2007, Malware and Phishing - Cyber Security Informer

QBot Malware Is Making a Comeback by Replacing IcedID in Malspam Campaigns

Heimadal Security

APRIL 14, 2021

Qbot, also known as “Qakbot” or “Pinkslipbot,” is a banking trojan active since 2007 that’s focusing on stealing user data and banking credentials. The malware […]. The post QBot Malware Is Making a Comeback by Replacing IcedID in Malspam Campaigns appeared first on Heimdal Security Blog.

Malware

Malware Banking Phishing Ransomware

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Krebs on Security

AUGUST 29, 2023

government today announced a coordinated crackdown against QakBot , a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. Emerging in 2007 as a banking trojan, QakBot (a.k.a. Qakbot/Qbot was once again the top malware loader observed in the wild in the first six months of 2023.

Hacking

Hacking Malware Ransomware Government

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Security Affairs

DECEMBER 10, 2020

Russia-link cyberespionage APT28 leverages COVID-19 as phishing lures to deliver the Go version of their Zebrocy (or Zekapab) malware. Russia-linked APT28 is leveraging COVID-19 as phishing lures in a new wave of attacks aimed at distributing the Go version of their Zebrocy (or Zekapab) malware.

Malware

Malware Phishing Government Data collection

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

FBI and NSA joint report details APT28’s Linux malware Drovorub

Security Affairs

AUGUST 13, 2020

The FBI and NSA issue joint alert related to new Linux malware dubbed Drovorub that has been used by the Russia-linked APT28 group. The FBI and NSA have published a joint security alert containing technical details about a new piece of Linux malware, tracked as Drovorub , allegedly employed by Russia-linked the APT28 group.

Malware

Malware Advertising IoT Government

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

The APT28 group (aka Forest Blizzard , Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Government

Government Education Phishing Malware

Lazarus malware delivered to South Korean users via supply chain attacks

Security Affairs

NOVEMBER 16, 2020

The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Malware

Malware Software Cryptocurrency Financial Services

Bitdefender offers mobile security to chats on messaging apps

CyberSecurity Insiders

NOVEMBER 8, 2022

BitDefender Mobile Security feature assists customers in protecting against malware spread and phishing scams. NOTE 1- Sold with the name as SOFTWIN between 1996 to 2001, the software company was renamed as Bitdefender in the year 2007. It covers devices operating on Windows, macOS, Android and iOS devices, which is outstanding.

Mobile

Mobile Antivirus VPN IoT

QBOT – A HTML Smuggling technique to target victims

Quick Heal Antivirus

NOVEMBER 11, 2022

QBot, also known as Qakbot, QuackBot, and Pinkslipbot, is a Banking Trojan that was first observed in 2007. The post QBOT – A HTML Smuggling technique to target victims appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

Banking

Banking Phishing Cybercrime Ransomware

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

Krebs on Security

SEPTEMBER 17, 2020

The government alleges the men used malware-laced phishing emails and “supply chain” attacks to steal data from companies and their customers. APT41 was known to hide its malware inside fake resumes that were sent to targets. APT41’s activities span from the mid-2000s to the present day.

Antivirus

Antivirus Hacking Government Software

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

CERT-UA warns of a spear-phishing campaign conducted by APT28 group targeting Ukrainian government bodies with fake ‘Windows Update’ guides. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. The group was involved also in the string of attacks that targeted 2016 Presidential election.

System Administration

System Administration Government Phishing Malware

Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020

Security Affairs

OCTOBER 14, 2021

Google revealed to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers since January. Google announced to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers during 2021. Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Phishing

Phishing Hacking Government VPN

Level up your Secure Email game using SecureX Orchestrator

Cisco Security

MARCH 15, 2021

Today, an email administrator needs to get the most out of their data and reporting when it comes to the daily management of Business Email Compromise, Ransomware, Malware, and Phishing. Cisco SecureX Orchestration now includes the capability of automating Phishing investigations and remediation. Phishing workflow docs.

Phishing

Phishing Threat Reports Ransomware Malware

China-linked APT41 group spotted using open-source red teaming tool GC2

Security Affairs

APRIL 17, 2023

The APT41 group, aka Winnti , Axiom, Barium , Blackfly, HOODOO) is a China-linked cyberespionage group that has been active since at least 2007. The attack took place in October 2022, threat actors sent phishing emails that contained links to a password-protected file hosted in Drive. ” continues the report.

Media

Media Accountability Government Malware

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported.

Malware

Malware Phishing Antivirus Hacking

Google warns of APT28 attack attempts against 14,000 Gmail users

Security Affairs

OCTOBER 8, 2021

Google warned more than 14,000 Gmail users that they have been the target of nation-state spear-phishing campaigns. ” A spike in the number of attacks was observed in late September, Threat Analysis Group researchers uncovered an APT28 phishing campaign targeting approximately 14,000 Gmail users across multiple businesses.

Phishing

Phishing Government Hacking Accountability

Enhanced Protection - The strongest level of Safe Browsing protection Google Chrome has to offer

Google Security

DECEMBER 5, 2022

This is why Safe Browsing ’s phishing and malware protections have been a core part of Chrome since 2007. As a result, Enhanced Protection users are phished 20-35% less than users on Standard Protection. You may have seen these in action if you have ever come across one of our red warning pages.

