2012, Information Security and Malware - Cyber Security Informer

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Security Affairs

FEBRUARY 17, 2024

Ukrainian national Vyacheslav Igorevich Penchukov has pleaded guilty to his key roles in the Zeus and IcedID malware operations. Vyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected thousands of computers with malicious software.

Malware

Malware Cybercrime Banking Hacking

Alleged FruitFly malware creator ruled incompetent to stand trial

Malwarebytes

JANUARY 16, 2024

The university was notified by an undisclosed third party, who provided information to help the team find and identify the malware. Together, CWRU and the FBI were able to identify that an IP address with which the malware was communicating had also been used to access the alumni email account of a man called Phillip Durachinsky.

Malware

Malware Passwords Identity Theft Data collection

New Mustang Panda campaign targets Asia with a backdoor dubbed DOPLUGS

Security Affairs

FEBRUARY 21, 2024

Mustang Panda has been active since at least 2012, it targeted American and European entities such as government organizations, think tanks, NGOs , and even Catholic organizations at the Vatican. Upon opening the reports, the infection process starts leading to the deployment of malware on the victim’s system.

Malware

Malware Phishing Government Passwords

LimeRAT malware delivered using 8-year-old VelvetSweatshop trick

Security Affairs

APRIL 1, 2020

Researchers spotted a campaign using Excel files to spread LimeRAT malware using the 8-year-old and well-known VelvetSweatshop bug. Researchers at the Mimecast Threat Center spotted a new campaign using Excel files to spread LimeRAT malware using the 8-year-old VelvetSweatshop bug. SecurityAffairs – LimeRAT, malware).

Malware

Malware Passwords Encryption Advertising

Russian author of NeverQuest banking malware gets 4 Years in U.S. Prison

Security Affairs

NOVEMBER 22, 2019

The Russian hacker who created and used Neverquest banking malware has finally been sentenced to 4 years in prison by a US District Court. The Russian hacker was suspected of being the author of the Neverquest malware , aka Vawtrak malware, and the person who administrated the control infrastructure. Pierluigi Paganini.

Banking

Banking Malware Advertising Passwords

School Gives Malware Infected Laptops to Students

SecureWorld News

JANUARY 23, 2021

Unfortunately, a number of the laptops sent out were discovered to have malware. English students' laptops infected with malware. BBC News has reported that upon delivery of the laptops to students, teachers began sharing information on an online forum about suspicious files found on laptops that went to Bradford school students.

Malware

Malware Education Spyware Government

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Security Affairs

SEPTEMBER 24, 2023

Stealth Falcon is a nation-state actor active since at least 2012, the group targeted political activists and journalists in the Middle East in past campaigns. The attacks have been conducted from 2012 until 2106, against Emirati journalists, activists, and dissidents. The malware also supports multiple evasion capabilities.

Spyware

Spyware Malware Architecture Encryption

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Security Affairs

FEBRUARY 13, 2020

Microsoft is recommending administrators to disable the SMBv1 network communication protocol on Exchange servers to prevent malware attacks. Microsoft is urging administrators to disable the SMBv1 protocol on Exchange servers as a countermeasure against malware threats like TrickBot and Emotet. Get-WindowsFeature FS-SMB1).Installed

Authentication

Authentication Malware Advertising Hacking

A new Stantinko Bot masqueraded as httpd targeting Linux servers

Security Affairs

NOVEMBER 24, 2020

Researchers from Intezer have spotted a new variant of an adware and coin-miner botnet that is operated by Stantinko threat actors since 2012. Operators behind the botnet powered a massive adware campaign active since 2012, crooks mainly targeted users in Russia, Ukraine, Belarus, and Kazakhstan searching for pirated software. .”

Adware

Adware Malware Hacking Software

Colombian authorities arrested hacker behind the Gozi Virus

Security Affairs

JUNE 30, 2021

for his key role in the distribution of the Gozi virus that infected more than a million computers from 2007 to 2012. Paunescu was arrested in Romania in 2012, but was able to avoid extradition. The Gozi banking Trojan is not a new threat, it was first spotted by security researchers in 2007.

