Security Affairs

MAY 21, 2025

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Some campaigns bypassed MFA and used IP checks, redirectors, and delivered malware.

Technology 87

Technology Malware Phishing Government 87

Security Affairs

AUGUST 13, 2020

The FBI and NSA issue joint alert related to new Linux malware dubbed Drovorub that has been used by the Russia-linked APT28 group. The FBI and NSA have published a joint security alert containing technical details about a new piece of Linux malware, tracked as Drovorub , allegedly employed by Russia-linked the APT28 group.

Malware 145

Malware Advertising IoT Government 145

Heimadal Security

JUNE 3, 2022

Also known as the Dridex gang or INDRIK SPIDER, the Russian cybercriminal gang Evil Corp has been active since at least 2007 and is known for distributing the Dridex malware. The post LockBit Malware Is Now Used by Evil Corp appeared first on Heimdal Security Blog. What Happened?

Malware 105

Malware Cybercrime Cybersecurity 105

ZoneAlarm

AUGUST 30, 2023

In an ambitious international operation, law enforcement agencies, spearheaded by the FBI, have neutralized the Qakbot malware infrastructure. This significant move not only marks a large-scale effort to actively combat malware but also underscores the intensified global threat posed by cyber-extortion campaigns, primarily ransomware.

Malware 99

Malware Banking Ransomware Cybersecurity 99

Security Affairs

MARCH 13, 2020

The Russia-linked APT group Turla employed two new pieces of malware in attacks launched over a period of roughly two months in the fall of 2019. The Russia-linked APT group Turla employed two new pieces of malware in attacks launched over a period of roughly two months in the fall of 2019. Kill (uninstall) the malware. .

Malware 145

Malware Social Engineering Advertising Government 145

Security Affairs

JUNE 19, 2020

New AcidBox Malware employed in targeted attacks leverages an exploit previously associated with the Russian-linked Turla APT group. Palo Alto Networks researchers analyzed a new malware, dubbed AcidBox, that was employed in targeted attacks and that leverages an exploit previously associated with the Russian-linked Turla APT group.

Malware 144

Malware Advertising InfoSec Hacking 144

Malwarebytes

MARCH 5, 2022

The Formbook malware is an information stealer that is in use by many threat actors. The embedded object downloaded a remote template that exploits CVE-2017-11882 to download and execute the FormBook malware. The post Beware of malware offering “Warm greetings from Saudi Aramco” appeared first on Malwarebytes Labs.

Malware 139

Malware Manufacturing Marketing 139

Security Affairs

DECEMBER 10, 2020

Russia-link cyberespionage APT28 leverages COVID-19 as phishing lures to deliver the Go version of their Zebrocy (or Zekapab) malware. Russia-linked APT28 is leveraging COVID-19 as phishing lures in a new wave of attacks aimed at distributing the Go version of their Zebrocy (or Zekapab) malware. ” concludes the report.

Malware 134

Malware Phishing Government Data collection 134

Security Affairs

FEBRUARY 22, 2025

This threat actor was involved in cyber espionage campaigns and sabotage activities to destroy data and disrupt systems.

Cryptocurrency 137

Cryptocurrency Hacking Banking Cybersecurity 137

Krebs on Security

MAY 14, 2024

Kaspersky said it has since seen the exploit used together with QakBot and other malware. Emerging in 2007 as a banking trojan, QakBot (a.k.a. Qbot and Pinkslipbot ) has morphed into an advanced malware strain now used by multiple cybercriminal groups to prepare newly compromised networks for ransomware infestations.

Social Engineering 298

Social Engineering Backups Malware Software 298

Security Affairs

JUNE 3, 2024

Russia-linked APT28 used the HeadLace malware and credential-harvesting web pages in attacks against networks across Europe. The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide.