Phishing

Phishing Data privacy Malware Mobile

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. “This report aims to shed light on some of Pawn Storm’s attacks that did not use malware in the initial stages.

Phishing

Phishing Accountability Advertising DNS

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

Security Affairs

OCTOBER 27, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Government

Government Phishing Accountability Hacking

North Korea-linked Lazarus APT targets the COVID-19 research

Security Affairs

DECEMBER 25, 2020

The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Cryptocurrency

Cryptocurrency Malware Hacking Phishing

Financially motivated Earth Lusca threat actors targets organizations worldwide

Security Affairs

JANUARY 18, 2022

Trend Micro researchers spotted an elusive threat actor, called Earth Lusca, that targets organizations worldwide via spear-phishing and watering hole attacks. . The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. Both clusters served as a C&C server.

Cryptocurrency

Cryptocurrency Social Engineering Media Phishing

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Security Affairs

JUNE 21, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Hacking

Hacking Government Phishing Malware

The Scammers’ Playbook: How Cybercriminals Get Ahold of Your Data

eSecurity Planet

SEPTEMBER 14, 2022

As a matter of fact, the most-reported crime in the 2021 Internet Crime Report report was phishing , a social engineering scam wherein the victim receives a deceptive message from someone in an attempt to get the victim to reveal personal information or account credentials or to trick them into downloading malware. since Q3 of 2007.

Social Engineering

Social Engineering Energy and Utilities Phishing Scams

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Security Affairs

DECEMBER 5, 2023

Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. The group was involved also in the string of attacks that targeted 2016 Presidential election. The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).

Accountability

Accountability Government Phishing Authentication

YouTube channels of Taylor Swift, Justin Bieber, Harry Styles, and other musicians compromised

Malwarebytes

APRIL 8, 2022

The last time I can remember an all-out targeted attack on social media musicians was way back in 2007 during Ye Olde Myspace days. The people behind it didn’t promote malware links, or spam, or phishing. The people behind it didn’t promote malware links, or spam, or phishing.

Scams

Scams Accountability Phishing Malware

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Security Affairs

DECEMBER 7, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Government

Government Telecommunications Accountability Phishing

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. ” reads the joint advisory.

Malware

Malware Firmware Government Education

North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks

Security Affairs

JANUARY 27, 2022

North Korea-linked Lazarus APT group uses Windows Update client to deliver malware on Windows systems. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. The use of Github as a C2 aims at evading detection.

Malware

Malware Hacking Phishing Ransomware

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Security Affairs

FEBRUARY 25, 2021

The attack chain starts with COVID19-themed spear-phishing messages that contain either a malicious Word attachment or a link to one hosted on company servers. . “Once the malicious document is opened, the malware is dropped and proceeds to the next stage of the deployment process.

Malware

Malware Cryptocurrency Password Management Encryption

Microsoft disrupted APT28 attacks on Ukraine through a court order

Security Affairs

APRIL 8, 2022

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks. ” concludes Microsoft.

Government

Government Media Malware Hacking

Domestic Kitten has been conducting surveillance targeting over 1,000 individuals

Security Affairs

FEBRUARY 8, 2021

The researchers documented a malware, tracked as ‘FurBall,’ that was employed since the beginning of the operation. The attack chain leverage multiple vectors Telegram channels, SMS messages containing a link to the malware, phishing messages, and watering hole attacks involving Iranian websites. ” concludes the report.

Surveillance

Surveillance Mobile Malware Cyber Attacks

QBot banker delivered through business correspondence

SecureList

APRIL 17, 2023

The malware would be delivered through e-mail letters written in different languages — variations of them were coming in English, German, Italian, and French. A short look at QBot The banking Trojan QBot was detected for the first time in 2007. In 2021, we published a detailed QBot technical analysis.

Banking

Banking Malware Social Engineering Passwords

Mandiant identifies 3 hacktivist groups working in support of Russia

Security Affairs

SEPTEMBER 27, 2022

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

DDOS

DDOS Cyber threats Phishing Hacking

A new Fancy Bear backdoor used to target political targets

Security Affairs

SEPTEMBER 24, 2019

The Fancy Bear APT group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. ” The threat actors used phishing messages containing a malicious attachment that launches a long chain of downloaders , ending with a backdoor. dotm hosted at Dropbox.

Advertising

Advertising Phishing Malware Hacking

North Korean Lazarus APT stole credit card data from US and EU stores

Security Affairs

JULY 6, 2020

The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts that investigated on the crew consider it highly sophisticated. Researchers provided details for each of the campaigns they have analyzed.

Retail

Retail Advertising Malware Cryptocurrency

North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection

Security Affairs

APRIL 20, 2021

BMP) image files in a recent spear-phishing campaign targeting entities in South Korea. . Experts from Malwarebytes have uncovered a spear-phishing attack conducted by a North Korea-linked Lazarus APT group that obfuscated a malicious code within a bitmap (.BMP) North Korea-linked Lazarus APT group is abusing bitmap (.BMP)

Phishing

Phishing Hacking Cryptocurrency Malware

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Security Affairs

DECEMBER 1, 2020

.” According to Microsoft, the APT group started using the crypto-mining malware to trick the defense staff of the targets into believing their attacks are not highly targeted intrusions. They also leveraged the Sysinternals DebugView tool, the McAfee on-demand scanner, and Microsoft Word 2007.”

