2009, Hacking and Malware - Cyber Security Informer

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware. WHO IS MEGATRAFFER?

Malware

Malware Cybercrime Software Accountability

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware

Malware VPN Internet Internet

Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever

Security Affairs

FEBRUARY 22, 2025

The Bybit hack is the largest cryptocurrency heist ever, surpassing previous ones like Ronin Network ($625M), Poly Network ($611M), and BNB Bridge ($566M). Bybit is Solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss. billion to an unidentified address.

Cryptocurrency

Cryptocurrency Hacking Banking Cybersecurity

Canada Charges Its “Most Prolific Cybercriminal”

Krebs on Security

DECEMBER 8, 2021

Darkode was taken down in 2015 as part of an FBI investigation sting operation , but screenshots of the community saved by this author show that DCReavers2 was already well known to the Darkode founders when his membership to the forum was accepted in May 2009. DCReavers2 was just the 22nd account to register on the Darkode cybercrime forum.

Cybercrime

Cybercrime Ransomware Accountability Advertising

Newly Discovered Malware Evades Detection by Hijacking Communications

eSecurity Planet

MARCH 1, 2022

Symantec this week reported a highly sophisticated malware called “Backdoor.Daxin” that “appears to be used in a long-running espionage campaign against select governments and other critical infrastructure targets” and appears to be linked to China. The malware then sends information back to remote servers.

Malware

Malware Government Encryption Architecture

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Security Affairs

FEBRUARY 17, 2024

Ukrainian national Vyacheslav Igorevich Penchukov has pleaded guilty to his key roles in the Zeus and IcedID malware operations. Vyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected thousands of computers with malicious software.

Malware

Malware Cybercrime Banking Hacking

Lazarus APT continues to target cryptocurrency businesses with Mac malware

Security Affairs

MARCH 28, 2019

The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts that investigated on the crew consider it highly sophisticated. The group is considered responsible for the massive WannaCry ransomware attack, a string of SWIFT attacks in 2016, and the Sony Pictures hack.

Cryptocurrency

Cryptocurrency Malware Advertising Antivirus

Symantec shared details of North Korean Lazarus’s FastCash Trojan used to hack banks

Security Affairs

NOVEMBER 10, 2018

Security experts from Symantec have discovered a malware, tracked as FastCash Trojan , that was used by the Lazarus APT Group , in a string of attacks against ATMs. The ATP group has been using this malware at least since 2016 to siphon millions of dollars from ATMs of small and midsize banks in Asia and Africa.

Banking

Banking Hacking Malware Advertising

Lazarus malware delivered to South Korean users via supply chain attacks

Security Affairs

NOVEMBER 16, 2020

The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Malware

Malware Software Cryptocurrency Financial Services

Who’s Behind the GandCrab Ransomware?

Krebs on Security

JULY 8, 2019

But GandCrab far eclipsed the success of competing ransomware affiliate programs largely because its authors worked assiduously to update the malware so that it could evade antivirus and other security defenses. It remains unclear how many individuals were active in the core GandCrab malware development team. of GandCrab.

Ransomware

Ransomware Accountability Cybercrime Passwords

Lotus Panda Hackers Strike Southeast Asian Governments With Browser Stealers, Sideloaded Malware

eSecurity Planet

APRIL 22, 2025

A notorious Chinese-linked hacking group, known in cybersecurity circles as Lotus Panda, has once again been tied to a wave of cyberattacks that hit several Southeast Asian government and private sector organizations, according to fresh findings from Broadcoms Symantec Threat Hunter Team.

Government

Government Malware Antivirus Software

Dacls RAT, the first Lazarus malware that targets Linux devices

Security Affairs

DECEMBER 17, 2019

The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. The group is considered responsible for the massive WannaCry ransomware attack, a string of SWIFT attacks in 2016, and the Sony Pictures hack. Pierluigi Paganini.

Malware

Malware Advertising Encryption Hacking

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

As detailed in my 2014 book, Spam Nation , Spamdot was home to crooks controlling some of the world’s nastiest botnets, global malware contagions that went by exotic names like Rustock , Cutwail , Mega-D , Festi , Waledac , and Grum. And there were many good reasons to support this conclusion. ws was registered to an Andrew Artz.