Banking

Banking Malware Hacking Information Security

Don’t trust links with known domains: BMW affected by redirect vulnerability

Security Affairs

JANUARY 3, 2024

They were used to access the internal workplace systems for BMW dealers and could have been useful to attackers for spear-phishing campaigns or malware distribution. SAP redirect vulnerability is a security issue that affects web application servers for SAP products (SAP NetWeaver Application Server Java).

Phishing

Phishing Manufacturing Firewall Cybercrime

FireEye Mandiant M-Trends 2020 report: 500+ new Malware strains in 2019

Security Affairs

FEBRUARY 24, 2020

FireEye’s report revealed that the incident response division Mandiant observed more than 500 new malware families in 2019. million malware samples per day in 2019 and identified 1,268 malware families. The most worrisome figure is related to the number of previously unseen malware families which is greater than 500 (41%).

Malware

Malware Cyber threats Telecommunications Advertising

US indicted 4 Russian government employees for attacks on critical infrastructure

Security Affairs

MARCH 25, 2022

has indicted four Russian government employees for their role in cyberattacks targeting hundreds of companies and organizations in the energy sector worldwide between 2012 and 2018. The conspirators designed the Triton malware to prevent the refinery’s safety systems from functioning (i.e., ” continues the DoJ.

Government

Government Energy and Utilities Malware Hacking

Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits

Security Affairs

JULY 8, 2021

According to the experts, the member “integra” has joined the cybercrime forum in September 2012 and has gained a high reputation over the course of time. The threat actor is also a member of another cybercrime forum since October 2012. . “The TA is willing to buy the following things with the deposited money.”

Cybercrime

Cybercrime Malware Hacking Information Security

Law enforcement seized the website selling the NetWire RAT and arrested a Croatian man

Security Affairs

MARCH 10, 2023

The NetWire Remote Access Trojan (RAT) is available for sale on cybercrime forums since 2012, it allows operators to steal sensitive data from the infected systems. DomainTools further shows this email address was used to register one other domain in 2012: wwlabshosting[.]com, ” reads the press release published DoJ.

Malware

Malware Cybercrime Data breaches Internet

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

The Russian hacker Yevgeniy Nikulin found guilty for LinkedIn, Dropbox, and Formspring data breach back in 2012 and the sale of their users’ data. A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces.

Hacking

Hacking Cybercrime Data breaches Advertising

Pakistani man sentenced to 12 years of prison for his role in AT&T hacking scheme

Security Affairs

SEPTEMBER 19, 2021

Fahd was the mind behind a criminal scheme that begun in 2012 and that caused more than $200 million in losses to the company, according to DoJ, he continued his activity even after he became aware that law enforcement was investigating. SecurityAffairs – hacking, malware). ” reads the press release published by DoJ.

Hacking

Hacking Malware Cybercrime Information Security

Technical analysis of China-linked Earth Preta APT’s infection chain

Security Affairs

MARCH 27, 2023

Trend Micro researchers reported that the China-linked Earth Preta group (aka Mustang Panda ) is actively changing its tools, tactics, and procedures (TTPs) to bypass security solutions. Upon opening the reports, the infection process starts leading to the deployment of malware on the victim’s system.

Malware

Malware Phishing Passwords Government

Japan Suffered Record Number of Privacy and Security Violations in 2020

Hot for Security

FEBRUARY 23, 2021

88 publicly traded companies in Japan compromised personal information last year, either because of a malware infection or misconfigured access protocols. Credit reporting agency Tokyo Shoko Research (TSR), which compiled the data, says the number is the highest since it began collecting it in 2012, reported the Japan Times.

Accountability

Accountability Information Security Malware Data breaches

Microsoft Out-of-Band security patch fixes Windows privilege escalation flaws

Security Affairs

AUGUST 20, 2020

Microsoft released an Out-of-Band security update to address privilege escalation flaws in Windows 8.1 and Windows Server 2012 R2 systems. Microsoft released this week an out-of-band security update for Windows 8.1 and Windows Server 2012 R2 systems that address two privilege escalation vulnerabilities in Windows Remote Access.

Advertising

Advertising Hacking Information Security Malware

Lockbit ransomware gang claims to have breached the Italian Revenue Agency

Security Affairs

JULY 25, 2022

“From 1 December 2012 the Revenue Agency incorporated the Territory Agency (article 23-quater of Legislative Decree 95/2012).” The introduction of the bug bounty program made the headlines, it is the first ransomware gang asking cyber security experts to submit bugs in their malware to improve it.

