2007, Encryption and Information Security

Evil Corp rebrands their ransomware, this time is the Macaw Locker

Security Affairs

OCTOBER 21, 2021

The Macaw Locker ransomware encrypts victims’ files and append the .macaw macaw extension to the file name of the encrypted files. The Evil Corp cybercrime group (aka the Dridex gang Indrik Spider , the Dridex gang, and TA505 ) has been active in cybercrime activities since 2007.

Ransomware

Ransomware Cybercrime Banking Encryption

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Security Affairs

DECEMBER 6, 2020

The helicopter maker Kopter was hit by LockBit ransomware, the attackers compromised its internal network and encrypted the company’s files. Kopter Group is Switzerland-based company that was founded in 2007 that was acquired by Leonardo in April 2020.

Ransomware

Ransomware VPN Encryption Authentication

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

Winnti (aka APT41 , Axiom, Barium , Blackfly) is a cyberespionage group that has been active since at least 2007. Spyder Loader loads AES-encrypted blobs to create the wlbsctrl.dll which acts as a next-stage loader that executes the content.

Malware

Malware Encryption Manufacturing Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

French court indicted Nexa Technologies for complicity in acts of torture

Security Affairs

NOVEMBER 28, 2021

“In short, Cerebro can suck up any data that is not encrypted. The software also allow dragnet surveillance, according to the brochures presented at Milipol it is an updated copy of Eagle, the program ceded to Gaddafi in 2007. . Code name of the operation: “Toblerone”. A weapon of choice for authoritarian governments.”

Technology

Technology Surveillance Software Government

Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp?

Security Affairs

FEBRUARY 23, 2022

In a first stage it allocates the memory space where to copy the encrypted data and whose content is executed by the packer. Then, in the second stage the packer decrypts the code into another portion of the same memory allocation where it stored the encrypted data, and then transfers the execution to this second layer.

Ransomware

Ransomware Malware Cybercrime Banking

Boyne Resorts ski and golf resort operator hit with WastedLocker ransomware

Security Affairs

OCTOBER 24, 2020

The ransomware encrypted files and renamed their filenames by adding the “ easy2lock” extension, this extension was previously associated with recent WastedLocker ransomware infections. This group has been active since at least 2007, in December 2019, the U.S.

Ransomware

Ransomware Telecommunications Banking Advertising

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Security Affairs

FEBRUARY 25, 2021

Attackers employed a custom tunneling tool to achieve this, it forwards client traffic to the server, the malware encrypts the traffic using trivial binary encryption. .” ThreatNeedle attempt to exfiltrate sensitive data from the infected networks through SSH tunnels to a remote server located in South Korea.

Malware

Malware Cryptocurrency Password Management Encryption

Russia-linked Turla APT hacked European government organization

Security Affairs

OCTOBER 29, 2020

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations.

Government

Government Hacking Advertising Encryption

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Security Affairs

MAY 9, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. The Mac version uses the same AES key and IV as the Linux variant to encrypt and decrypt the config file.

Malware

Malware Advertising Encryption Hacking

Dacls RAT, the first Lazarus malware that targets Linux devices

Security Affairs

DECEMBER 17, 2019

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. Dacls Bot include command execution, file management, process management, test network access, C2 connection agent, and network scanning.

Malware

Malware Advertising Encryption Hacking

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. SNMP v2 doesn’t support encryption and so all data, including community strings, is sent unencrypted.” through 12.4

Malware

Malware Firmware Government Education

Microsoft: North Korea-linked Zinc APT targets security experts

Security Affairs

JANUARY 29, 2021

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. Attackers also employed an encrypted Chrome password-stealer hosted on ZINC domain [link]. .

Malware

Malware Antivirus Hacking Accountability

Winnti uses a new PipeMon backdoor in attacks aimed at the gaming industry

Security Affairs

MAY 22, 2020

The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. Experts noticed that modules are stored encrypted on disk at the same location with inoffensive-looking names.

Malware

Malware Hacking Advertising Architecture

North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection

Security Affairs

APRIL 20, 2021

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Phishing

Phishing Hacking Cryptocurrency Encryption

New Turla ComRAT backdoor uses Gmail for Command and Control

Security Affairs

MAY 26, 2020

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations.

Advertising

Advertising Malware Encryption Authentication

Turla APT group adds Topinambour Trojan to its arsenal

Security Affairs

JULY 17, 2019

Security experts at Kaspersky revealed that the Russia-linked APT group Turla used new variants of the KopiLuwak Trojan in targeted attacks since early 2019. The list of previously known victims is long and includes also the Swiss defense firm RUAG , US Department of State, and the US Central Command. . ” concludes Kaspersky.

