2011, Hacking and Malware - Cyber Security Informer

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Security Affairs

NOVEMBER 10, 2024

US CFPB warns employees to avoid work-related mobile calls and texts following China-linked Salt Typhoon hack over security concerns. The hacking campaign, called Salt Typhoon by investigators, hasn’t previously been publicly disclosed and is the latest in a series of incursions that U.S. and its allies for hacking activities in July.

Hacking

Hacking Internet Internet Government

XDSpy APT remained undetected since at least 2011

Security Affairs

OCTOBER 2, 2020

Researchers from ESET uncovered the activity of a new APT group, tracked as XDSpy, that has been active since at least 2011. XDSpy is the name used by ESET researchers to track a nation-state actor that has been active since at least 2011. ” reads the abstract from the talk. ” concludes the report.

Malware

Malware Government Advertising Phishing

The Link Between AWM Proxy & the Glupteba Botnet

Krebs on Security

JUNE 28, 2022

On December 7, 2021, Google announced it was suing two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. AWMproxy, the storefront for renting access to infected PCs, circa 2011.

Passwords

Passwords Malware Internet Internet

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. The proxy lookup page inside the malware-based anonymity service Faceless. Image: spur.us. as a media sharing device on a local network that was somehow exposed to the Internet.

Malware

Malware Passwords Accountability Advertising

Why is ‘Juice Jacking’ Suddenly Back in the News?

Krebs on Security

APRIL 14, 2023

KrebsOnSecurity received a nice bump in traffic this week thanks to tweets from the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC) about “ juice jacking ,” a term first coined here in 2011 to describe a potential threat of data theft when one plugs their mobile device into a public charging kiosk.

Mobile

Mobile Software Backups Technology

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Balaban This ransomware was doing the rounds over spam generated by the Gameover ZeuS botnet, which had been originally launched in 2011 as a toolkit for stealing victim’s banking credentials and was repurposed for malware propagation. These included PClock, CryptoLocker 2.0, Crypt0L0cker, and TorrentLocker.

Ransomware

Ransomware Hacking Encryption Penetration Testing

PyMICROPSIA Windows malware includes checks for Linux and macOS

Security Affairs

DECEMBER 15, 2020

Experts from Palo Alto Networks’s Unit 42 discovered a new Windows info-stealing malware, named PyMICROPSIA, that might be used soon to also target Linux and macOS systems. AridViper is an Arabic speaking APT group that is active in the Middle East since at least 2011. SecurityAffairs – hacking, Arid Viper).

Malware

Malware Hacking Information Security

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware

Malware Hacking Government Telecommunications

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

Security Affairs

APRIL 21, 2022

ALAC was developed in 2004 and Apple open-sourced it in 2011, since then many third-party vendors used it. “The impact of an RCE vulnerability can range from malware execution to an attacker gaining control over a user’s multimedia data, including streaming from a compromised machine’s camera.” To nominate, please visit:?

Hacking

Hacking Media Malware Cybersecurity

CIA Hacking unit APT-C-39 hit China since 2008

Security Affairs

MARCH 4, 2020

Chinese security firm Qihoo 360 revealed that the US CIA has hacked Chinese organizations in various sectors for the last 11 years. Chinese security firm Qihoo 360 is accusing that the US Central Intelligence Agency (CIA) of having hacked Chinese organizations for the last 11 years. SecurityAffairs – hacking, CIA).

Hacking

Hacking Government Advertising Engineering

US Treasury imposes sanctions on a Russian research institute behind Triton malware

Security Affairs

OCTOBER 24, 2020

US Treasury Department announced sanctions against Russia’s Central Scientific Research Institute of Chemistry and Mechanics behind Triton malware. The US Treasury Department announced sanctions against a Russian research institute for its alleged role in the development of the Triton malware. ” continues the press release.

Malware

Malware Government Hacking Cyber Attacks

Former Russian Cybersecurity Chief Sentenced to 22 Years in Prison

Krebs on Security

FEBRUARY 26, 2019

Following their dramatic arrests in 2016, many news media outlets reported that the men were suspected of having tipped off American intelligence officials about those responsible for Russian hacking activities tied to the 2016 U.S. presidential election. law enforcement and intelligence agencies.