Cryptocurrency

Cryptocurrency Antivirus Manufacturing Government

Russian APT groups target European governments ahead of May Elections

Security Affairs

MARCH 22, 2019

The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. FireEye revealed that the two Russia-linked APT groups carried out spear-phishing attacks to trick victims into revealing government information and credentials.

Government

Government Advertising Media Phishing

Chrome wants to make your passwords stronger

Malwarebytes

JANUARY 22, 2021

Malware, for example, would specifically target password storage in browsers and plunder everything in sight. Password managers weren’t exactly flying off the shelves back in 2007, your only real options were home grown. Malware files can decrypt your passwords, or wait for you to do it. Weak password? Chrome 88 can help.

Passwords

Passwords Password Management Encryption Malware

Russia-linked Sofacy APT developed a new ‘Go’ variant of Zebrocy tool

Security Affairs

DECEMBER 19, 2018

The Sofacy APT group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Experts discovered a new variant of the Zebrocy malware that was written using the Go programming language. The malware connects to the C2 through HTTP POST requests.

Malware

Malware Advertising Data collection Phishing

APT28 group return to covert intelligence gathering ops in Europe and South America.

Security Affairs

OCTOBER 7, 2018

The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The Earworm group carried out spear-phishing campaigns aimed at delivering the Trojan.Zekapab downloader and the Backdoor.Zekapab.

Government

Government Advertising Hacking Malware

Critical flaws in NextGen Gallery WordPress plugin still impact over 500K installs

Security Affairs

FEBRUARY 9, 2021

The developers behind the NextGen Gallery plugin have fixed two critical Cross-site request forgery (CSRF) vulnerabilities, their exploitation could lead to a site takeover, malicious redirects, spam injection, phishing, and other malicious activities. The plugin receives over 1.5

Social Engineering

Social Engineering Firewall Engineering Phishing

Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide

Security Affairs

OCTOBER 3, 2018

The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts that investigated on the crew consider it highly sophisticated. Experts believe APT threat actors carried out spear-phishing attacks against the bank, malicious messages used Windows executable.

Banking

Banking Retail Advertising Malware

Reddit Breach Highlights Limits of SMS-Based Authentication

Krebs on Security

AUGUST 1, 2018

Reddit said the exposed data included internal source code as well as email addresses and obfuscated passwords for all Reddit users who registered accounts on the site prior to May 2007. The incident also exposed the email addresses of some users who had signed up to receive daily email digests of specific discussion threads. SECURITY KEYS.

Authentication

Authentication Mobile Passwords Accountability

IT threat evolution Q3 2021

SecureList

NOVEMBER 26, 2021

The PyInstaller module for Windows contains a script named “Guard” Interestingly, this malware was developed for both Windows and macOS operating systems. The attackers obtain initial access to a system by sending a spear-phishing email to the victim containing a Dropbox download link.

Malware

Malware Banking Energy and Utilities Accountability

QBot Malware Is Making a Comeback by Replacing IcedID in Malspam Campaigns

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Webinars

Trending Sources

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Webinars

FBI and NSA joint report details APT28’s Linux malware Drovorub

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Lazarus malware delivered to South Korean users via supply chain attacks

Bitdefender offers mobile security to chats on messaging apps

QBOT – A HTML Smuggling technique to target victims

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020

Level up your Secure Email game using SecureX Orchestrator

China-linked APT41 group spotted using open-source red teaming tool GC2

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Google warns of APT28 attack attempts against 14,000 Gmail users

Enhanced Protection - The strongest level of Safe Browsing protection Google Chrome has to offer

Russia-linked APT28 has been scanning vulnerable email servers in the last year

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

North Korea-linked Lazarus APT targets the COVID-19 research

Financially motivated Earth Lusca threat actors targets organizations worldwide

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

The Scammers’ Playbook: How Cybercriminals Get Ahold of Your Data

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

YouTube channels of Taylor Swift, Justin Bieber, Harry Styles, and other musicians compromised

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Microsoft disrupted APT28 attacks on Ukraine through a court order

Domestic Kitten has been conducting surveillance targeting over 1,000 individuals

QBot banker delivered through business correspondence

Mandiant identifies 3 hacktivist groups working in support of Russia

A new Fancy Bear backdoor used to target political targets

North Korean Lazarus APT stole credit card data from US and EU stores

North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Russian APT groups target European governments ahead of May Elections

Chrome wants to make your passwords stronger

Russia-linked Sofacy APT developed a new ‘Go’ variant of Zebrocy tool

APT28 group return to covert intelligence gathering ops in Europe and South America.

Critical flaws in NextGen Gallery WordPress plugin still impact over 500K installs

Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide

Reddit Breach Highlights Limits of SMS-Based Authentication

IT threat evolution Q3 2021

Stay Connected