2007, Hacking and Malware - Cyber Security Informer

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Krebs on Security

AUGUST 29, 2023

government today announced a coordinated crackdown against QakBot , a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. Emerging in 2007 as a banking trojan, QakBot (a.k.a. Qakbot/Qbot was once again the top malware loader observed in the wild in the first six months of 2023.

Hacking

Hacking Malware Ransomware Government

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware. WHO IS MEGATRAFFER?

Malware

Malware Cybercrime Software Antivirus

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Security Affairs

JUNE 21, 2023

Russia-linked APT28 group hacked into Roundcube email servers belonging to multiple Ukrainian organizations. The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide.

Hacking

Hacking Government Phishing Malware

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

FBI and NSA joint report details APT28’s Linux malware Drovorub

Security Affairs

AUGUST 13, 2020

The FBI and NSA issue joint alert related to new Linux malware dubbed Drovorub that has been used by the Russia-linked APT28 group. The FBI and NSA have published a joint security alert containing technical details about a new piece of Linux malware, tracked as Drovorub , allegedly employed by Russia-linked the APT28 group.

Malware

Malware Advertising IoT Government

Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp?

Security Affairs

FEBRUARY 23, 2022

The code of the recently-emerged Entropy ransomware has similarities with the one of the infamous Dridex malware. The recently-emerged Entropy ransomware has code similarities with the popular Dridex malware. SecurityAffairs – hacking, Dridex). The post Sophos linked Entropy ransomware to Dridex malware.

Ransomware

Ransomware Malware Cybercrime Banking

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

Krebs on Security

SEPTEMBER 17, 2020

Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies. The government alleges the men used malware-laced phishing emails and “supply chain” attacks to steal data from companies and their customers. Image: FBI.

Antivirus

Antivirus Hacking Government Software

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Security Affairs

DECEMBER 10, 2020

Russia-link cyberespionage APT28 leverages COVID-19 as phishing lures to deliver the Go version of their Zebrocy (or Zekapab) malware. Russia-linked APT28 is leveraging COVID-19 as phishing lures in a new wave of attacks aimed at distributing the Go version of their Zebrocy (or Zekapab) malware. SecurityAffairs – hacking, Zebrocy).

Malware

Malware Phishing Government Data collection

Russia-linked APT Turla used a new malware toolset named Crutch

Security Affairs

DECEMBER 2, 2020

Russian-linked cyberespionage group Turla employed a new malware toolset, named Crutch, in targeted attacks aimed at high-profile targets. The Crutch framework was employed in attacks since 2015 to siphon sensitive data and transfer them to Dropbox accounts controlled by the Russian hacking group. SecurityAffairs – hacking, Crutch).

Malware

Malware Accountability Hacking Government

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

The APT28 group (aka Forest Blizzard , Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Government

Government Education Phishing Malware

Lazarus malware delivered to South Korean users via supply chain attacks

Security Affairs

NOVEMBER 16, 2020

The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Malware

Malware Software Cryptocurrency Financial Services

Colombian authorities arrested hacker behind the Gozi Virus

Security Affairs

JUNE 30, 2021

for his key role in the distribution of the Gozi virus that infected more than a million computers from 2007 to 2012. The Gozi banking Trojan is not a new threat, it was first spotted by security researchers in 2007. SecurityAffairs – hacking, Gozi ). Paunescu was arrested in Romania in 2012, but was able to avoid extradition.

Banking

Banking Malware Hacking Information Security

Russia-Linked Turla APT uses new malware in watering hole attacks

Security Affairs

MARCH 13, 2020

The Russia-linked APT group Turla employed two new pieces of malware in attacks launched over a period of roughly two months in the fall of 2019. The Russia-linked APT group Turla employed two new pieces of malware in attacks launched over a period of roughly two months in the fall of 2019. Kill (uninstall) the malware. .

Malware

Malware Social Engineering Advertising Government

AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

Security Affairs

JUNE 19, 2020

New AcidBox Malware employed in targeted attacks leverages an exploit previously associated with the Russian-linked Turla APT group. Palo Alto Networks researchers analyzed a new malware, dubbed AcidBox, that was employed in targeted attacks and that leverages an exploit previously associated with the Russian-linked Turla APT group.

