2013, Hacking, Information Security and Malware

New ZLoader malware campaign hit more than 2000 victims across 111 countries

Security Affairs

JANUARY 10, 2022

A malware campaign spreads ZLoader malware by exploiting a Windows vulnerability that was fixed in 2013 but in 2014 Microsoft revised the fix. Experts from Check Point Research uncovered a new ZLoader malware campaign in early November 2021. SecurityAffairs – hacking, Zloader). Zeus OpenSSL). Pierluigi Paganini.

Malware

Malware Banking Software Cybercrime

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The epidemic went truly mainstream with the release of CryptoLocker back in 2013, and it has since transformed into a major dark web economy spawning the likes of Sodinokibi, Ryuk, and Maze lineages that are targeting the enterprise on a huge scale in 2020. FBI spoofs 2012 – 2013. File encryption 2013 – 2015.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

last week said they dismantled the “ RSOCKS ” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. Authorities in the United States, Germany, the Netherlands and the U.K.

Advertising

Advertising Cybercrime System Administration Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Pakistani man sentenced to 12 years of prison for his role in AT&T hacking scheme

Security Affairs

SEPTEMBER 19, 2021

A Pakistani national has been sentenced to 12 years of prison in the US for his role in a hacking scheme against the telecom giant AT&T. “Later in the conspiracy, Fahd had the bribed employees install custom malware and hacking tools that allowed him to unlock phones remotely from Pakistan. ” Pierluigi Paganini.

Hacking

Hacking Malware Cybercrime Information Security

North Korea-Linked APT Group Kimsuky spotted using new malware

Security Affairs

NOVEMBER 2, 2020

North Korea-linked APT group Kimsuky was recently spotted using a new piece of malware in attacks on government agencies and human rights activists. At the end of October, the US-CERT published a report on Kimusky’s recent activities that provided information of their TTPs and infrastructure.

Malware

Malware Spyware Advertising Government

North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software

Security Affairs

NOVEMBER 23, 2023

The attackers used a malware-laced version of a legitimate CyberLink application installer that was signed using a valid certificate issued to CyberLink Corp. Microsoft has yet to identify “hands-on-keyboard activity” carried out by the attackers after the compromise via this malware.

Software

Software Malware Media Internet

North Korea-linked malware ATMDtrack infected ATMs in India

Security Affairs

SEPTEMBER 23, 2019

Kaspersky experts spotted a new piece of ATM malware, dubbed ATMDtrack, that was developed and used by North Korea-linked hackers. Kaspersky researchers discovered a new piece of ATM malware, tracked as ATMDtrack, that was developed and used by North Korea-linked hackers. SecurityAffairs – APT, hacking). Pierluigi Paganini.

Malware

Malware Banking Advertising Encryption

3 of the Worst Data Breaches in the World That Could Have Been Prevented

Security Affairs

DECEMBER 1, 2022

In 2013, Yahoo suffered one of the worst data breaches in history, exposing over 3 billion user accounts. While no plaintext passwords or financial data was stolen, the hack did expose answers to security questions. Weak passwords are the easiest way hackers can hack into a system. Pierluigi Paganini.

Data breaches

Data breaches Passwords Social Engineering Encryption

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Krebs on Security

SEPTEMBER 24, 2022

Denis Emelyantsev , as the apparent owner of RSOCKS, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. “Thanks to you, we are now developing in the field of information security and anonymity!

Cybercrime

Cybercrime Data breaches Malware Ransomware

PoC Released for Critical CVE-2020-1147 flaw, SharePoint servers exposed to hack

Security Affairs

JULY 23, 2020

depending on the Windows version), SharePoint Enterprise Server 2013 Service Pack 1, SharePoint Enterprise Server 2016 , SharePoint Server 2010 Service Pack 2, SharePoint Server 2019, Visual Studio 2017 version 15.9, SecurityAffairs – hacking, CVE-2020-1147). The CVE-2020-1147 vulnerability impacts.NET Core 2.1,NET NET Framework 2.0

Hacking

Hacking Advertising Software Information Security

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Security Affairs

FEBRUARY 13, 2020

Microsoft is recommending administrators to disable the SMBv1 network communication protocol on Exchange servers to prevent malware attacks. Microsoft is urging administrators to disable the SMBv1 protocol on Exchange servers as a countermeasure against malware threats like TrickBot and Emotet. ” continues Microsoft.

Authentication

Authentication Malware Advertising Hacking

CERT-UA warns of an ongoing SmokeLoader campaign

Security Affairs

MAY 8, 2023

Ukraine’s CERT-UA warns of an ongoing phishing campaign aimed at distributing the SmokeLoader malware in the form of a polyglot file. CERT-UA warns of an ongoing phishing campaign that is distributing the SmokeLoader malware in the form of a polyglot file. ” reads the alert published by Ukraine’s CERT.

Malware

Malware Phishing VPN Accountability

Gamaredon group uses a new Outlook tool to spread malware

Security Affairs

JUNE 12, 2020

The group was first discovered by Symantec and TrendMicro in 2015 but evidence of its activities has been dated back to 2013. “We have seen this module implemented in two different languages: C# and VBScript” The arsenal of the group includes also multiple malware, most of them downloaders and backdoors. Pierluigi Paganini.

Malware

Malware Phishing Advertising Government

Ticketmaster will pay $10 Million fine over hacking a competitor

Security Affairs

JANUARY 2, 2021

Ticketmaster agreed to pay a $10 million fine for hacking into the computer system of the startup rival CrowdSurge. The intrusions into the competitor’s systems took place repeatedly between 2013 and 2015. The intrusions into the competitor’s systems took place repeatedly between 2013 and 2015. