 2022

Sandworm (aka BlackEnergy and TeleBots) has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST). Cyclops Blink is sophisticated malware with a modular structure. The malware leverages the firmware update process to achieve persistence.

Malware

Malware Firmware Cybersecurity Hacking

France agency ANSSI links Russia’s Sandworm APT to attacks on hosting providers

Security Affairs

FEBRUARY 15, 2021

Sandworm (aka BlackEnergy and TeleBots) has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST). This backdoor is version 3.1.4.

VPN

VPN Software Internet Internet

DHS also issued an alert for the Windows BlueKeep flaw

Security Affairs

JUNE 18, 2019

Experts at the CISA Agency successfully exploited the BlueKeep flaw on a machine running Windows 2000. The agency urges Microsoft users and administrators to install security patches, disable unnecessary services, enable Network Level Authentication (NLA) if available, and block TCP port 3389.

Authentication

Authentication Advertising Malware Firewall

Britain’s information commissioner fines British Airways for 2018 Hack

Security Affairs

OCTOBER 16, 2020

“The ICO has specific responsibilities set out in the Data Protection Act 2018, the General Data Protection Regulation (GDPR), the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003. ” concludes the ICO.

Hacking

Hacking Data breaches Advertising Information Security

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

FROZENLAKE, aka Sandworm , has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST). On September 2022, the Sandworm group was observed impersonating telecommunication providers to target Ukrainian entities with malware. and similar services.

Phishing

Phishing Education Accountability Malware

Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine

Security Affairs

NOVEMBER 11, 2022

Sandworm (aka BlackEnergy and TeleBots ) has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST). In April, Sandworm targeted energy facilities in Ukraine with a new strain of the Industroyer ICS malware (INDUSTROYER2) and a new version of the CaddyWiper wiper.

Ransomware

Ransomware Telecommunications DNS Hacking

Russian Sandworm disrupts power in Ukraine with a new OT attack

Security Affairs

NOVEMBER 9, 2023

The Sandworm group (aka BlackEnergy , UAC-0082 , Iron Viking , Voodoo Bear , and TeleBots ) has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST).

Telecommunications

Telecommunications Hacking Technology Internet

Developer successfully compiled leaked source code for MS Windows XP and Windows Server 2003 OSs

Security Affairs

SEPTEMBER 30, 2020

The collection of torrent files leaked online is 43GB in size and include the source code for Windows Server 2003 and other older operating systems developed by Microsoft, including: Windows 2000 Windows CE 3 Windows CE 4 Windows CE 5 Windows Embedded 7 Windows Embedded CE Windows NT 3.5 Windows NT 4 MS-DOS 3.30 MS-DOS 6.0.

Advertising

Advertising Hacking Accountability Information Security

Russia-linked Sandworm APT uses WinRAR in destructive attacks on Ukraine’s public sector

Security Affairs

MAY 4, 2023

The Sandworm group (aka BlackEnergy , UAC-0082 , Iron Viking , Voodoo Bear , and TeleBots ) has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST).

VPN

VPN Education Accountability Cyber Attacks

Risky Business: Enterprises Can’t Shake Log4j flaw

Security Affairs

AUGUST 10, 2022

In December 2021 security teams scrambled to find Log4j-vulnerable assets and patch them. Eight months later many Global 2000 firms are still fighting to mitigate the digital assets and business risks associated with Log4j. INTRODUCTION. each month (PDF).

Risk

Risk Media Cybersecurity Software

The Defender’s Guide to the Windows Registry

Security Boulevard

OCTOBER 31, 2022

While a lot of this information may be redundant to a more seasoned information security personnel, even the best of us rely on Google and blog posts to get information. These posts are designed to be a one-stop shop, bringing a lot of that information together. Registry Tree: 512 key levels. Telemetry Notes.

Technology

Technology Information Security Backups Malware

Leaked documents from Russian firm NTC Vulkan show Sandworm cyberwarfare arsenal

Security Affairs

APRIL 2, 2023

The Sandworm group (aka BlackEnergy , UAC-0082 , Iron Viking , Voodoo Bear , and TeleBots ) has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST). The documents demonstrate that it also developed hacking tools for the Russia-linked APT group Sandworm.