Ransomware

Ransomware Government Scams Hacking

SideWinder carried out over 1,000 attacks since April 2020

Security Affairs

MAY 31, 2022

SideWinder has been active since at least 2012, the group main targeted Police, Military, Maritime, and the Naval forces of Central Asian countries. The group stands out for the high frequency and persistence of its attacks, researchers believe that the APT group has carried out over 1,000 attacks since April 2020. ” states Kaspersky.

Encryption

Encryption Malware Phishing Hacking

Russia-linked actors may be behind an explosion at a liquefied natural gas plant in Texas

Security Affairs

JUNE 26, 2022

ICS malware like TRITON , which experts associated with Russia-linked APT group XENOTIME , has offensive capabilities to shut down industrial safety controls and cause extensive damages to industrial facilities. Experts speculate a cyber attack may have turned off the industrial safety controls at the natural gas facility.

Cyber Attacks

Cyber Attacks Hacking Malware Government

North Korea ScarCruft APT used previously undetected Dolphin Backdoor against South Korea

Security Affairs

DECEMBER 1, 2022

ScarCruft has been active since at least 2012, it made the headlines in early February 2018 when researchers revealed that the APT group leveraged a zero-day vulnerability in Adobe Flash Player to deliver malware to South Korean users. Kaspersky first documented the operations of the group in 2016.

Accountability

Accountability Malware Cyber Attacks Media

Threat actors are offering for sale 550 million stolen user records

Security Affairs

MAY 15, 2020

Data appears to come from past data breaches, the oldest one dates back as 2012 while the latest one dates April 2020. cyber #cybersecurity @BleepinComputer #malware pic.twitter.com/CtnppIyhxn — Cyble (@AuCyble) May 14, 2020. million April 2018 Netlog.com (Twoo.com) 57 million November 2012 Dubsmash.com Phone numbers 47.1

Data breaches

Data breaches Advertising Passwords Hacking

Chinese APT IronHusky use Win zero-day in recent wave of attacks

Security Affairs

OCTOBER 13, 2021

Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 10 (build 14393) Microsoft Windows Server 2016 (build 14393) Microsoft Windows 10 (build 17763) Microsoft Windows Server 2019 (build 17763). ” concludes Kaspersky.

Hacking

Hacking Malware Government Technology

North Korea-linked ScarCruft APT uses large LNK files in infection chains

Security Affairs

MAY 2, 2023

North Korea-linked ScarCruft APT group started using oversized LNK files to deliver the RokRAT malware starting in early July 2022. The infection chain used by the threat actors relies on large LNK files running PowerShell, leading to the execution of the previously undetected malware. ” concludes the report.

Malware

Malware Education Media Phishing

Facebook links cyberespionage group APT32 to Vietnamese IT firm

Security Affairs

DECEMBER 11, 2020

Facebook has suspended some accounts linked to APT32 that were involved in cyber espionage campaigns to spread malware. Facebook has suspended several accounts linked to the APT32 cyberespionage that abused the platform to spread malware. APT32 also carried out watering hole attacks through compromised websites or their own sites.

Retail

Retail Malware Mobile Accountability

US deported NeverQuest operator Stanislav Vitaliyevich Lisov to Russia

Security Affairs

JUNE 21, 2020

The United States has deported the author of NeverQuest banking malware, the computer programmer Stanislav Vitaliyevich Lisov to Russia. . The Russian hacker was suspected of being the author of the Neverquest malware , aka Vawtrak malware, and the person who administrated the control infrastructure. Pierluigi Paganini.

Banking

Banking Malware Advertising Hacking

Chinese threat actor Scarab targets Ukraine, CERT-UA warns

Security Affairs

MARCH 25, 2022

Scarab APT was first spotted in 2015, but experts believe it has been active since at least 2012, conducting surgical attacks against a small number of individuals across the world, including Russia and the United States. The attacker spread their malware through phishing messages using weaponized documents that deploy the HeaderTip malware.

