2012, Hacking and Malware - Cyber Security Informer

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. The proxy lookup page inside the malware-based anonymity service Faceless. Image: spur.us. as a media sharing device on a local network that was somehow exposed to the Internet.

Malware

Malware Passwords Accountability Advertising

The Olympics: a timeline of scams, hacks, and malware

Malwarebytes

JULY 28, 2021

And while actual, measurable cyberrattacks and hacks surrounding The Olympics did not truly get rolling until 2008 in Beijing, The Olympic games have traditionally been quite the target for malicious acts of all kinds, dating back years. It was also the first major Olympics event where organizers braced for hacking related impact.

Scams

Scams Hacking Malware Mobile

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Krebs on Security

FEBRUARY 9, 2023

Initially a stealthy trojan horse program delivered via email and used to steal passwords, Trickbot evolved into “a highly modular malware suite that provides the Trickbot Group with the ability to conduct a variety of illegal cyber activities, including ransomware attacks,” the Treasury Department said. .” The Forbes.ru

Hacking

Hacking Cybercrime Ransomware Government

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware. WHO IS MEGATRAFFER?

Malware

Malware Cybercrime Software Antivirus

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

Krebs on Security

SEPTEMBER 17, 2020

Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies. The government alleges the men used malware-laced phishing emails and “supply chain” attacks to steal data from companies and their customers. Image: FBI.

Antivirus

Antivirus Hacking Government Software

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Security Affairs

FEBRUARY 17, 2024

Ukrainian national Vyacheslav Igorevich Penchukov has pleaded guilty to his key roles in the Zeus and IcedID malware operations. Vyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected thousands of computers with malicious software.

Malware

Malware Cybercrime Banking Hacking

Pakistani man sentenced to 12 years of prison for his role in AT&T hacking scheme

Security Affairs

SEPTEMBER 19, 2021

A Pakistani national has been sentenced to 12 years of prison in the US for his role in a hacking scheme against the telecom giant AT&T. “Beginning in 2012, Fahd, 35, conspired with others to recruit AT&T employees at a call center located in Bothell, Washington, to unlock large numbers of cellular phones for profit.

Hacking

Hacking Malware Cybercrime Information Security

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

The Russian hacker Yevgeniy Nikulin found guilty for LinkedIn, Dropbox, and Formspring data breach back in 2012 and the sale of their users’ data. A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces.

Hacking

Hacking Cybercrime Data breaches Advertising

New Mustang Panda campaign targets Asia with a backdoor dubbed DOPLUGS

Security Affairs

FEBRUARY 21, 2024

Mustang Panda has been active since at least 2012, it targeted American and European entities such as government organizations, think tanks, NGOs , and even Catholic organizations at the Vatican. Upon opening the reports, the infection process starts leading to the deployment of malware on the victim’s system.

Malware

Malware Phishing Government Passwords

Alleged FruitFly malware creator ruled incompetent to stand trial

Malwarebytes

JANUARY 16, 2024

The university was notified by an undisclosed third party, who provided information to help the team find and identify the malware. Together, CWRU and the FBI were able to identify that an IP address with which the malware was communicating had also been used to access the alumni email account of a man called Phillip Durachinsky.

Malware

Malware Passwords Identity Theft Data collection

A critical flaw in industrial automation systems opens to remote hack

Security Affairs

NOVEMBER 29, 2020

Experts found a critical flaw in Real-Time Automation’s (RTA) 499ES EtherNet/IP stack that could allow hacking industrial control systems. Experts was that vendors may have bought vulnerable versions of this stack before the 2012 update and are still using it in their firmware. Tracked as CVE-2020-25159 , the flaw is rated 9.8

Hacking

Hacking Firmware Internet Internet

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

FBI spoofs 2012 – 2013. It surfaced in November 2012 and was making thousands of victims a day. Balaban This ransomware was doing the rounds over spam generated by the Gameover ZeuS botnet, which had been originally launched in 2011 as a toolkit for stealing victim’s banking credentials and was repurposed for malware propagation.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Russian author of NeverQuest banking malware gets 4 Years in U.S. Prison

Security Affairs

NOVEMBER 22, 2019

The Russian hacker who created and used Neverquest banking malware has finally been sentenced to 4 years in prison by a US District Court. The Russian hacker was suspected of being the author of the Neverquest malware , aka Vawtrak malware, and the person who administrated the control infrastructure. Pierluigi Paganini.

