2009, Hacking, Information Security and Malware

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware

Malware VPN Internet Internet

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Security Affairs

FEBRUARY 17, 2024

Ukrainian national Vyacheslav Igorevich Penchukov has pleaded guilty to his key roles in the Zeus and IcedID malware operations. Vyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected thousands of computers with malicious software.

Malware

Malware Cybercrime Banking Hacking

Lazarus malware delivered to South Korean users via supply chain attacks

Security Affairs

NOVEMBER 16, 2020

According to the experts the nation-state actors leverage stolen security certificates from two separate, legitimate South Korean companies. . The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. SecurityAffairs – hacking, Lazarus). .

Malware

Malware Software Cryptocurrency Financial Services

Webinars

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

MORE WEBINARS

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported.

Malware

Malware Phishing Antivirus Hacking

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

Security Affairs

NOVEMBER 15, 2021

IDA Pro is widely used by malware researchers to translate machine-executable code into assembly language source code for purpose of debugging and reverse engineering. . The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. Win64/NukeSped.JS : devguardmap[.]org

Cybersecurity

Cybersecurity Engineering Software Malware

Dacls RAT, the first Lazarus malware that targets Linux devices

Security Affairs

DECEMBER 17, 2019

The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. The group is considered responsible for the massive WannaCry ransomware attack, a string of SWIFT attacks in 2016, and the Sony Pictures hack. Pierluigi Paganini.

Malware

Malware Advertising Encryption Hacking

Administrators of bulletproof hosting sentenced to prison in the US

Security Affairs

OCTOBER 21, 2021

The United States Department of Justice sentenced two individuals that were providing bulletproof hosting to various malware operations. The two individuals, Aleksandr Skorodumov (33) of Lithuania, and Pavel Stassi (30) of Estonia, administrated the bulletproof hosting service between 2009 and 2015. Pierluigi Paganini.

System Administration

System Administration Malware Accountability Marketing

Orchard botnet uses Bitcoin Transaction info to generate DGA domains

Security Affairs

AUGUST 8, 2022

“It’s worth pointing out that the wallet address is the miner reward receiving address of the Bitcoin Genesis Block , which occurred on January 3, 2009, and is believed to be held by Nakamoto.” The bot allows operators to deploy additional malware onto the infected machine and execute commands received from the C2 server.

Accountability

Accountability Cryptocurrency Malware Hacking

North Korea-linked Lazarus APT targets the IT supply chain

Security Affairs

OCTOBER 27, 2021

The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Malware

Malware System Administration Hacking Media

North Korea-linked Lazarus APT targets the COVID-19 research

Security Affairs

DECEMBER 25, 2020

The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Cryptocurrency

Cryptocurrency Malware Hacking Phishing

PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web

Security Affairs

OCTOBER 23, 2023

billion Aadhaars issued by the UIDAI since this ID service launched in 2009, this system represents one of the largest biometric ID programs on the planet, according to a report published by think tank Brookings Institution. With roughly 1.4

Identity Theft

Identity Theft Banking Data breaches Malware

SimJacker attack allows hacking any phone with just an SMS

Security Affairs

SEPTEMBER 12, 2019

According to the researchers, almost any mobile phone model is vulnerable to the SimJacker attack because it leverages a component on SIM cards and its specifications are the same since 2009. SecurityAffairs – SimJacker, hacking). ” states the post. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Mobile Spyware Manufacturing

North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks

Security Affairs

JANUARY 27, 2022

North Korea-linked Lazarus APT group uses Windows Update client to deliver malware on Windows systems. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. SecurityAffairs – hacking, Lazarus APT). The use of Github as a C2 aims at evading detection.

Malware

Malware Hacking Phishing Ransomware

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

At the time of this writing, no ransomware group has claimed responsibility for the security breach. CDHE provides free access to the identify theft monitoring Experian IdentityWorks SM for 24 months.

Education

Education Data breaches Ransomware Hacking

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Security Affairs

FEBRUARY 25, 2021

“Once the malicious document is opened, the malware is dropped and proceeds to the next stage of the deployment process. The ThreatNeedle malware used in this campaign belongs to a malware family known as Manuscrypt, which belongs to the Lazarus group and has previously been seen attacking cryptocurrency businesses.”

Malware

Malware Cryptocurrency Password Management Encryption

China-linked APT10 leverages ZeroLogon exploits in recent attacks

Security Affairs

NOVEMBER 18, 2020

The group, also known as Cicada, Stone Panda , and Cloud Hopper , has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide. ” Pierluigi Paganini.