Cybersecurity

Cybersecurity Cybercrime Media Antivirus

Mariposa Botnet Author, Darkcode Crime Forum Admin Arrested in Germany

Krebs on Security

OCTOBER 1, 2019

In December 2013, a Slovenian court sentenced Škorjanc to four years and ten months in prison for creating the malware that powered the ‘ Mariposa ‘ botnet. Very soon after its inception, Mariposa was estimated to have infected more than 1 million hacked computers — making it one of the largest botnets ever created.

Cybercrime

Cybercrime Malware Antivirus Banking

The Belgacom hack was the work of the UK GCHQ intelligence agency

Security Affairs

OCTOBER 28, 2018

Belgian newspaper reported that investigators had found proof that the Belgacom hack was the work of the UK GCHQ intelligence agency. Back to September 2013, Belgacom (now Proximus), the largest telecommunications company in Belgium and primarily state-owned, announced its IT infrastructure had suffered a malware-based attack.

Hacking

Hacking Spyware Telecommunications Malware

Inside the Massive Naz.API Credential Stuffing List

Troy Hunt

JANUARY 17, 2024

It's usually something to the effect of "hey, have you seen the Spotify breach", to which I politely reply with a link to my old No, Spotify Wasn't Hacked blog post (it's just the output of a small set of credentials successfully tested against their service), and we all move on.

Passwords

Passwords Password Management Hacking Accountability

US DoJ indicts four members of China-linked APT40 cyberespionage group

Security Affairs

JULY 19, 2021

US DoJ indicted four members of the China-linked cyberespionage group known as APT40 for hacking various entities between 2011 and 2018. Three of the defendants are said to be officers in a provincial arm of the MSS and one was an employee of a front company that was used to obfuscate the government’s role in the hacking campaigns.

Hacking

Hacking Technology Government Malware

YTStealer info-stealing malware targets YouTube content creators

Security Affairs

JUNE 29, 2022

Researchers detailed a new information-stealing malware, dubbed YTStealer, that targets YouTube content creators. Intezer cybersecurity researchers have detailed a new information-stealing malware, dubbed YTStealer, that was developed to steal authentication cookies from YouTube content creators. solutions.

Malware

Malware Authentication Software Accountability

Russia-linked threat actors targets critical infrastructure, US authorities warn

Security Affairs

JANUARY 12, 2022

The alert remarks that Russian nation-state actors have demonstrated sophisticated tradecraft and cyber capabilities by compromising third-party infrastructure, compromising third-party software, or developing custom malware. Some of the hacking campaigns that were publicly attributed to Russian state-sponsored APT actors by U.S.

Malware

Malware Cyber threats Government Hacking

From Cybercrime Saul Goodman to the Russian GRU

Krebs on Security

FEBRUARY 7, 2024

In 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. The forum’s member roster includes a Who’s Who of top Russian cybercriminals, and it featured sub-forums for a wide range of cybercrime specialities, including malware, spam, coding and identity theft. One representation of the leaked Mazafaka database.

Cybercrime

Cybercrime Accountability Identity Theft Hacking

DePriMon downloader uses a never seen installation technique

Security Affairs

NOVEMBER 21, 2019

The new DePriMon downloader was used by the Lambert APT group, aka Longhorn, to deploy malware. According to a report published by Symantec in 2017, Longhorn is a North American hacking group that has been active since at least 2011. Then the DePriMon malware uses Schannel for the communication. Pierluigi Paganini.

Malware

Malware Telecommunications Advertising Encryption

Windows Defender identified Chromium, Electron apps as Hive Ransomware

Security Affairs

SEPTEMBER 5, 2022

Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus to identify Chromium, Electron, as malware. Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus software to identify the app based on the Chromium browser engine or the Electron JavaScript framework as malware.