Cybercrime

Cybercrime Banking Computers and Electronics DDOS

North Korea-linked APT group BeagleBoyz targets banks

Security Affairs

AUGUST 29, 2020

The BeagleBoyz APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Banking

Banking Malware Advertising Hacking

‘Spam Nation’ Villain Vrublevsky Charged With Fraud

Krebs on Security

MARCH 22, 2022

When I first began writing about Vrublevsky in 2009 as a reporter for The Washington Post , ChronoPay and its sister firm Red & Partners (RNP) were earning millions setting up payment infrastructure for fake antivirus peddlers and spammers pimping male enhancement drugs. The latest document in the hacked archive is dated April 2021.

Banking

Banking Marketing DDOS Risk

Vyacheslav Igorevich Penchukov was sentenced to prison for his role in Zeus and IcedID operations

Security Affairs

JULY 13, 2024

Ukrainian national Vyacheslav Igorevich Penchukov was sentenced to prison for his role in Zeus and IcedID malware operations. DoJ sentenced the Ukrainian national Vyacheslav Igorevich Penchukov (37) to prison and ordered him to pay millions of dollars in restitution for his role in the Zeus and IcedID malware operations.

Cybercrime

Cybercrime Banking Malware Hacking

Operator of Scan4You Malware-Scanning sentenced to 14 Years in prison

Security Affairs

SEPTEMBER 22, 2018

Scan4you is a VirusTotal like online multi-engine antivirus scanning service that could be used by vxers to test evasion abilities of their malware against the major antiviruses. A second customer used Scan4you to contribute to the development of infamous Citadel malware that caused over $500 million in fraud-related losses.

Malware

Malware Antivirus Retail Advertising

The analysis of the code reuse revealed many links between North Korea malware

Security Affairs

AUGUST 10, 2018

Security researchers at Intezer and McAfee have conducted a joint investigation that allowed them to collect evidence that links malware families attributed to North Korean APT groups such as the notorious Lazarus Group and Group 123. Each node represents a malware family or a hacking tool (“ Brambul ,” “ Fallchill ,” etc.)

Malware

Malware Hacking Advertising Accountability

Administrators of bulletproof hosting sentenced to prison in the US

Security Affairs

OCTOBER 21, 2021

The United States Department of Justice sentenced two individuals that were providing bulletproof hosting to various malware operations. The two individuals, Aleksandr Skorodumov (33) of Lithuania, and Pavel Stassi (30) of Estonia, administrated the bulletproof hosting service between 2009 and 2015. Pierluigi Paganini.

System Administration

System Administration Malware Accountability Marketing

North Korea-linked Lazarus APT targets the IT supply chain

Security Affairs

OCTOBER 27, 2021

The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Malware

Malware System Administration Hacking Media

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

Security Affairs

NOVEMBER 15, 2021

IDA Pro is widely used by malware researchers to translate machine-executable code into assembly language source code for purpose of debugging and reverse engineering. . The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. Win64/NukeSped.JS : devguardmap[.]org

Cybersecurity

Cybersecurity Engineering Software Malware

SimJacker attack allows hacking any phone with just an SMS

Security Affairs

SEPTEMBER 12, 2019

According to the researchers, almost any mobile phone model is vulnerable to the SimJacker attack because it leverages a component on SIM cards and its specifications are the same since 2009. SecurityAffairs – SimJacker, hacking). ” states the post. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Mobile Spyware Manufacturing

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported. The activity of the Zinc APT group, aka Lazarus , surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Malware

Malware Phishing Antivirus Hacking

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Security Affairs

FEBRUARY 25, 2021

“Once the malicious document is opened, the malware is dropped and proceeds to the next stage of the deployment process. The ThreatNeedle malware used in this campaign belongs to a malware family known as Manuscrypt, which belongs to the Lazarus group and has previously been seen attacking cryptocurrency businesses.”

Malware

Malware Cryptocurrency Password Management Encryption

China-linked APT10 leverages ZeroLogon exploits in recent attacks

Security Affairs

NOVEMBER 18, 2020

The group, also known as Cicada, Stone Panda , and Cloud Hopper , has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide. ” Pierluigi Paganini.

Manufacturing

Manufacturing Hacking Engineering Malware

North Korean Lazarus APT stole credit card data from US and EU stores

Security Affairs

JULY 6, 2020

The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts that investigated on the crew consider it highly sophisticated. SecurityAffairs – hacking, Lazarus APT). Researchers provided details for each of the campaigns they have analyzed. Pierluigi Paganini.