Malware

Malware InfoSec Advertising Hacking

Symantec shared details of North Korean Lazarus’s FastCash Trojan used to hack banks

Security Affairs

NOVEMBER 10, 2018

Security experts from Symantec have discovered a malware, tracked as FastCash Trojan , that was used by the Lazarus APT Group , in a string of attacks against ATMs. The ATP group has been using this malware at least since 2016 to siphon millions of dollars from ATMs of small and midsize banks in Asia and Africa.

Banking

Banking Hacking Malware Advertising

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, data breach) The post Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack appeared first on Security Affairs.

Education

Education Data breaches Ransomware Hacking

Russia-linked Turla APT hacked European government organization

Security Affairs

OCTOBER 29, 2020

Russia-linked APT Turla has hacked into the systems of an undisclosed European government organization according to Accenture. According to a report published by Accenture Cyber Threat Intelligence (ACTI), Russia-linked cyber-espionage group Turla has hacked into the systems of an undisclosed European government organization.

Government

Government Hacking Advertising Encryption

Lazarus APT continues to target cryptocurrency businesses with Mac malware

Security Affairs

MARCH 28, 2019

The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts that investigated on the crew consider it highly sophisticated. The group is considered responsible for the massive WannaCry ransomware attack, a string of SWIFT attacks in 2016, and the Sony Pictures hack.

Cryptocurrency

Cryptocurrency Malware Advertising Antivirus

QBOT – A HTML Smuggling technique to target victims

Quick Heal Antivirus

NOVEMBER 11, 2022

QBot, also known as Qakbot, QuackBot, and Pinkslipbot, is a Banking Trojan that was first observed in 2007. The post QBOT – A HTML Smuggling technique to target victims appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

Banking

Banking Phishing Cybercrime Ransomware

EU Council sanctions two Russian military intelligence officers over 2015 Bundestag hack

Security Affairs

OCTOBER 22, 2020

The Council of the European Union announced sanctions imposed on Russian military intelligence officers for 2015 Bundestag hack. The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide.

Hacking

Hacking Cyber Attacks Identity Theft Government

Russian APT Turla?s COMpfun malware uses HTTP status codes to receive commands

Security Affairs

MAY 15, 2020

Russia-linked cyberespionage group Turla targets diplomatic entities in Europe with a new piece of malware tracked as COMpfun. Security experts from Kaspersky Lab have uncovered a new cyberespionage campaign carried out by Russia-linked APT Turla that employs a new version of the COMpfun malware. SecurityAffairs – Turla, malware).

Malware

Malware Advertising Government Hacking

US Cyber Command details implants used in attacks on parliaments and embassies

Security Affairs

OCTOBER 29, 2020

US Cyber Command published technical details on malware implants used by Russia-linked APTs on multiple parliaments, embassies. US Cyber Command shared technical details about malware implants employed by Russian hacking groups in attacks against multiple ministries of foreign affairs, national parliaments, and embassies.

Malware

Malware Advertising Hacking Government

Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group

Security Affairs

JULY 20, 2023

The APT41 group, aka Winnti , Axiom, Barium , Blackfly, HOODOO) is a China-linked cyberespionage group that has been active since at least 2007. Lookout also discovered a link between the C2 infrastructure hard-coded into the malware’s source code and Chengdu 404. government. Most recent samples of DraginEgg are dated April 2023.

Spyware

Spyware Surveillance Mobile Malware

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

Winnti (aka APT41 , Axiom, Barium , Blackfly) is a cyberespionage group that has been active since at least 2007. Symantec observed the attackers deploying a custom malware called Spyder Loader on the target networks. exe for the execution of the malware loader. SecurityAffairs – hacking, APT41). Pierluigi Paganini.