Manufacturing

Manufacturing Hacking Engineering Malware

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

Security Affairs

JULY 6, 2021

According to Group-IB’s Threat Intelligence team, the suspect, dubbed Dr HeX by Group-IB based on one of the nicknames that he used, has been active since at least 2009 and is responsible for a number of cybercrimes, including phishing, defacing, malware development, fraud, and carding that resulted in thousands of unsuspecting victims.

Cybercrime

Cybercrime Phishing Banking Telecommunications

Microsoft: North Korea-linked Zinc APT targets security experts

Security Affairs

JANUARY 29, 2021

Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to ZINC, a DPRK-affiliated and state-sponsored group, based on observed tradecraft, infrastructure, malware patterns, and account affiliations.” SecurityAffairs – hacking, Zinc). Not all visitors to the site were infected. .

Malware

Malware Antivirus Hacking Accountability

US and UK sanctioned seven Russian members of Trickbot gang

Security Affairs

FEBRUARY 9, 2023

-based financial institutions that occurred in 2009 and 2010, predating his involvement in Dyre or the Trickbot Group. Valentin Karyagin has been involved in the development of ransomware and other malware projects. Maksim Mikhailov has been involved in development activity for the Trickbot Group.

Banking

Banking Ransomware Cybercrime Malware

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Security Affairs

MAY 9, 2020

North Korea-linked Lazarus APT already used at least two macOS malware in previous attacks, now researchers from Malwarebytes have identified a new Mac variant of the Linux-based Dacls RAT. The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Malware

Malware Advertising Encryption Hacking

China-linked APT10 Target Taiwan’s financial trading industry

Security Affairs

FEBRUARY 22, 2022

The group (also known as Cicada, Stone Panda , MenuPass group, Bronze Riverside, and Cloud Hopper ) has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide.

Technology

Technology Hacking Passwords Software

Symantec uncovered the link between China-Linked Thrip and Billbug groups

Security Affairs

SEPTEMBER 9, 2019

The Thrip group used both custom malware and legitimate tools to hit its targets that continue to include defense contractors, telecoms companies, and satellite operators. Security experts at Symantec speculate that Thrip is a sub-group of Billbug. This malware appears to be an evolution of an older Billbug tool known as Evora.”

Government

Government Telecommunications Advertising Malware

The US Treasury placed sanctions on North Korea linked APT Groups

Security Affairs

SEPTEMBER 13, 2019

The US Treasury placed sanctions on three North Korea-linked hacking groups, the Lazarus Group, Bluenoroff, and Andarial. The US Treasury sanctions on three North Korea-linked hacking groups, the Lazarus Group , Bluenoroff , and Andarial. SecurityAffairs – North Korea, hacking). ” continues the US Treasury. .

Cyber Attacks

Cyber Attacks Cryptocurrency Hacking Banking

APT10 is back with two new loaders and new versions of known payloads

Security Affairs

MAY 27, 2019

The APT10 group has added two new malware loaders to its arsenal and used in attacks aimed at government and private organizations in Southeast Asia. The recent attacks were uncovered by experts at enSilo, they also noticed that the APT group used modified versions of known malware. SecurityAffairs – APT10, hacking).

Advertising

Advertising Malware Government Hacking

US officials charge two Chinese men for laundering cryptocurrency for North Korea

Security Affairs

MARCH 3, 2020

“ Two Chinese nationals were charged with laundering over $100 million worth of cryptocurrency from a hack of a cryptocurrency exchange. ” The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. million from another exchange.

Cryptocurrency

Cryptocurrency Banking Hacking Accountability

An ongoing Qbot campaign targeted customers of tens of US banks

Security Affairs

JUNE 18, 2020

Researchers uncovered an ongoing campaign delivering the Qbot malware to steal credentials from customers of dozens of US financial institutions. Security researchers at F5 Labs have spotted ongoing attacks using Qbot malware payloads to steal credentials from customers of dozens of US financial institutions. Pierluigi Paganini.

Banking

Banking Malware Advertising Financial Services

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

Security Affairs

JUNE 27, 2019

. “Teams of hackers connected to the Chinese Ministry of State Security had penetrated HPE’s cloud computing service and used it as a launchpad to attack customers, plundering reams of corporate and government secrets for years in what U.S. “The hacking campaign, known as “ Cloud Hopper ,” was the subject of a U.S.

