2007, Information Security and Malware - Cyber Security Informer

FBI and NSA joint report details APT28’s Linux malware Drovorub

Security Affairs

AUGUST 13, 2020

The FBI and NSA issue joint alert related to new Linux malware dubbed Drovorub that has been used by the Russia-linked APT28 group. The FBI and NSA have published a joint security alert containing technical details about a new piece of Linux malware, tracked as Drovorub , allegedly employed by Russia-linked the APT28 group.

Malware

Malware Advertising IoT Government

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Security Affairs

DECEMBER 10, 2020

Russia-link cyberespionage APT28 leverages COVID-19 as phishing lures to deliver the Go version of their Zebrocy (or Zekapab) malware. Russia-linked APT28 is leveraging COVID-19 as phishing lures in a new wave of attacks aimed at distributing the Go version of their Zebrocy (or Zekapab) malware. ” concludes the report.

Malware

Malware Phishing Government Data collection

Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp?

Security Affairs

FEBRUARY 23, 2022

The code of the recently-emerged Entropy ransomware has similarities with the one of the infamous Dridex malware. The recently-emerged Entropy ransomware has code similarities with the popular Dridex malware. The post Sophos linked Entropy ransomware to Dridex malware. appeared first on Security Affairs.

Ransomware

Ransomware Malware Cybercrime Banking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Russia-Linked Turla APT uses new malware in watering hole attacks

Security Affairs

MARCH 13, 2020

The Russia-linked APT group Turla employed two new pieces of malware in attacks launched over a period of roughly two months in the fall of 2019. The Russia-linked APT group Turla employed two new pieces of malware in attacks launched over a period of roughly two months in the fall of 2019. Kill (uninstall) the malware. .

Malware

Malware Social Engineering Advertising Government

AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

Security Affairs

JUNE 19, 2020

New AcidBox Malware employed in targeted attacks leverages an exploit previously associated with the Russian-linked Turla APT group. Palo Alto Networks researchers analyzed a new malware, dubbed AcidBox, that was employed in targeted attacks and that leverages an exploit previously associated with the Russian-linked Turla APT group.

Malware

Malware InfoSec Advertising Hacking

Lazarus malware delivered to South Korean users via supply chain attacks

Security Affairs

NOVEMBER 16, 2020

According to the experts the nation-state actors leverage stolen security certificates from two separate, legitimate South Korean companies. . The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. ” reads the analysis published by ESET.

Malware

Malware Software Cryptocurrency Financial Services

Colombian authorities arrested hacker behind the Gozi Virus

Security Affairs

JUNE 30, 2021

for his key role in the distribution of the Gozi virus that infected more than a million computers from 2007 to 2012. The Gozi banking Trojan is not a new threat, it was first spotted by security researchers in 2007. Colombian officials announced the arrest of the Romanian hacker Mihai Ionut Paunescu who is wanted in the U.S.

Banking

Banking Malware Hacking Information Security

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

The APT28 group (aka Forest Blizzard , Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Government

Government Education Phishing Malware

Dacls RAT, the first Lazarus malware that targets Linux devices

Security Affairs

DECEMBER 17, 2019

The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. Dacls is the first malware linked to the Lazarus group that targets Linux systems. com ‘ was involved in past campaigns of the Lazarus APT. Pierluigi Paganini.

Malware

Malware Advertising Encryption Hacking

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

At the time of this writing, no ransomware group has claimed responsibility for the security breach. .” Once the investigation will be completed, CDHE will notify impacted by mail or email. CDHE provides free access to the identify theft monitoring Experian IdentityWorks SM for 24 months.

Education

Education Data breaches Ransomware Hacking

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

Winnti (aka APT41 , Axiom, Barium , Blackfly) is a cyberespionage group that has been active since at least 2007. Symantec observed the attackers deploying a custom malware called Spyder Loader on the target networks. exe for the execution of the malware loader. ” reads the analysis published by Symantec.

Malware

Malware Encryption Manufacturing Hacking

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported.

Malware

Malware Phishing Antivirus Hacking

Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group

Security Affairs

JULY 20, 2023

The APT41 group, aka Winnti , Axiom, Barium , Blackfly, HOODOO) is a China-linked cyberespionage group that has been active since at least 2007. Both malware relies on modules that are downloaded after the apps are installed to exfiltrate data from the infected devices. government. ” reads the report published by Lookout.

Spyware

Spyware Surveillance Mobile Malware

US Cyber Command details implants used in attacks on parliaments and embassies

Security Affairs

OCTOBER 29, 2020

US Cyber Command published technical details on malware implants used by Russia-linked APTs on multiple parliaments, embassies. US Cyber Command shared technical details about malware implants employed by Russian hacking groups in attacks against multiple ministries of foreign affairs, national parliaments, and embassies.

Malware

Malware Advertising Hacking Government

News URSNIF variant doesn’t support banking features

Security Affairs

OCTOBER 21, 2022

A new variant of the popular Ursnif malware is used as a backdoor to deliver next-stage payloads and steal sensitive data. Mandiant researchers warn of a significant shift from Ursnif ‘s original purpose, the malware initially used in banking frauds is now used to deliver next-stage payloads and steal sensitive data.