Retail

Retail Advertising Malware Hacking

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Security Affairs

MAY 9, 2020

North Korea-linked Lazarus APT already used at least two macOS malware in previous attacks, now researchers from Malwarebytes have identified a new Mac variant of the Linux-based Dacls RAT. The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Malware

Malware Advertising Encryption Hacking

Microsoft: North Korea-linked Zinc APT targets security experts

Security Affairs

JANUARY 29, 2021

Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to ZINC, a DPRK-affiliated and state-sponsored group, based on observed tradecraft, infrastructure, malware patterns, and account affiliations.” SecurityAffairs – hacking, Zinc). Not all visitors to the site were infected. .

Malware

Malware Antivirus Hacking Accountability

US officials charge two Chinese men for laundering cryptocurrency for North Korea

Security Affairs

MARCH 3, 2020

“ Two Chinese nationals were charged with laundering over $100 million worth of cryptocurrency from a hack of a cryptocurrency exchange. ” The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. million from another exchange.

Cryptocurrency

Cryptocurrency Banking Hacking Accountability

Experts link attack on Chilean interbank network Redbanc NK Lazarus APT

Security Affairs

JANUARY 16, 2019

The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts that investigated on the crew consider it highly sophisticated. The group is considered responsible for the massive WannaCry ransomware attack, a string of SWIFT attacks in 2016, and the Sony Pictures hack.

Malware

Malware Banking Media Advertising

Symantec uncovered the link between China-Linked Thrip and Billbug groups

Security Affairs

SEPTEMBER 9, 2019

The Thrip group used both custom malware and legitimate tools to hit its targets that continue to include defense contractors, telecoms companies, and satellite operators. This malware appears to be an evolution of an older Billbug tool known as Evora.” SecurityAffairs – APT, hacking). ” continues the report.

Government

Government Telecommunications Advertising Malware

An ongoing Qbot campaign targeted customers of tens of US banks

Security Affairs

JUNE 18, 2020

Researchers uncovered an ongoing campaign delivering the Qbot malware to steal credentials from customers of dozens of US financial institutions. Security researchers at F5 Labs have spotted ongoing attacks using Qbot malware payloads to steal credentials from customers of dozens of US financial institutions. Pierluigi Paganini.

Banking

Banking Malware Advertising Financial Services

APT10 is back with two new loaders and new versions of known payloads

Security Affairs

MAY 27, 2019

The APT10 group has added two new malware loaders to its arsenal and used in attacks aimed at government and private organizations in Southeast Asia. The recent attacks were uncovered by experts at enSilo, they also noticed that the APT group used modified versions of known malware. SecurityAffairs – APT10, hacking).

Advertising

Advertising Malware Government Hacking

North Korea-linked group Lazarus targets Latin American banks

Security Affairs

NOVEMBER 24, 2018

The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts that investigated on the crew consider it highly sophisticated. Securi ty Affairs – Hacking, Lazarus). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Banking

Banking Encryption Malware Advertising

The US Treasury placed sanctions on North Korea linked APT Groups

Security Affairs

SEPTEMBER 13, 2019

The US Treasury placed sanctions on three North Korea-linked hacking groups, the Lazarus Group, Bluenoroff, and Andarial. The US Treasury sanctions on three North Korea-linked hacking groups, the Lazarus Group , Bluenoroff , and Andarial. SecurityAffairs – North Korea, hacking). ” continues the US Treasury. .

Cyber Attacks

Cyber Attacks Hacking Cryptocurrency Banking

FBI/DHS MAR report details HOPLIGHT Trojan used by Hidden Cobra APT

Security Affairs

APRIL 11, 2019

The activity of the Lazarus Group (aka BlueNoroff and Hidden Cobra ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts that investigated on the crew consider it highly sophisticated. Seven of these files are proxy applications that mask traffic between the malware and the remote operators.

Malware

Malware Advertising Cryptocurrency Passwords

PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web

Security Affairs

OCTOBER 23, 2023

billion Aadhaars issued by the UIDAI since this ID service launched in 2009, this system represents one of the largest biometric ID programs on the planet, according to a report published by think tank Brookings Institution. With roughly 1.4

Identity Theft

Identity Theft Banking Data breaches Malware

DHS issued an alert on attacks aimed at Managed Service Providers

Security Affairs

OCTOBER 5, 2018

The group has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide.

Advertising

Advertising Manufacturing Healthcare Malware

Backdoor in XZ Utils That Almost Happened

Schneier on Security

APRIL 11, 2024

He has been in charge of XZ Utils since he wrote it in 2009. Many open-source libraries, like XZ Utils, are maintained by volunteers. In the case of XZ Utils, it’s one person, named Lasse Collin. And, at least in 2022, he’s had some “ longterm mental health issues. ” (To be clear, he is not to blame in this story. This is a systems problem.)