Energy and Utilities

Energy and Utilities Media Hacking Technology

Best SIEM Tools & Software for 2022

eSecurity Planet

AUGUST 15, 2022

Company Product Est HQ Fortinet FortiSIEM 2000 Sunnyvale, CA LogPoint LogPoint SIEM 2001 Copenhagen, Denmark Micro Focus ArcSight Enterprise Security Manager 1976 London, UK Rapid7 Rapid7 SIEM 2000 Boston, MA Trellix SecOps and Analytics 2022 Milpitas, CA. Fortinet FortiSIEM. Elastic Features. RSA NetWitness Features.

Software

Software Small Business Marketing Firewall

7 Cyber Security Courses Online For Everybody

Spinone

NOVEMBER 21, 2019

Cyber Security School VIP membership from StationX StationX is a platform that offers multiple cybersecurity-related courses for different levels and goals. You can buy one course (which can cost from $90 to $2000) or purchase a subscription for a discounted price of $149/year. The certificates and support are included in this price.

Social Engineering

Social Engineering Accountability Phishing Cybersecurity

New ZLoader malware campaign hit more than 2000 victims across 111 countries

OT attacks increased by over 2000 percent in 2019, IBM reports

Trending Sources

Study shows connections between 2000 malware samples used by Russian APT groups

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

US and UK link new Cyclops Blink malware to Russian state hackers?

Romanian energy supplier Electrica Group is facing a ransomware attack

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Cerberus, a new banking Trojan available as malware-as-a-service in the underground

Security Affairs newsletter Round 251

RansomBoggs Ransomware hit several Ukrainian entities, experts attribute it to Russia

Security Affairs newsletter Round 349

Previously unknown Kapeka backdoor linked to Russian Sandworm APT

Security Affairs newsletter Round 457 by Pierluigi Paganini – INTERNATIONAL EDITION

8220 Gang Cloud Botnet infected 30,000 host globally

EU Digital Services and Digital Markets Acts aim at setting new rules for tech giants

A new botnet named M?ris is behind massive DDoS attack that hit Yandex

Retired Malware Samples: Everything Old is New Again

GUEST ESSAY: Supply chain vulnerabilities play out in latest Pentagon personnel records breach

SolarWinds hackers also breached the US NNSA nuclear agency

Security Affairs newsletter Round 433 by Pierluigi Paganini – International edition

Sandworm APT targets Ukraine with new SwiftSlicer wiper

Sectigo says that most of certificates reported by Chronicle analysis were already revoked

Chinese actors behind attacks on industrial enterprises and public institutions

Muddling Meerkat, a mysterious DNS Operation involving China’s Great Firewall

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Russia-linked Sandworm continues to conduct attacks against Ukraine

US dismantled the Russia-linked Cyclops Blink botnet

Russia-linked Cyclops Blink botnet targeting ASUS routers

Sandworm APT group hit Ukrainian news agency with five data wipers

Security Affairs newsletter Round 233

CISA adds WatchGuard flaw to its Known Exploited Vulnerabilities Catalog

France agency ANSSI links Russia’s Sandworm APT to attacks on hosting providers

DHS also issued an alert for the Windows BlueKeep flaw

Britain’s information commissioner fines British Airways for 2018 Hack

Google TAG warns of Russia-linked APT groups targeting Ukraine

Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine

Russian Sandworm disrupts power in Ukraine with a new OT attack

Developer successfully compiled leaked source code for MS Windows XP and Windows Server 2003 OSs

Russia-linked Sandworm APT uses WinRAR in destructive attacks on Ukraine’s public sector

Risky Business: Enterprises Can’t Shake Log4j flaw

The Defender’s Guide to the Windows Registry

Leaked documents from Russian firm NTC Vulkan show Sandworm cyberwarfare arsenal

Best SIEM Tools & Software for 2022

7 Cyber Security Courses Online For Everybody

Stay Connected