Malware

Malware Encryption Manufacturing Hacking

Evil Corp rebrands their ransomware, this time is the Macaw Locker

Security Affairs

OCTOBER 21, 2021

The malware drops ransom notes ( macaw_recover.txt ) in each folder, the ransom note includes the link to a unique victim negotiation page. The Evil Corp cybercrime group (aka the Dridex gang Indrik Spider , the Dridex gang, and TA505 ) has been active in cybercrime activities since 2007. SecurityAffairs – hacking, Macaw Locker).

Ransomware

Ransomware Cybercrime Banking Encryption

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

Security Affairs

NOVEMBER 15, 2021

IDA Pro is widely used by malware researchers to translate machine-executable code into assembly language source code for purpose of debugging and reverse engineering. . The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. Win64/NukeSped.JS : devguardmap[.]org

Cybersecurity

Cybersecurity Engineering Software Malware

Dacls RAT, the first Lazarus malware that targets Linux devices

Security Affairs

DECEMBER 17, 2019

The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. The group is considered responsible for the massive WannaCry ransomware attack, a string of SWIFT attacks in 2016, and the Sony Pictures hack. Pierluigi Paganini.

Malware

Malware Advertising Encryption Hacking

Grief ransomware gang hit US National Rifle Association (NRA)

Security Affairs

OCTOBER 27, 2021

Grief ransomware operators announced to have hacked US National Rifle Association (NRA) and threaten to leak the stolen data. The NRA was added to the list of compromised organizations on the leak site of the group, that gang also published a set of documents as proof of the hack. SecurityAffairs – hacking, NRA).

Ransomware

Ransomware Banking Cybercrime Hacking

North Korea-linked Lazarus APT targets the IT supply chain

Security Affairs

OCTOBER 27, 2021

The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Malware

Malware System Administration Hacking Media

Cyber Attack news headlines trending on Google

CyberSecurity Insiders

APRIL 18, 2023

Those who had Facebook accounts from May 24th, 2007, to Dec 22nd, 2022, will be eligible to gain some monetary benefits from the settled amount. NCR Corporation has announced that it has taken all necessary measures to contain the malware spread and assured that the incident will never be repeated.

Cyber Attacks

Cyber Attacks Banking Retail Media

North Korea-linked Lazarus APT targets the COVID-19 research

Security Affairs

DECEMBER 25, 2020

The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Cryptocurrency

Cryptocurrency Malware Hacking Phishing

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported. The activity of the Zinc APT group, aka Lazarus , surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Malware

Malware Phishing Antivirus Hacking

News URSNIF variant doesn’t support banking features

Security Affairs

OCTOBER 21, 2022

A new variant of the popular Ursnif malware is used as a backdoor to deliver next-stage payloads and steal sensitive data. Mandiant researchers warn of a significant shift from Ursnif ‘s original purpose, the malware initially used in banking frauds is now used to deliver next-stage payloads and steal sensitive data.

Banking

Banking Malware Hacking Ransomware

Connecting the dots between SolarWinds and Russia-linked Turla APT

Security Affairs

JANUARY 11, 2021

Security experts from Kaspersky have identified multiple similarities between the Sunburst malware used in the SolarWinds supply chain attack and the Kazuar backdoor that has been employed in cyber espionage campaigns conducted by Russia-linked APT group Turla. SecurityAffairs – hacking, Turla). ” continues the report.

Malware

Malware Hacking Government Information Security

Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020

Security Affairs

OCTOBER 14, 2021

Google revealed to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers since January. Google announced to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers during 2021. Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Phishing

Phishing Hacking Government VPN

Romanian Duo Receives Jailtime For Infecting 400,000 With Malware

Threatpost

DECEMBER 9, 2019

Since 2007, the two allegedly operated a cybercrime ring called "Bayrob Group.".

Cybercrime

Cybercrime Malware Government Hacking

From Cybercrime Saul Goodman to the Russian GRU

Krebs on Security

FEBRUARY 7, 2024

In 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. The forum’s member roster includes a Who’s Who of top Russian cybercriminals, and it featured sub-forums for a wide range of cybercrime specialities, including malware, spam, coding and identity theft. One representation of the leaked Mazafaka database.