Identity Theft

Identity Theft Hacking System Administration Advertising

Belgium telecom operators Proximus and Orange drop Huawei

Security Affairs

OCTOBER 10, 2020

Orange Belgium is using Huawei equipment since 2007 for its mobile network in Belgium and Luxembourg, while the collaboration between Proximus and the Shenzhen-based company started in 2009 for the progressive upgrading of its network. SecurityAffairs – hacking, Proximus). Pierluigi Paganini.

Mobile

Mobile Manufacturing Wireless Internet

Tank, the leader of the Zeus cybercrime gang, was arrested by the Swiss police

Security Affairs

NOVEMBER 17, 2022

Krebs reported that Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham, noted in 2014 that Tank told co-conspirators in a JabberZeus chat on July 22, 2009 that his daughter, Miloslava, was and told him Miloslava birth weight. SecurityAffairs – hacking, Zeus). Pierluigi Paganini.

Cybercrime

Cybercrime Banking Identity Theft Hacking

EU has imposed sanctions on foreign actors for the first time ever

Security Affairs

JULY 31, 2020

The group has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide. SecurityAffairs – hacking, EU sanctions). ” conclude the EU.

Cyber Attacks

Cyber Attacks Hacking Advertising Government

Operation In(ter)reception targets Military and Aerospace employees in Europe and the Middle East

Security Affairs

JUNE 17, 2020

. “A collaborative investigation with two of the affected European companies allowed us to gain insight into the operation and uncover previously undocumented malware.” The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Advertising

Advertising Malware Passwords Accountability

North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection

Security Affairs

APRIL 20, 2021

The malicious code within the bitmap image file was used by threat actors to drop a remote access trojan (RAT) on the victims’ systems that allow them to steal sensitive information. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. Pierluigi Paganini.

Phishing

Phishing Hacking Cryptocurrency Malware

Billions of FBS Records Exposed in Online Trading Broker Data Leak

Security Affairs

MARCH 24, 2021

User information on online trading platforms should be well secured to prevent similar data leaks. Founded in 2009, FBS is an international online forex broker with more than 400,000 partners and 16 million traders spanning over 190 countries. Scams, Phishing and Malware. SecurityAffairs – hacking, Microsoft Exchange).

Passwords

Passwords Accountability Media Identity Theft

Experts attribute NukeSped RAT to North Korea-Linked hackers

Security Affairs

OCTOBER 24, 2019

Experts at Fortinet analyzed NukeSped malware samples that share multiple similarities with malware associated with North Korea-linked APTs. Fortinet has analyzed the NukeSped RAT that is believed to be a malware in the arsenal of the Lazarus North-Korea linked APT group.

Malware

Malware Encryption Advertising Internet

IRISSCON 2022 roundup: a new hope

BH Consulting

NOVEMBER 15, 2022

He argued that security works when it costs €100,000 for spyware to hack into a politician’s iPhone. Georgia Bafoutsou of ENISA, the EU’s information security agency, called on those attending to amplify messages about security awareness. “Creating exploits for modern operating systems today is hard.

Social Engineering

Social Engineering Insurance CISO Ransomware

Telehealth: A New Frontier in Medicine—and Security

SecureList

FEBRUARY 1, 2022

Number of data leaks from medical organizations, 2009–2020. Let’s see if there are any informational security issues with these wearables. Vulnerabilities like the one mentioned above enable cybercriminals to hack into users’ devices, and steal their most sensitive data, that is, medical information.

Phishing

Phishing Healthcare IoT Authentication

The Platinum APT group adds the Titanium backdoor to its arsenal

Security Affairs

NOVEMBER 9, 2019

Security experts at Kaspersky Lab have spotted a new backdoor, tracked as Titanium, that was used by the Platinum APT group in attacks in the wild, the malicious code implements sophisticated evasion techniques. “The malware hides at every step by mimicking common software (protection related, sound software , DVD video creation tools).”

Encryption

Encryption Passwords Malware Software

Platinum APT and leverages steganography to hide C2 communications

Security Affairs

JUNE 6, 2019

According to Microsoft, the Platinum has been active since at least 2009, it was responsible for spear phishing attacks on ISPs, government organizations, intelligence agencies, and defense institutes. SecurityAffairs – PLATINUM APT, hacking). “ ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Encryption

Encryption Government Advertising Cyber Attacks

Exclusive – Analysis of the sample that hit the Kudankulam Nuclear Power Plant

Security Affairs

NOVEMBER 3, 2019

Nema stated, “Identification of malware in NPCIL system is correct. On October 28 at 2.37PM twitter user @a_tweeter_user posted a Virus Total link claiming it was the Malware employee during the KKNPP (Kudankulam Nuclear Power Plant) cyber attack. Attribution is always a very hard and challenging section in Malware Analyses.