Malware 144

Malware Phishing Surveillance Internet 144

Security Affairs

DECEMBER 2, 2020

Russian-linked cyberespionage group Turla employed a new malware toolset, named Crutch, in targeted attacks aimed at high-profile targets. The post Russia-linked APT Turla used a new malware toolset named Crutch appeared first on Security Affairs. ” Pierluigi Paganini. SecurityAffairs – hacking, Crutch).

Malware 145

Malware Accountability Hacking Government 145

CyberSecurity Insiders

NOVEMBER 29, 2021

IKEA, the furniture giant from Sweden, has disclosed that its servers were hit by a Qakbot malware that could have compromised its staff and partner accounts to a certain extent. QuakBot aka QuackBot malware is actually a malicious software that has the potential to steal banking credentials and is existing since the year 2007.

Malware 105

Malware Retail Banking Ransomware 105

Security Affairs

MAY 15, 2020

Russia-linked cyberespionage group Turla targets diplomatic entities in Europe with a new piece of malware tracked as COMpfun. Security experts from Kaspersky Lab have uncovered a new cyberespionage campaign carried out by Russia-linked APT Turla that employs a new version of the COMpfun malware. SecurityAffairs – Turla, malware).

Malware 141

Malware Advertising Government Hacking 141

The Hacker News

JANUARY 13, 2022

Qakbot, also known as QBot, QuackBot and Pinkslipbot, has been observed in the wild since 2007. Although mainly fashioned as an information-stealing malware, Qakbot has since shifted its goals and acquired new

Banking 139

Banking Encryption Malware Cybersecurity 139

The Hacker News

DECEMBER 16, 2024

The Mask APT is a legendary threat actor that has been performing highly sophisticated attacks since at least 2007," Kaspersky researchers Georgy Kucherin and Marc Rivero said in an analysis published last week. Their targets

Malware 109

Malware 109

The Hacker News

OCTOBER 18, 2022

Active since at least 2007, Winnti (aka APT41, Barium, Bronze Atlas, and Wicked Panda) is the name designated to a prolific cyber threat group that carries out Chinese state-sponsored espionage activity, predominantly

Cyber threats 119

Cyber threats Malware Government 119

Krebs on Security

JUNE 7, 2021

In the process of doing so, I encountered a small snag: The FSB’s website said in order to communicate with them securely, I needed to download and install an encryption and virtual private networking (VPN) appliance that is flagged by at least 20 antivirus products as malware. biz, circa 2007. Image: Wikipedia.

Antivirus 331

Antivirus VPN Encryption Malware 331

Security Affairs

JUNE 30, 2021

for his key role in the distribution of the Gozi virus that infected more than a million computers from 2007 to 2012. The Gozi banking Trojan is not a new threat, it was first spotted by security researchers in 2007. Colombian officials announced the arrest of the Romanian hacker Mihai Ionut Paunescu who is wanted in the U.S.

Banking 133

Banking Malware Hacking Information Security 133

Security Affairs

APRIL 30, 2025

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Government 126

Government Phishing DNS VPN 126

Security Affairs

FEBRUARY 23, 2022

The code of the recently-emerged Entropy ransomware has similarities with the one of the infamous Dridex malware. The recently-emerged Entropy ransomware has code similarities with the popular Dridex malware. The post Sophos linked Entropy ransomware to Dridex malware. ” reads a report published by Sophos. .

Ransomware 126

Ransomware Malware Cybercrime Banking 126

Security Affairs

MARCH 28, 2019

The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts that investigated on the crew consider it highly sophisticated. At the time, North Korea-linked Lazarus APT group leveraged for the first time on a MacOS variant of the Fallchill malware.

Cryptocurrency 111

Cryptocurrency Malware Advertising Antivirus 111

Security Affairs

NOVEMBER 16, 2020

The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Malware 121

Malware Software Cryptocurrency Financial Services 121

Security Affairs

DECEMBER 17, 2019

The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. Dacls is the first malware linked to the Lazarus group that targets Linux systems. com ‘ was involved in past campaigns of the Lazarus APT. Pierluigi Paganini.