Ransomware

Ransomware Antivirus Malware Software

Google disrupts the Glupteba botnet

Security Affairs

DECEMBER 7, 2021

The blockchain-enabled botnet has been active since at least 2011, researchers estimate that the Glupteba botnet is currently composed of more than 1 million Windows PCs around the world. Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes. Pierluigi Paganini.

Backups

Backups Advertising Accountability Malware

Security Affairs newsletter Round 284

Security Affairs

OCTOBER 4, 2020

SecurityAffairs – hacking, newsletter). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Ransomware

Ransomware Firmware Advertising Insurance

Silent Night Zeus botnet available for sale in underground forums

Security Affairs

MAY 23, 2020

The source code of the Zeus Trojan is available in the cybercrime underground since 2011 allowing crooks to develop their own release since. Experts found multiple variants in the wild, many of them belonging to the Terdot Zbot/Zloader malware family. The malware is able to infect all operating systems. Pierluigi Paganini.

Banking

Banking Advertising Malware Data collection

Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

Security Affairs

APRIL 27, 2023

Iran-linked APT group Charming Kitten employed a new malware dubbed BellaCiao in attacks against victims in the U.S., The Charming Kitten used a new custom malware, dubbed BellaCiao, that is tailored to suit individual targets and is very sophisticated. Europe, the Middle East and India. Israel, Iraq, and Saudi Arabia.

Malware

Malware DNS Media Architecture

US man sentenced to 4 years in prison for his role in Infraud scheme

Security Affairs

MAY 29, 2022

The transnational cybercrime ring was engaged in the mass acquisition and sale of fraud-related goods and services, including stolen identities, compromised credit card data, and computer malware. SecurityAffairs – hacking, cybercrime). The fraudulent activities conducted by the gang cost victims more than $568 million dollars. .

Cybercrime

Cybercrime Hacking Malware Cybersecurity

Breach Exposes Users of Microleaves Proxy Service

Krebs on Security

JULY 28, 2022

In a 2011 post on Hackforums, Acidut said they were building a botnet using an “exploit kit,” a set of browser exploits made to be stitched into hacked websites and foist malware on visitors. 1, 2021: 15-Year-Old Malware Proxy Network VIP72 Goes Dark. ” A teaser from Irish Tech News. “Online[.]io

Advertising

Advertising Software Computers and Electronics Internet

The analysis of the code reuse revealed many links between North Korea malware

Security Affairs

AUGUST 10, 2018

Security researchers at Intezer and McAfee have conducted a joint investigation that allowed them to collect evidence that links malware families attributed to North Korean APT groups such as the notorious Lazarus Group and Group 123. Each node represents a malware family or a hacking tool (“ Brambul ,” “ Fallchill ,” etc.)

Malware

Malware Hacking Advertising Accountability

Will cryptocurrency mining soon saturate AWS, Microsoft Azure and Google Cloud?

The Last Watchdog

JUNE 20, 2018

Bilogorskiy: Before 2013 a lot of malware was focused on spam, DDoS and monetizing through malicious advertising and ad fraud. In 2011, total cryptocurrency value was about $10 billion. Bilogorskiy: One other kind of attack that we’ve seen is where companies get hacked and those computers have mining malware put on them.

Cryptocurrency

Cryptocurrency Ransomware Passwords Malware

Iran-linked Phosphorous APT hacked emails of security conference attendees

Security Affairs

OCTOBER 29, 2020

Iran-linked APT group Phosphorus successfully hacked into the email accounts of multiple high-profile individuals and security conference attendees. Microsoft has been tracking the threat actors at least since 2013, but experts believe that the cyberespionage group has been active since at least 2011. Saudi Arabia, and Iraq.

Hacking

Hacking Security Intelligence Accountability Advertising

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

Security Affairs

MAY 15, 2020

The Tropic Trooper APT that has been active at least since 2011, it was first spotted in 2015 by security experts at Trend Micro when it targeted government ministries and heavy industries in Taiwan and the military in the Philippines. ” reads the analysis published by Trend Micro. ” continues the report.