Malware

Malware Phishing Hacking Information Security

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

FBI spoofs 2012 – 2013. It surfaced in November 2012 and was making thousands of victims a day. Balaban This ransomware was doing the rounds over spam generated by the Gameover ZeuS botnet, which had been originally launched in 2011 as a toolkit for stealing victim’s banking credentials and was repurposed for malware propagation.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Mirai V3G4 botnet exploits 13 flaws to target IoT devices

Security Affairs

FEBRUARY 16, 2023

Below is the list of vulnerabilities exploited by V3G4: CVE-2012-4869 : FreePBX Elastix Remote Command Execution Vulnerability Gitorious Remote Command Execution Vulnerability CVE-2014-9727 : FRITZ!Box Upon execution, the bot prints xXxSlicexXxxVEGA. to the console. If a botnet process already exists, the botnet client will and exit.

IoT

IoT DDOS Encryption Malware

A critical flaw in industrial automation systems opens to remote hack

Security Affairs

NOVEMBER 29, 2020

out of 10 in severity by the industry-standard Common Vulnerability Scoring System (CVSS) and impacts all versions of EtherNet/IP Adapter Source Code Stack prior to 2.28, which was released on November 21, 2012. Tracked as CVE-2020-25159 , the flaw is rated 9.8

Hacking

Hacking Firmware Internet Internet

Belarusian authorities seized XakFor, one of the largest Russian-speaking hacker sites

Security Affairs

SEPTEMBER 8, 2019

net), a popular hacking forum a place frequented by hackers, malware authors, scammers and cybercriminals. XakFor has been active since 2012, most of its visitors were Russian-speaking hackers and crooks. Not all the malware were authentic, some of them were cracked versions, while other s were backdoored. Pierluigi Paganini.

Advertising

Advertising Malware Cybercrime Hacking

A new variant of Asruex Trojan exploits very old Office, Adobe flaws

Security Affairs

AUGUST 23, 2019

Malware researchers at Trend Micro discovered a new variant of the Asruex Trojan that exploits old Microsoft Office and Adobe vulnerabilities to infect Windows and Mac systems. CVE-2012-0158 is a critical remote code execution (RCE) vulnerability that affected Microsoft Office. . SecurityAffairs – Asruex Trojan, malware).

Malware

Malware Spyware Advertising Encryption

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Security Affairs

APRIL 6, 2023

Google experts are tracking ARCHIPELAGO since 2012 and have observed the group targeting individuals with expertise in North Korea policy issues. The threat actor employed malware like BabyShark that were hosted on Google Drive in the form of blank files or ISO image files.

Phishing

Phishing Media Passwords Malware

Microsoft disrupted US-Based Infrastructure of the Necurs botnet

Security Affairs

MARCH 10, 2020

Necurs botnet is one of the largest spam botnet , it has been active since at least 2012 and was involved in massive campaigns spreading malware such as the Locky ransomware , the Scarab ransomware , and the Dridex banking Trojan. SecurityAffairs – malware, Necurs botnet). million spam messages to more than 40.6

Advertising

Advertising Malware Cybercrime Government

DNA testing company fined after customer data theft

Malwarebytes

FEBRUARY 22, 2023

The company will pay a total fine of $400,000 for Ohio and Pennsylvania—and has promised to tighten its information security. Court documents didn't reveal why DDC didn't act on the alerts, but three months after, the same MSP notified DDC again, this time about Cobalt Strike malware activity in its network.

Penetration Testing

Penetration Testing InfoSec Accountability Authentication

Cybercriminals are Oversharing with Social Media Data Breaches

SiteLock

AUGUST 27, 2021

In 2012, LinkedIn was hit with a breach and more than 6.5 Peace, the same Russian hacker responsible for the Myspace data breach, put the stolen LinkedIn data from 2012 up for sale on the dark web. Instead, it’s believed that hackers used malware to collect the information by combining data from other recent breaches.

Data breaches

Data breaches Media Passwords Accountability

Stealth Falcon’s undocumented backdoor uses Windows BITS to exfiltrate data

Security Affairs

SEPTEMBER 9, 2019

ESET researchers discovered a new malware associated with the Stealth Falcon APT group that abuses the Windows BITS service to stealthy exfiltrate data. Security researchers from discovered a new malware associated with the Stealth Falcon cyber espionage group that abuses the Windows BITS service to stealthy exfiltrate data.