Banking

Banking Malware Advertising Passwords

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Security Affairs

SEPTEMBER 24, 2023

Stealth Falcon is a nation-state actor active since at least 2012, the group targeted political activists and journalists in the Middle East in past campaigns. The attacks have been conducted from 2012 until 2106, against Emirati journalists, activists, and dissidents. The malware also supports multiple evasion capabilities.

Spyware

Spyware Malware Architecture Encryption

Microsoft Issues Emergency Fix for IE Zero Day

Krebs on Security

DECEMBER 19, 2018

Satnam Narang , senior research engineer at Tenable , said the vulnerability affects the following installations of IE: Internet Explorer 11 from Windows 7 to Windows 10 as well as Windows Server 2012, 2016 and 2019; IE 9 on Windows Server 2008; and IE 10 on Windows Server 2012.

Internet

Internet Internet Engineering Software

Security Experts Tie Covert Wiper Tool to Iranian Railway Infrastructure Hacking Attempt

Hacker Combat

AUGUST 2, 2021

Security experts at SentinelOne have come across a previously unidentified data-scrubbing malware tool that was a portion of an uncontrollable malware attack against Iran’s railway infrastructure earlier this month. Juan Andres Guerrero is quoted saying, “This has the prints of an unknown hacker.”

Hacking

Hacking Malware

Chinese Tropic Trooper APT spreads a hacking tool laced with a backdoor

Security Affairs

JUNE 23, 2022

China-linked APT group Tropic Trooper has been spotted previously undocumented malware written in Nim language. SecurityAffairs – hacking, Tropic Trooper). The post Chinese Tropic Trooper APT spreads a hacking tool laced with a backdoor appeared first on Security Affairs. Pierluigi Paganini.

Hacking

Hacking Wireless Encryption Passwords

LimeRAT malware delivered using 8-year-old VelvetSweatshop trick

Security Affairs

APRIL 1, 2020

Researchers spotted a campaign using Excel files to spread LimeRAT malware using the 8-year-old and well-known VelvetSweatshop bug. Researchers at the Mimecast Threat Center spotted a new campaign using Excel files to spread LimeRAT malware using the 8-year-old VelvetSweatshop bug. SecurityAffairs – LimeRAT, malware).

Malware

Malware Passwords Encryption Advertising

Actions Target Russian Govt. Botnet, Hydra Dark Market

Krebs on Security

APRIL 7, 2022

The DOJ said it did not seek to disinfect compromised devices; instead, it obtained court orders to remove the Cyclops Blink malware from its “command and control” servers — the hidden machines that allowed the attackers to orchestrate the activities of the botnet. energy facilities. ” HYDRA. ” HYDRA. .

Marketing

Marketing Energy and Utilities Malware Ransomware

Who’s Behind the Botnet-Based Service BHProxies?

Krebs on Security

FEBRUARY 24, 2023

The Mylobot malware includes more than 1,000 hard-coded and encrypted domain names, any one of which can be registered and used as control networks for the infected hosts. BHProxies has authored 129 posts on Black Hat World since 2012, and their last post on the forum was in December 2022. The website BHProxies[.]com

Accountability

Accountability Advertising Marketing Malware

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Security Affairs

FEBRUARY 13, 2020

Microsoft is recommending administrators to disable the SMBv1 network communication protocol on Exchange servers to prevent malware attacks. Microsoft is urging administrators to disable the SMBv1 protocol on Exchange servers as a countermeasure against malware threats like TrickBot and Emotet. Get-WindowsFeature FS-SMB1).Installed

Authentication

Authentication Malware Advertising Hacking

Russian national Yevgeniy Aleksandrovich Nikulin sentenced to 88 months in prison

Security Affairs

SEPTEMBER 30, 2020

Russian national Yevgeniy Aleksandrovich Nikulin was sentenced to 88 months in prison for hacking LinkedIn, Dropbox, and Formspring in 2012. The Russian national Yevgeniy Aleksandrovich Nikulin was sentenced to 88 months in prison in the United States for hacking LinkedIn, Dropbox, and Formspring in 2012.