Government

Government Malware Advertising Architecture

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Herjavec Group

AUGUST 26, 2021

1834 — French Telegraph System — A pair of thieves hack the French Telegraph System and steal financial market information, effectively conducting the world’s first cyberattack. 1870 — Switchboard Hack — A teenager hired as a switchboard operator is able to disconnect and redirect calls and use the line for personal usage. .

Cybercrime

Cybercrime Computers and Electronics Banking Hacking

Unknown FinSpy Mac and Linux versions found in Egypt

Security Affairs

SEPTEMBER 27, 2020

Since 2011 it was employed in attacks aimed at Human Rights Defenders (HRDs) in many countries, including Bahrain, Ethiopia, UAE, and more. The new versions of FinSpy spyware were used by a new unknown hacking group, Amnesty International speculates the involvement of a nation-state actor that employed them since September 2019.

Spyware

Spyware Surveillance Mobile Advertising

Happy 10th Birthday, Security Affairs

Security Affairs

NOVEMBER 15, 2021

I launched Security Affairs for passion in 2011 and millions of readers walked with me. SecurityAffairs – hacking, Security Affairs). Ten years together! I’m very excited. Over the past decade, I have recovered tens of thousand stories focusing mainly on cybercrime, information warfare, hacktivism and computer security.

Cybercrime

Cybercrime Hacking Cybersecurity Data breaches

US indicted 4 Russian government employees for attacks on critical infrastructure

Security Affairs

MARCH 25, 2022

“In total, these hacking campaigns targeted thousands of computers, at hundreds of companies and organizations, in approximately 135 countries.” The group also attempted to hack the systems of a US company operating critical infrastructure in the United States. SecurityAffairs – hacking, Russian government employees).

Government

Government Energy and Utilities Malware Hacking

Alexander Vinnik, the popular cyber criminal goes on trial in Paris

Security Affairs

OCTOBER 19, 2020

Alexander Vinnik allegedly headed the Bitcoin exchange BTC-e, he is charged with different hacking crimes in Russia, France, and the United States. The authorities reported that since 2011, 7 million Bitcoin went into the BTC-e exchange and 5.5 SecurityAffairs – hacking, cybercrime). million withdrawn. Pierluigi Paganini.

Advertising

Advertising Hacking Cybercrime Cryptocurrency

US Treasury FinCEN linked $5.2 billion in BTC transactions to ransomware payments

Security Affairs

OCTOBER 16, 2021

FinCEN analyzed a data set composed of 2,184 SARs filed between 1 January 2011 and 30 June 2021 and identified 177 CVC (convertible virtual currency) wallets addresses that were used in ransomware operations associated with the above ransomware variants. SecurityAffairs – hacking, FinCEN). Pierluigi Paganini.

Ransomware

Ransomware Cryptocurrency Hacking Cybercrime

Patch Tuesday, November 2019 Edition

Krebs on Security

NOVEMBER 12, 2019

More than a dozen of the flaws tackled in this month’s release are rated “critical,” meaning they involve weaknesses that could be exploited to install malware without any action on the part of the user, except for perhaps browsing to a hacked or malicious Web site or opening a booby-trapped file attachment.

Backups

Backups Internet Internet Media

Command injection flaw in PHP Composer allowed supply-chain attacks

Security Affairs

APRIL 29, 2021

According to the researchers who discovered the issue, the flaw was introduced in November 2011. SecurityAffairs – hacking, PHP Composer). “This problem alone does not yet allow command execution, as the values are appropriately escaped. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Hacking

Hacking Software Information Security Malware

Hunting the ICEFOG APT group after years of silence

Security Affairs

JUNE 8, 2019

This week, Chi-en (Ashley) Shen presented at the CONFidence cybersecurity conference held in Poland her analysis on new samples of malware associated with the ICEFOG group. ICEFOG-M is the latest variant, it is a fileless malware that supports the same features of the ICEFOG-P but leverages HTTPs for communications. Pierluigi Paganini.