Software

Software Engineering Internet Internet

China-linked APT10 group behind new attacks on the Japanese media sector

Security Affairs

SEPTEMBER 15, 2018

Experts noticed the group since around mid-2016 when it was using PlugX, ChChes, Quasar and RedLeaves malware in targeted attacks. The ANEL malware was already seen in the previous attack as a beta version or release candidate. This shows that APT10 is very capable of maintaining and updating their malware,” .

Media

Media Malware Advertising Phishing

Orchard botnet uses Bitcoin Transaction info to generate DGA domains

Security Affairs

AUGUST 8, 2022

“It’s worth pointing out that the wallet address is the miner reward receiving address of the Bitcoin Genesis Block , which occurred on January 3, 2009, and is believed to be held by Nakamoto.” The bot allows operators to deploy additional malware onto the infected machine and execute commands received from the C2 server.

Accountability

Accountability Cryptocurrency Malware Hacking

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

Security Affairs

JUNE 27, 2019

“The hacking campaign, known as “ Cloud Hopper ,” was the subject of a U.S. ” The report attributed the cyberespionage campaign to the China-linked APT10 (aka Menupass, and Stone Panda), the same group recently accused of hacking telco operators worldwide. SecurityAffairs – Cloud Hopper, hacking).

Identity Theft

Identity Theft Hacking System Administration Advertising

North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks

Security Affairs

JANUARY 27, 2022

North Korea-linked Lazarus APT group uses Windows Update client to deliver malware on Windows systems. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. SecurityAffairs – hacking, Lazarus APT). The use of Github as a C2 aims at evading detection.

Malware

Malware Hacking Phishing Ransomware

The man behind Cardplanet credit card market sentenced to 9 years in prison

Security Affairs

JUNE 27, 2020

The Russian national named Aleksey Yurievich Burkov (30) was sentenced to nine years in prison for running Cardplanet and Direct Connection, two credit card market that facilitated payment card fraud, computer hacking, and other illegal activities. SecurityAffairs – hacking, Cardplanet). Pierluigi Paganini.

Marketing

Marketing Cybercrime Advertising Insurance

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Who and What is Behind the Malware Proxy Service SocksEscort?

Trending Sources

Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever

Canada Charges Its “Most Prolific Cybercriminal”

Newly Discovered Malware Evades Detection by Hijacking Communications

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Lazarus APT continues to target cryptocurrency businesses with Mac malware

Symantec shared details of North Korean Lazarus’s FastCash Trojan used to hack banks

Lazarus malware delivered to South Korean users via supply chain attacks

Who’s Behind the GandCrab Ransomware?

Lotus Panda Hackers Strike Southeast Asian Governments With Browser Stealers, Sideloaded Malware

Dacls RAT, the first Lazarus malware that targets Linux devices

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

North Korea-linked APT group BeagleBoyz targets banks

‘Spam Nation’ Villain Vrublevsky Charged With Fraud

Vyacheslav Igorevich Penchukov was sentenced to prison for his role in Zeus and IcedID operations

Operator of Scan4You Malware-Scanning sentenced to 14 Years in prison

The analysis of the code reuse revealed many links between North Korea malware

Administrators of bulletproof hosting sentenced to prison in the US

North Korea-linked Lazarus APT targets the IT supply chain

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

SimJacker attack allows hacking any phone with just an SMS

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

China-linked APT10 leverages ZeroLogon exploits in recent attacks

North Korean Lazarus APT stole credit card data from US and EU stores

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Microsoft: North Korea-linked Zinc APT targets security experts

US officials charge two Chinese men for laundering cryptocurrency for North Korea

Experts link attack on Chilean interbank network Redbanc NK Lazarus APT

Symantec uncovered the link between China-Linked Thrip and Billbug groups

An ongoing Qbot campaign targeted customers of tens of US banks

APT10 is back with two new loaders and new versions of known payloads

North Korea-linked group Lazarus targets Latin American banks

The US Treasury placed sanctions on North Korea linked APT Groups

FBI/DHS MAR report details HOPLIGHT Trojan used by Hidden Cobra APT

PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web

DHS issued an alert on attacks aimed at Managed Service Providers

Backdoor in XZ Utils That Almost Happened

China-linked APT10 group behind new attacks on the Japanese media sector

Orchard botnet uses Bitcoin Transaction info to generate DGA domains

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks

The man behind Cardplanet credit card market sentenced to 9 years in prison

Stay Connected