Malware 118

Malware Advertising Encryption Hacking 118

Heimadal Security

JUNE 7, 2022

QBot is a banking virus active since 2007 that steals user data and banking credentials. The malware contains novel distribution methods, C2 tactics, and anti-analysis characteristics. QBot (QuakBot) is a Windows malware that steals bank credentials, and Windows domain credentials, and delivers further […].

Ransomware 115

Ransomware Banking Malware Cybersecurity 115

SecureWorld News

APRIL 8, 2025

FortiGuard Labs saw some of the early botnets back between 2007-2010, like Zeus and Conficker, using fast flux to distribute malware and manage their Command and Control (C2) communications. While the technique is older, it can still be effective.

DNS 104

DNS Government Cybersecurity Malware 104

Security Boulevard

JUNE 21, 2022

Qakbot malware (also known as: QakBot, Quakbot, Pinkslipbot) is a prevalent information-stealing malware that was discovered in 2007. The post Qakbot appeared first on Cyborg Security. The post Qakbot appeared first on Security Boulevard.

Malware 98

Malware 98

Security Affairs

OCTOBER 29, 2020

US Cyber Command published technical details on malware implants used by Russia-linked APTs on multiple parliaments, embassies. US Cyber Command shared technical details about malware implants employed by Russian hacking groups in attacks against multiple ministries of foreign affairs, national parliaments, and embassies.

Malware 143

Malware Advertising Hacking Government 143

Security Affairs

JANUARY 8, 2024

Bandook has been active since 2007, it has been continuously developed since then and was employed in several campaigns by different threat actors. Upon extracting the malware from the archive, the malicious code injects its payload into msinfo32.exe. “A large number of commands for C2 communication can be found in this malware.

Malware 140

Malware Phishing Passwords Hacking 140

Security Affairs

APRIL 22, 2020

The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. ” The malware sample employed in the attack resembled a Winnti dropper previously analyzed by ESET researcher that was submitted to a public online malware scanning service.

DNS 144

DNS Malware Advertising Software 144

Security Affairs

OCTOBER 18, 2022

Winnti (aka APT41 , Axiom, Barium , Blackfly) is a cyberespionage group that has been active since at least 2007. Symantec observed the attackers deploying a custom malware called Spyder Loader on the target networks. exe for the execution of the malware loader. ” reads the analysis published by Symantec.

Malware 139

Malware Encryption Manufacturing Hacking 139

Security Affairs

AUGUST 29, 2020

The BeagleBoyz APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Banking 145

Banking Malware Advertising Hacking 145

Quick Heal Antivirus

NOVEMBER 11, 2022

QBot, also known as Qakbot, QuackBot, and Pinkslipbot, is a Banking Trojan that was first observed in 2007. The post QBOT – A HTML Smuggling technique to target victims appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

Banking 111

Banking Phishing Cybercrime Ransomware 111

Security Affairs

OCTOBER 21, 2021

The malware drops ransom notes ( macaw_recover.txt ) in each folder, the ransom note includes the link to a unique victim negotiation page. The Evil Corp cybercrime group (aka the Dridex gang Indrik Spider , the Dridex gang, and TA505 ) has been active in cybercrime activities since 2007.

Ransomware 144

Ransomware Cybercrime Banking Encryption 144

Security Affairs

NOVEMBER 15, 2021

IDA Pro is widely used by malware researchers to translate machine-executable code into assembly language source code for purpose of debugging and reverse engineering. . The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. Win64/NukeSped.JS : devguardmap[.]org

Cybersecurity 134

Cybersecurity Engineering Software Malware 134

Security Affairs

OCTOBER 27, 2021

The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Malware 137

Malware System Administration Hacking Media 137

Security Affairs

JANUARY 11, 2021

Security experts from Kaspersky have identified multiple similarities between the Sunburst malware used in the SolarWinds supply chain attack and the Kazuar backdoor that has been employed in cyber espionage campaigns conducted by Russia-linked APT group Turla. ” continues the report.

Malware 142

Malware Hacking Government Information Security 142