Malware

Malware Government Advertising Banking

German authorities raid the offices of the FinFisher surveillance firm

Security Affairs

OCTOBER 14, 2020

Since 2011 it was employed in attacks aimed at Human Rights Defenders (HRDs) in many countries, including Bahrain, Ethiopia, UAE, and more. The new versions of FinSpy spyware were used by a new unknown hacking group, Amnesty International speculates the involvement of a nation-state actor that employed them since September 2019.

Surveillance

Surveillance Spyware Software Advertising

Google obtained a temporary court order against CryptBot distributors

Security Affairs

APRIL 28, 2023

to disrupt the operations of the CryptBot malware, which experts estimate infected approximately 670,000 computers this past year. Google targeted the distributors of the malware who are paid to spread and deliver the malicious code and infect a larger number of systems as possible. ” reads the announcement published by Google.

Malware

Malware Cybercrime Cryptocurrency Media

Law enforcement operation dismantled 911 S5 botnet

Security Affairs

MAY 30, 2024

Since 2011, Wang and his co-conspirators had been distributing malware through malicious VPN applications, including MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN, and ShineVPN. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, 911 S5 botnet)

VPN

VPN Cryptocurrency Malware Software

Iran-linked APT group Charming Kitten targets journalists, political and human rights activists

Security Affairs

FEBRUARY 7, 2020

Microsoft has been tracking the threat actors at least since 2013, but experts believe that the cyberespionage group has been active since at least 2011 targeting journalists and activists in the Middle East, as well as organizations in the United States, and entities in the U.K., Israel, Iraq, and Saudi Arabia. ” continues the report.”In

Phishing

Phishing Malware Advertising Media

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

XDSpy APT remained undetected since at least 2011

Trending Sources

The Link Between AWM Proxy & the Glupteba Botnet

Giving a Face to the Malware Proxy Service ‘Faceless’

Why is ‘Juice Jacking’ Suddenly Back in the News?

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

PyMICROPSIA Windows malware includes checks for Linux and macOS

Purple Lambert, a new malware of CIA-linked Lambert APT group

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

CIA Hacking unit APT-C-39 hit China since 2008

US Treasury imposes sanctions on a Russian research institute behind Triton malware

Former Russian Cybersecurity Chief Sentenced to 22 Years in Prison

Mariposa Botnet Author, Darkcode Crime Forum Admin Arrested in Germany

The Belgacom hack was the work of the UK GCHQ intelligence agency

Inside the Massive Naz.API Credential Stuffing List

US DoJ indicts four members of China-linked APT40 cyberespionage group

YTStealer info-stealing malware targets YouTube content creators

Russia-linked threat actors targets critical infrastructure, US authorities warn

From Cybercrime Saul Goodman to the Russian GRU

DePriMon downloader uses a never seen installation technique

Windows Defender identified Chromium, Electron apps as Hive Ransomware

Google disrupts the Glupteba botnet

Security Affairs newsletter Round 284

Silent Night Zeus botnet available for sale in underground forums

Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

US man sentenced to 4 years in prison for his role in Infraud scheme

Breach Exposes Users of Microleaves Proxy Service

The analysis of the code reuse revealed many links between North Korea malware

Will cryptocurrency mining soon saturate AWS, Microsoft Azure and Google Cloud?

Iran-linked Phosphorous APT hacked emails of security conference attendees

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Unknown FinSpy Mac and Linux versions found in Egypt

Happy 10th Birthday, Security Affairs

US indicted 4 Russian government employees for attacks on critical infrastructure

Alexander Vinnik, the popular cyber criminal goes on trial in Paris

US Treasury FinCEN linked $5.2 billion in BTC transactions to ransomware payments

Patch Tuesday, November 2019 Edition

Command injection flaw in PHP Composer allowed supply-chain attacks

Hunting the ICEFOG APT group after years of silence

German authorities raid the offices of the FinFisher surveillance firm

Google obtained a temporary court order against CryptBot distributors

Law enforcement operation dismantled 911 S5 botnet

Iran-linked APT group Charming Kitten targets journalists, political and human rights activists

Stay Connected