Identity Theft

Identity Theft Cybercrime Advertising Hacking

Colombian authorities arrested hacker behind the Gozi Virus

Security Affairs

JUNE 30, 2021

for his key role in the distribution of the Gozi virus that infected more than a million computers from 2007 to 2012. Paunescu was arrested in Romania in 2012, but was able to avoid extradition. SecurityAffairs – hacking, Gozi ). The Gozi banking Trojan is not a new threat, it was first spotted by security researchers in 2007.

Banking

Banking Malware Hacking Information Security

US indicted 4 Russian government employees for attacks on critical infrastructure

Security Affairs

MARCH 25, 2022

has indicted four Russian government employees for their role in cyberattacks targeting hundreds of companies and organizations in the energy sector worldwide between 2012 and 2018. “In total, these hacking campaigns targeted thousands of computers, at hundreds of companies and organizations, in approximately 135 countries.”

Government

Government Energy and Utilities Malware Hacking

A new Stantinko Bot masqueraded as httpd targeting Linux servers

Security Affairs

NOVEMBER 24, 2020

Researchers from Intezer have spotted a new variant of an adware and coin-miner botnet that is operated by Stantinko threat actors since 2012. Operators behind the botnet powered a massive adware campaign active since 2012, crooks mainly targeted users in Russia, Ukraine, Belarus, and Kazakhstan searching for pirated software. .”

Adware

Adware Malware Hacking Software

Hacking News Roundup: Even 'Fast Company' Isn't Safe

SecureWorld News

SEPTEMBER 30, 2022

The Yanluowang group is linked to "Evil Corp," the Lapsus$ gang (responsible for a recent Uber attack ), and FiveHands malware. APT28, or "Fancy Bear," is the threat group responsible for deploying the technique for delivering the Graphite malware. Here's one report of the incident. Google Play and Apple Store caught in adware scheme.

Adware

Adware Hacking Ransomware Retail

Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits

Security Affairs

JULY 8, 2021

According to the experts, the member “integra” has joined the cybercrime forum in September 2012 and has gained a high reputation over the course of time. The threat actor is also a member of another cybercrime forum since October 2012. . SecurityAffairs – hacking, cybercrime). ” states Cyble. ” concludes Cyble.

Cybercrime

Cybercrime Malware Hacking Information Security

Russia-linked actors may be behind an explosion at a liquefied natural gas plant in Texas

Security Affairs

JUNE 26, 2022

A Russian hacking group may be responsible for a cyber attack against a liquefied natural gas plant in Texas that led to its explosion on June 8. Department of Justice brought charges against four Russian nationals suspected of using TRITON malware in cyber attacks on behalf of the Russian government between 2012 and 2018.

Cyber Attacks

Cyber Attacks Hacking Malware Government

FireEye Mandiant M-Trends 2020 report: 500+ new Malware strains in 2019

Security Affairs

FEBRUARY 24, 2020

FireEye’s report revealed that the incident response division Mandiant observed more than 500 new malware families in 2019. million malware samples per day in 2019 and identified 1,268 malware families. The most worrisome figure is related to the number of previously unseen malware families which is greater than 500 (41%).

Malware

Malware Cyber threats Telecommunications Advertising

Law enforcement seized the website selling the NetWire RAT and arrested a Croatian man

Security Affairs

MARCH 10, 2023

The NetWire Remote Access Trojan (RAT) is available for sale on cybercrime forums since 2012, it allows operators to steal sensitive data from the infected systems. DomainTools further shows this email address was used to register one other domain in 2012: wwlabshosting[.]com, ” reads the press release published DoJ.

Malware

Malware Cybercrime Data breaches Internet

Lockbit ransomware gang claims to have breached the Italian Revenue Agency

Security Affairs

JULY 25, 2022

The ransomware gang Lockbit claims to have hacked the Italian Revenue Agency (Agenzia delle Entrate) and added the government agency to the list of victims reported on its dark web leak site. “From 1 December 2012 the Revenue Agency incorporated the Territory Agency (article 23-quater of Legislative Decree 95/2012).”