Advertising

Advertising Encryption Malware Government

Identity-based Cryptography

Thales Cloud Protection & Licensing

SEPTEMBER 26, 2019

out of 5 stars on Chrome web store, 9 out of 10 pairs of participants failed to complete the assigned task of exchanging encrypted emails, i.e. 90% failure rate. The most common mistake that repeatedly occurred in all of these studies [13,14,15] was to encrypt a message with the sender’s public key. This type of scheme (e.g., [8,9])

Encryption

Encryption Government Authentication Accountability

Redfly group infiltrated an Asian national grid as long as six months?

Security Affairs

SEPTEMBER 13, 2023

The APT41 group (aka Winnti , Axiom, Barium , Blackfly, HOODOO) is a China-linked cyberespionage group that has been active since at least 2007. Attackers also a Packerloader tool to load and execute shellcode, which is stored in a file in an encrypted form. The attack is the latest in a series of intrusions against CNI targets.

Encryption

Encryption Malware Hacking Government

A taste of the latest release of QakBot

Security Affairs

MAY 6, 2021

A taste of the latest release of QakBot – one of the most popular and mediatic trojan bankers active since 2007. The malware QakBot , also known as Qbot , Pinkslipbot , and Quakbot is a banking trojan that has been made headlines since 2007. Figure 15: Identification of Delphi forms and unknown resources (encrypted QakBot DLL).

Malware

Malware Encryption Banking Software

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Security Affairs

MARCH 2, 2019

In this file, the Workbook stream is interesting as it contains all the information related to that workbook such as the included sheets. The structure of this stream is fully specified in Microsoft Office Excel 97-2007 – Binary File Format Specification. The full list of programs it is seeking is the following.

Malware

Malware Antivirus Technology Phishing

Operators behind Dark Caracal are still alive and operational

Security Affairs

NOVEMBER 29, 2020

Upon opening the archive, malicious macros are downloaded, which subsequently proceeds to drop and execute a second-stage PowerShell script encrypted inside the original Word document. . “Certified documents.docx”) delivered inside a ZIP file.

Energy and Utilities

Energy and Utilities Malware Government Healthcare

As Internet-Connected Medical Devices Multiply, So Do Challenges

Cisco Security

JUNE 15, 2022

That doesn’t mean the risk is zero, noted Christos Sarris , a longtime information security analyst. He shared an anecdote in Cisco Secure’s recent e-book, “ Building Security Resilience ,” about finding malware on an intensive care unit device that compromised a pump used to deliver precise doses of medicine.

Internet

Internet Internet Manufacturing Healthcare

Winnti APT Group targeted Hong Kong Universities

Security Affairs

FEBRUARY 1, 2020

” The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. . “The Winnti malware was also found at these universities a few weeks p rior to ShadowPad.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Malware

Malware Advertising Encryption Hacking

Is APT27 Abusing COVID-19 To Attack People ?!

Security Affairs

MARCH 19, 2020

The following VBScript is run through cscript.exe, It’s an obfuscated and xor-encrypted payload. The encryption is performed by a simple xor having as key the single byte 0 while the encoding procedure is a multi conversion routine which could be summarized as follows: chr(asc(chr(“&h”&mid(x,y,2)))).

Computers and Electronics

Computers and Electronics Penetration Testing Malware Cyber Attacks

The Hacker Mind Podcast: The Fog of Cyber War

ForAllSecure

JULY 6, 2022

Centre for Defence: In 2007, a struggle over a divisive Soviet statutes set the standard for a new form of Russian interference in the affairs of foreign states. Vamosi: The slogan of the RSA Conference is “Where the World Talks Security,” and, in general. Instead we have these faceless ransomware groups. Here's the BBC.

Cybercrime

Cybercrime Government Ransomware Hacking

Cyber Security Informer

Evil Corp rebrands their ransomware, this time is the Macaw Locker

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Webinars

Trending Sources

China-linked APT41 group targets Hong Kong with Spyder Loader

Webinars

French court indicted Nexa Technologies for complicity in acts of torture

Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp?

Boyne Resorts ski and golf resort operator hit with WastedLocker ransomware

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Russia-linked Turla APT hacked European government organization

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Dacls RAT, the first Lazarus malware that targets Linux devices

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Microsoft: North Korea-linked Zinc APT targets security experts

Winnti uses a new PipeMon backdoor in attacks aimed at the gaming industry

North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection

New Turla ComRAT backdoor uses Gmail for Command and Control

Turla APT group adds Topinambour Trojan to its arsenal

Identity-based Cryptography

Redfly group infiltrated an Asian national grid as long as six months?

A taste of the latest release of QakBot

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Operators behind Dark Caracal are still alive and operational

As Internet-Connected Medical Devices Multiply, So Do Challenges

Winnti APT Group targeted Hong Kong Universities

Is APT27 Abusing COVID-19 To Attack People ?!

The Hacker Mind Podcast: The Fog of Cyber War

Stay Connected