Banking

Banking Malware Hacking Ransomware

North Korea-linked Lazarus APT targets the COVID-19 research

Security Affairs

DECEMBER 25, 2020

The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Cryptocurrency

Cryptocurrency Malware Hacking Phishing

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

Security Affairs

NOVEMBER 15, 2021

IDA Pro is widely used by malware researchers to translate machine-executable code into assembly language source code for purpose of debugging and reverse engineering. . The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. Win64/NukeSped.JS : devguardmap[.]org

Cybersecurity

Cybersecurity Engineering Software Malware

Evil Corp rebrands their ransomware, this time is the Macaw Locker

Security Affairs

OCTOBER 21, 2021

The malware drops ransom notes ( macaw_recover.txt ) in each folder, the ransom note includes the link to a unique victim negotiation page. The Evil Corp cybercrime group (aka the Dridex gang Indrik Spider , the Dridex gang, and TA505 ) has been active in cybercrime activities since 2007.

Ransomware

Ransomware Cybercrime Banking Encryption

North Korea-linked Lazarus APT targets the IT supply chain

Security Affairs

OCTOBER 27, 2021

The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Malware

Malware System Administration Hacking Media

China-linked APT41 group spotted using open-source red teaming tool GC2

Security Affairs

APRIL 17, 2023

The APT41 group, aka Winnti , Axiom, Barium , Blackfly, HOODOO) is a China-linked cyberespionage group that has been active since at least 2007. ” Upon installing the malware on the target system, it queries Google Sheets to obtain attacker commands. .” ” continues the report. ” continues the report.

Media

Media Accountability Government Malware

Connecting the dots between SolarWinds and Russia-linked Turla APT

Security Affairs

JANUARY 11, 2021

Security experts from Kaspersky have identified multiple similarities between the Sunburst malware used in the SolarWinds supply chain attack and the Kazuar backdoor that has been employed in cyber espionage campaigns conducted by Russia-linked APT group Turla. ” continues the report.

Malware

Malware Hacking Government Information Security

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

Security Affairs

OCTOBER 21, 2019

Security experts have a new malware, dubbed skip-2.0 Security experts at ESET have discovered a new malware, dubbed skip-2.0, The Winnti group was first spotted by Kaspersky in 2013, according to the researchers the gang has been active since 2007. The skip-2.0 by its authors and part of the Winnti Group’s arsenal.”

Malware

Malware Passwords Advertising DNS

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. ” reads the joint advisory.

Malware

Malware Firmware Government Education

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

System Administration

System Administration Government Phishing Malware

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Security Affairs

DECEMBER 5, 2023

Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. The group was involved also in the string of attacks that targeted 2016 Presidential election. The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).

Accountability

Accountability Government Phishing Authentication

Malicious Python Package uses Unicode support to evade detection

Security Affairs

MARCH 27, 2023

Supply chain security firm Phylum discovered a malicious Python package on the Python Package Index (PyPI) repository that uses Unicode to evade detection and deliver information-stealing malware. The package, named onyxproxy , was uploaded to the PyPI repository on March 15, 2023.

Malware

Malware Hacking Information Security

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Security Affairs

DECEMBER 7, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Government

Government Telecommunications Accountability Phishing

North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks

Security Affairs

JANUARY 27, 2022

North Korea-linked Lazarus APT group uses Windows Update client to deliver malware on Windows systems. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. The use of Github as a C2 aims at evading detection.

Malware

Malware Hacking Phishing Ransomware

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Security Affairs

JUNE 21, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Hacking

Hacking Government Phishing Malware

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Security Affairs

FEBRUARY 25, 2021

“Once the malicious document is opened, the malware is dropped and proceeds to the next stage of the deployment process. The ThreatNeedle malware used in this campaign belongs to a malware family known as Manuscrypt, which belongs to the Lazarus group and has previously been seen attacking cryptocurrency businesses.”

Malware

Malware Cryptocurrency Password Management Encryption

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

Security Affairs

OCTOBER 27, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Government

Government Phishing Accountability Hacking

Domestic Kitten has been conducting surveillance targeting over 1,000 individuals

Security Affairs

FEBRUARY 8, 2021

The researchers documented a malware, tracked as ‘FurBall,’ that was employed since the beginning of the operation. The attack chain leverage multiple vectors Telegram channels, SMS messages containing a link to the malware, phishing messages, and watering hole attacks involving Iranian websites. ” concludes the report.

Surveillance

Surveillance Mobile Malware Cyber Attacks

Grief ransomware gang hit US National Rifle Association (NRA)

Security Affairs

OCTOBER 27, 2021

The Evil Corp cybercrime group (aka the Dridex gang Indrik Spider , the Dridex gang, and TA505 ) has been active in cybercrime activities since 2007. Evil Corp has recently launched a new ransomware called Macaw Locker to evade US sanctions that prevent victims from making ransom payments.