Ransomware

Ransomware Government Scams Hacking

Chinese APT IronHusky use Win zero-day in recent wave of attacks

Security Affairs

OCTOBER 13, 2021

A Chinese-speaking hacking group exploited a Windows zero-day vulnerability in a wave of attacks on defense and IT businesses. A Chinese-speaking hacking group exploited a zero-day vulnerability in the Windows Win32k kernel driver to deploy a new remote access trojan (RAT), tracked as MysterySnail. SecurityAffairs – hacking, Windows).

Hacking

Hacking Malware Government Technology

Vietnam-linked Ocean Lotus hacked BMW and Hyundai networks

Security Affairs

DECEMBER 7, 2019

” The APT32 group, also known as OceanLotus Group, has been active since at least 2012 targeting organizations across multiple industries and foreign governments, dissidents, and journalists. The post Vietnam-linked Ocean Lotus hacked BMW and Hyundai networks appeared first on Security Affairs. Pierluigi Paganini.

Hacking

Hacking Manufacturing Advertising Media

Hackers planting cyber crime evidence onto devices of innocent computer users

CyberSecurity Insiders

FEBRUARY 13, 2022

A report published by Sentinel One states that a hacking group named “Modified Elephant” was seen carrying out such criminal activities since 2012 and has started the game of planting criminal evidence on devices of innocent online users. Then how to keep such cyber crimes at bay?

Surveillance

Surveillance Passwords Malware Hacking

Don’t trust links with known domains: BMW affected by redirect vulnerability

Security Affairs

JANUARY 3, 2024

They were used to access the internal workplace systems for BMW dealers and could have been useful to attackers for spear-phishing campaigns or malware distribution. Attackers exploit this vulnerability in the wild to steal sensitive information, such as login credentials, or to spread malware to unsuspecting users.

Phishing

Phishing Manufacturing Firewall Cybercrime

Technical analysis of China-linked Earth Preta APT’s infection chain

Security Affairs

MARCH 27, 2023

Earth Preta, also known as “RedDelta” or “Bronze President,” has been active since at least 2012, it targeted American and European entities such as government organizations, think tanks, NGOs , and even Catholic organizations at the Vatican. The report details the execution flow for each of the above malware.

Malware

Malware Phishing Passwords Government

Microsoft Out-of-Band security patch fixes Windows privilege escalation flaws

Security Affairs

AUGUST 20, 2020

and Windows Server 2012 R2 systems. and Windows Server 2012 R2 systems that address two privilege escalation vulnerabilities in Windows Remote Access. and Windows Server 2012 R2. and Windows Server 2012 R2,” reads Microsoft’s advisory. SecurityAffairs – hacking, privilege escalation). Pierluigi Paganini.

Advertising

Advertising Hacking Information Security Malware

North Korea ScarCruft APT used previously undetected Dolphin Backdoor against South Korea

Security Affairs

DECEMBER 1, 2022

ScarCruft has been active since at least 2012, it made the headlines in early February 2018 when researchers revealed that the APT group leveraged a zero-day vulnerability in Adobe Flash Player to deliver malware to South Korean users. SecurityAffairs – hacking, Dolphin backdoor). ” reads the post published by ESET. .

Accountability

Accountability Malware Cyber Attacks Media

SideWinder carried out over 1,000 attacks since April 2020

Security Affairs

MAY 31, 2022

SideWinder has been active since at least 2012, the group main targeted Police, Military, Maritime, and the Naval forces of Central Asian countries. SecurityAffairs – hacking, SideWinder). The experts observed some newly registered domains that were likely used to expand the list of targets in other countries. ” states Kaspersky.

Encryption

Encryption Malware Phishing Hacking

US deported NeverQuest operator Stanislav Vitaliyevich Lisov to Russia

Security Affairs

JUNE 21, 2020

The United States has deported the author of NeverQuest banking malware, the computer programmer Stanislav Vitaliyevich Lisov to Russia. . The Russian hacker was suspected of being the author of the Neverquest malware , aka Vawtrak malware, and the person who administrated the control infrastructure. Pierluigi Paganini.