Malware

Malware Cyber Attacks Advertising Software

Understanding Features and Vulnerabilities of The Decentralized Finance Attack Surface is Key to Protecting Against Cyber Attacks

Security Boulevard

MARCH 17, 2022

Decentralized Finance and the information security protocols protecting it remain in their early stages of development, as does the adaptation of new cyberattack techniques. Bitcoin was the first cryptocurrency and was released for public use as open-source software in 2009. DEXs enable transactions on specific blockchains.

Cyber Attacks

Cyber Attacks Cryptocurrency Marketing Software

North Korea-linked APT group BeagleBoyz targets banks

Security Affairs

AUGUST 29, 2020

The BeagleBoyz APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Banking

Banking Malware Advertising Hacking

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Security enthusiast and Linux evangelist Binni Shah consistently offers valuable tutorials, guides, and insights for the cybersecurity community. Brian Krebs | @briankrebs.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

The Last Watchdog

AUGUST 15, 2019

Meanwhile, the advanced hacking collectives invest in innovation and press forward. While reporting for USA Today in 2009, I wrote about how fraudsters launched scareware campaigns to lock up computer screens as a means to extract $80 for worthless antivirus protection. The highest demand received by a Beazley client was for $8.5

Ransomware

Ransomware Internet Internet Hacking

The man behind Cardplanet credit card market sentenced to 9 years in prison

Security Affairs

JUNE 27, 2020

The Russian national named Aleksey Yurievich Burkov (30) was sentenced to nine years in prison for running Cardplanet and Direct Connection, two credit card market that facilitated payment card fraud, computer hacking, and other illegal activities. SecurityAffairs – hacking, Cardplanet). Pierluigi Paganini.

Marketing

Marketing Cybercrime Advertising Insurance

Who and What is Behind the Malware Proxy Service SocksEscort?

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Webinars

Trending Sources

Lazarus malware delivered to South Korean users via supply chain attacks

Webinars

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

Dacls RAT, the first Lazarus malware that targets Linux devices

Administrators of bulletproof hosting sentenced to prison in the US

Orchard botnet uses Bitcoin Transaction info to generate DGA domains

North Korea-linked Lazarus APT targets the IT supply chain

North Korea-linked Lazarus APT targets the COVID-19 research

PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web

SimJacker attack allows hacking any phone with just an SMS

North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

China-linked APT10 leverages ZeroLogon exploits in recent attacks

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

Microsoft: North Korea-linked Zinc APT targets security experts

US and UK sanctioned seven Russian members of Trickbot gang

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

China-linked APT10 Target Taiwan’s financial trading industry

Symantec uncovered the link between China-Linked Thrip and Billbug groups

The US Treasury placed sanctions on North Korea linked APT Groups

APT10 is back with two new loaders and new versions of known payloads

US officials charge two Chinese men for laundering cryptocurrency for North Korea

An ongoing Qbot campaign targeted customers of tens of US banks

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

Belgium telecom operators Proximus and Orange drop Huawei

Tank, the leader of the Zeus cybercrime gang, was arrested by the Swiss police

EU has imposed sanctions on foreign actors for the first time ever

Operation In(ter)reception targets Military and Aerospace employees in Europe and the Middle East

North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection

Billions of FBS Records Exposed in Online Trading Broker Data Leak

Experts attribute NukeSped RAT to North Korea-Linked hackers

IRISSCON 2022 roundup: a new hope

Telehealth: A New Frontier in Medicine—and Security

The Platinum APT group adds the Titanium backdoor to its arsenal

Platinum APT and leverages steganography to hide C2 communications

Exclusive – Analysis of the sample that hit the Kudankulam Nuclear Power Plant

Understanding Features and Vulnerabilities of The Decentralized Finance Attack Surface is Key to Protecting Against Cyber Attacks

North Korea-linked APT group BeagleBoyz targets banks

Top Cybersecurity Accounts to Follow on Twitter

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

The man behind Cardplanet credit card market sentenced to 9 years in prison

Stay Connected