Ransomware

Ransomware Banking Cybercrime Hacking

Winnti APT continues to target game developers in Russia and abroad

Security Affairs

JANUARY 15, 2021

The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. Investigating the attack, the experts discover a number of new malware samples used by the attackers, including various droppers, loaders, and injectors.

Malware

Malware Technology Software Information Security

Microsoft disrupted APT28 attacks on Ukraine through a court order

Security Affairs

APRIL 8, 2022

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks. ” concludes Microsoft.

Government

Government Media Malware Hacking

Russian cybercriminal Aleksandr Brovko sentenced to 8 years in jail

Security Affairs

NOVEMBER 3, 2020

In some cases, the man manually chacked the stolen information. “As reflected in court documents, from 2007 through 2019, Brovko worked closely with other cybercriminals to monetize vast troves of data that had been stolen by “botnets,” or networks of infected computers. ” reads the press release published by the DoJ.

Accountability

Accountability Banking Advertising Data collection

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Security Affairs

DECEMBER 6, 2020

Kopter Group is Switzerland-based company that was founded in 2007 that was acquired by Leonardo in April 2020. The helicopter maker Kopter was hit by LockBit ransomware, the attackers compromised its internal network and encrypted the company’s files.

Ransomware

Ransomware VPN Encryption Authentication

Microsoft: North Korea-linked Zinc APT targets security experts

Security Affairs

JANUARY 29, 2021

Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to ZINC, a DPRK-affiliated and state-sponsored group, based on observed tradecraft, infrastructure, malware patterns, and account affiliations.” Not all visitors to the site were infected. . ” concludes Microsoft.

Malware

Malware Antivirus Hacking Accountability

Winnti uses a new PipeMon backdoor in attacks aimed at the gaming industry

Security Affairs

MAY 22, 2020

The Winnti hacking group continues to target gaming industry, recently it used a new malware named PipeMon and a new method to achieve persistence. Winnti hacking group is using a new malware dubbed PipeMon and a novel method to achieve persistence in attacks aimed at video game companies. ” concludes ESET.

Malware

Malware Hacking Advertising Architecture

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. “This report aims to shed light on some of Pawn Storm’s attacks that did not use malware in the initial stages.

Phishing

Phishing Accountability Advertising DNS

Boyne Resorts ski and golf resort operator hit with WastedLocker ransomware

Security Affairs

OCTOBER 24, 2020

Researchers from the NCC Group’s report and later Symantec confirmed that malware was developed by the Russian cybercrime crew known as Evil Corp , which was behind the Dridex Trojan , and multiple ransomware like Locky , Bart, Jaff , and BitPaymer. This group has been active since at least 2007, in December 2019, the U.S.

Ransomware

Ransomware Telecommunications Banking Advertising

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Security Affairs

MAY 9, 2020

North Korea-linked Lazarus APT already used at least two macOS malware in previous attacks, now researchers from Malwarebytes have identified a new Mac variant of the Linux-based Dacls RAT. The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Malware

Malware Advertising Encryption Hacking

Financially motivated Earth Lusca threat actors targets organizations worldwide

Security Affairs

JANUARY 18, 2022

The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. ” The threat actors were observed deploying Cobalt Strike in the infected networks, along with a set of additional malware and web shells.

Cryptocurrency

Cryptocurrency Social Engineering Media Phishing

Google warns of APT28 attack attempts against 14,000 Gmail users

Security Affairs

OCTOBER 8, 2021

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Phishing

Phishing Government Hacking Accountability

FBI and NSA joint report details APT28’s Linux malware Drovorub

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Webinars

Trending Sources

Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp?

Webinars

Russia-Linked Turla APT uses new malware in watering hole attacks

AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

Lazarus malware delivered to South Korean users via supply chain attacks

Colombian authorities arrested hacker behind the Gozi Virus

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Dacls RAT, the first Lazarus malware that targets Linux devices

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

China-linked APT41 group targets Hong Kong with Spyder Loader

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group

US Cyber Command details implants used in attacks on parliaments and embassies

News URSNIF variant doesn’t support banking features

North Korea-linked Lazarus APT targets the COVID-19 research

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

Evil Corp rebrands their ransomware, this time is the Macaw Locker

North Korea-linked Lazarus APT targets the IT supply chain

China-linked APT41 group spotted using open-source red teaming tool GC2

Connecting the dots between SolarWinds and Russia-linked Turla APT

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Malicious Python Package uses Unicode support to evade detection

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

Domestic Kitten has been conducting surveillance targeting over 1,000 individuals

Grief ransomware gang hit US National Rifle Association (NRA)

Winnti APT continues to target game developers in Russia and abroad

Microsoft disrupted APT28 attacks on Ukraine through a court order

Russian cybercriminal Aleksandr Brovko sentenced to 8 years in jail

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Microsoft: North Korea-linked Zinc APT targets security experts

Winnti uses a new PipeMon backdoor in attacks aimed at the gaming industry

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Boyne Resorts ski and golf resort operator hit with WastedLocker ransomware

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Financially motivated Earth Lusca threat actors targets organizations worldwide

Google warns of APT28 attack attempts against 14,000 Gmail users

Stay Connected