Banking

Banking Malware Advertising Hacking

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

The Last Watchdog

FEBRUARY 3, 2020

Samide and other experts say what’s coming next is very likely to be a series of varied attacks as combatants on all sides leverage footholds gained from ongoing intelligence gathering and malware planting. It’s notable that hacks to gain access to, and maintain control of, industrial control systems are a recurring theme in cyber warfare.

Energy and Utilities

Energy and Utilities Malware Hacking Passwords

Threat actors are offering for sale 550 million stolen user records

Security Affairs

MAY 15, 2020

Data appears to come from past data breaches, the oldest one dates back as 2012 while the latest one dates April 2020. cyber #cybersecurity @BleepinComputer #malware pic.twitter.com/CtnppIyhxn — Cyble (@AuCyble) May 14, 2020. million April 2018 Netlog.com (Twoo.com) 57 million November 2012 Dubsmash.com Phone numbers 47.1

Data breaches

Data breaches Advertising Passwords Hacking

Facebook links cyberespionage group APT32 to Vietnamese IT firm

Security Affairs

DECEMBER 11, 2020

Facebook has suspended some accounts linked to APT32 that were involved in cyber espionage campaigns to spread malware. Facebook has suspended several accounts linked to the APT32 cyberespionage that abused the platform to spread malware. SecurityAffairs – hacking, Facebook). ” concludes the report.”To

Retail

Retail Malware Mobile Accountability

North Korea-linked ScarCruft APT uses large LNK files in infection chains

Security Affairs

MAY 2, 2023

North Korea-linked ScarCruft APT group started using oversized LNK files to deliver the RokRAT malware starting in early July 2022. The infection chain used by the threat actors relies on large LNK files running PowerShell, leading to the execution of the previously undetected malware. ” concludes the report.

Malware

Malware Education Media Phishing

Giving a Face to the Malware Proxy Service ‘Faceless’

The Olympics: a timeline of scams, hacks, and malware

Trending Sources

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Pakistani man sentenced to 12 years of prison for his role in AT&T hacking scheme

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

New Mustang Panda campaign targets Asia with a backdoor dubbed DOPLUGS

Alleged FruitFly malware creator ruled incompetent to stand trial

A critical flaw in industrial automation systems opens to remote hack

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Russian author of NeverQuest banking malware gets 4 Years in U.S. Prison

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Microsoft Issues Emergency Fix for IE Zero Day

Security Experts Tie Covert Wiper Tool to Iranian Railway Infrastructure Hacking Attempt

Chinese Tropic Trooper APT spreads a hacking tool laced with a backdoor

LimeRAT malware delivered using 8-year-old VelvetSweatshop trick

Actions Target Russian Govt. Botnet, Hydra Dark Market

Who’s Behind the Botnet-Based Service BHProxies?

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Russian national Yevgeniy Aleksandrovich Nikulin sentenced to 88 months in prison

Colombian authorities arrested hacker behind the Gozi Virus

US indicted 4 Russian government employees for attacks on critical infrastructure

A new Stantinko Bot masqueraded as httpd targeting Linux servers

Hacking News Roundup: Even 'Fast Company' Isn't Safe

Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits

Russia-linked actors may be behind an explosion at a liquefied natural gas plant in Texas

FireEye Mandiant M-Trends 2020 report: 500+ new Malware strains in 2019

Law enforcement seized the website selling the NetWire RAT and arrested a Croatian man

Lockbit ransomware gang claims to have breached the Italian Revenue Agency

Chinese APT IronHusky use Win zero-day in recent wave of attacks

Vietnam-linked Ocean Lotus hacked BMW and Hyundai networks

Hackers planting cyber crime evidence onto devices of innocent computer users

Don’t trust links with known domains: BMW affected by redirect vulnerability

Technical analysis of China-linked Earth Preta APT’s infection chain

Microsoft Out-of-Band security patch fixes Windows privilege escalation flaws

North Korea ScarCruft APT used previously undetected Dolphin Backdoor against South Korea

SideWinder carried out over 1,000 attacks since April 2020

US deported NeverQuest operator Stanislav Vitaliyevich Lisov to Russia

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

Threat actors are offering for sale 550 million stolen user records

Facebook links cyberespionage group APT32 to Vietnamese IT firm

North Korea-linked ScarCruft APT uses large LNK files in infection chains

Stay Connected