Malware

Malware Advertising System Administration Spyware

Experts uncovered a new wave of attacks conducted by Mustang Panda

Security Affairs

MAY 9, 2022

MustangPanda, also known as “RedDelta” or “Bronze President,” has been active since at least 2012, it targeted American and European entities such as government organizations, think tanks, NGOs , and even Catholic organizations at the Vatican. ” reads the report published by Cisco Talos.

Government

Government Malware Phishing Hacking

Security Affairs newsletter Round 355

Security Affairs

FEBRUARY 28, 2022

Researchers shared technical details of NSA Equation Group’s Bvp47 backdoor Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp? worth of NFTs from tens of OpenSea users Trickbot operation is now controlled by Conti ransomware.

Ransomware

Ransomware Malware Encryption Phishing

Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs

Security Affairs

APRIL 28, 2021

Legitimate software abused by threat actors are: • ARO 2012 Tutorial 8.0.12.0 • VirusScan On-Demand Scan Task Properties (McAfee, Inc.) • Sandboxie COM Services (BITS) 3.55.06 (SANDBOXIE L.T.D) • Outlook Item Finder 11.0.5510 (Microsoft Corporation) • Mobile Popup Application 16.00 (Quick Heal Technologies (P) Ltd.). .”

Backups

Backups Malware Mobile Passwords

British Court rejects the US’s request to extradite Julian Assange

Security Affairs

JANUARY 4, 2021

In 2012 a British judge ruled WikiLeaks founder Julian Assange should be extradited to Sweden to face allegations of sexual assault there, but Assange received political asylum from Ecuador and spent the last years in its London embassy.

Government

Government Risk Passwords Hacking

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Alleged FruitFly malware creator ruled incompetent to stand trial

Trending Sources

New Mustang Panda campaign targets Asia with a backdoor dubbed DOPLUGS

LimeRAT malware delivered using 8-year-old VelvetSweatshop trick

Russian author of NeverQuest banking malware gets 4 Years in U.S. Prison

School Gives Malware Infected Laptops to Students

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Microsoft recommends Exchange admins to disable the SMBv1 protocol

A new Stantinko Bot masqueraded as httpd targeting Linux servers

Colombian authorities arrested hacker behind the Gozi Virus

Don’t trust links with known domains: BMW affected by redirect vulnerability

FireEye Mandiant M-Trends 2020 report: 500+ new Malware strains in 2019

US indicted 4 Russian government employees for attacks on critical infrastructure

Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits

Law enforcement seized the website selling the NetWire RAT and arrested a Croatian man

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Pakistani man sentenced to 12 years of prison for his role in AT&T hacking scheme

Technical analysis of China-linked Earth Preta APT’s infection chain

Japan Suffered Record Number of Privacy and Security Violations in 2020

Microsoft Out-of-Band security patch fixes Windows privilege escalation flaws

Lockbit ransomware gang claims to have breached the Italian Revenue Agency

SideWinder carried out over 1,000 attacks since April 2020

Russia-linked actors may be behind an explosion at a liquefied natural gas plant in Texas

North Korea ScarCruft APT used previously undetected Dolphin Backdoor against South Korea

Threat actors are offering for sale 550 million stolen user records

Chinese APT IronHusky use Win zero-day in recent wave of attacks

North Korea-linked ScarCruft APT uses large LNK files in infection chains

Facebook links cyberespionage group APT32 to Vietnamese IT firm

US deported NeverQuest operator Stanislav Vitaliyevich Lisov to Russia

Chinese threat actor Scarab targets Ukraine, CERT-UA warns

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Mirai V3G4 botnet exploits 13 flaws to target IoT devices

A critical flaw in industrial automation systems opens to remote hack

Belarusian authorities seized XakFor, one of the largest Russian-speaking hacker sites

A new variant of Asruex Trojan exploits very old Office, Adobe flaws

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Microsoft disrupted US-Based Infrastructure of the Necurs botnet

DNA testing company fined after customer data theft

Cybercriminals are Oversharing with Social Media Data Breaches

Stealth Falcon’s undocumented backdoor uses Windows BITS to exfiltrate data

Experts uncovered a new wave of attacks conducted by Mustang Panda

Security Affairs newsletter Round 355

Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs

British Court rejects the US’s request to extradite Julian Assange

Stay Connected