Cybercrime

Cybercrime Accountability Identity Theft Hacking

Nation-state actors are exploiting CVE-2020-0688 Microsoft Exchange server flaw

Security Affairs

MARCH 9, 2020

Multiple state-sponsored hacking groups are attempting to exploit a vulnerability recently addressed in Microsoft Exchange email servers. A couple of weeks ago, the popular security researcher Kevin Beaumont reported mass scanning for the CVE-2020-0688 (Microsoft Exchange 2007+ RCE vulnerability). Pierluigi Paganini.

Authentication

Authentication Advertising Hacking Malware

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Security Affairs

DECEMBER 5, 2023

Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, APT28) The group was involved also in the string of attacks that targeted 2016 Presidential election.

Accountability

Accountability Government Phishing Authentication

China-linked APT41 group spotted using open-source red teaming tool GC2

Security Affairs

APRIL 17, 2023

The APT41 group, aka Winnti , Axiom, Barium , Blackfly, HOODOO) is a China-linked cyberespionage group that has been active since at least 2007. ” Upon installing the malware on the target system, it queries Google Sheets to obtain attacker commands. .” ” continues the report. ” continues the report.

Media

Media Accountability Government Malware

North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks

Security Affairs

JANUARY 27, 2022

North Korea-linked Lazarus APT group uses Windows Update client to deliver malware on Windows systems. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. SecurityAffairs – hacking, Lazarus APT). The use of Github as a C2 aims at evading detection.

Malware

Malware Hacking Phishing Ransomware

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

System Administration

System Administration Government Phishing Malware

Malicious Python Package uses Unicode support to evade detection

Security Affairs

MARCH 27, 2023

Supply chain security firm Phylum discovered a malicious Python package on the Python Package Index (PyPI) repository that uses Unicode to evade detection and deliver information-stealing malware. The package, named onyxproxy , was uploaded to the PyPI repository on March 15, 2023. ” reads the analysis published by Phylum.”However,

Malware

Malware Hacking Information Security

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. ” reads the joint advisory.

Malware

Malware Firmware Government Education

Microsoft disrupted APT28 attacks on Ukraine through a court order

Security Affairs

APRIL 8, 2022

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks. SecurityAffairs – hacking, APT28).

Government

Government Media Malware Hacking

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Webinars

Trending Sources

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Webinars

FBI and NSA joint report details APT28’s Linux malware Drovorub

Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp?

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Russia-linked APT Turla used a new malware toolset named Crutch

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Lazarus malware delivered to South Korean users via supply chain attacks

Colombian authorities arrested hacker behind the Gozi Virus

Russia-Linked Turla APT uses new malware in watering hole attacks

AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

Symantec shared details of North Korean Lazarus’s FastCash Trojan used to hack banks

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Russia-linked Turla APT hacked European government organization

Lazarus APT continues to target cryptocurrency businesses with Mac malware

QBOT – A HTML Smuggling technique to target victims

EU Council sanctions two Russian military intelligence officers over 2015 Bundestag hack

Russian APT Turla?s COMpfun malware uses HTTP status codes to receive commands

US Cyber Command details implants used in attacks on parliaments and embassies

Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group

China-linked APT41 group targets Hong Kong with Spyder Loader

Evil Corp rebrands their ransomware, this time is the Macaw Locker

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

Dacls RAT, the first Lazarus malware that targets Linux devices

Grief ransomware gang hit US National Rifle Association (NRA)

North Korea-linked Lazarus APT targets the IT supply chain

Cyber Attack news headlines trending on Google

North Korea-linked Lazarus APT targets the COVID-19 research

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

News URSNIF variant doesn’t support banking features

Connecting the dots between SolarWinds and Russia-linked Turla APT

Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020

Romanian Duo Receives Jailtime For Infecting 400,000 With Malware

From Cybercrime Saul Goodman to the Russian GRU

Nation-state actors are exploiting CVE-2020-0688 Microsoft Exchange server flaw

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

China-linked APT41 group spotted using open-source red teaming tool GC2

North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Malicious Python Package uses Unicode support to evade detection

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Microsoft disrupted APT28 attacks on Ukraine through a court order

Stay Connected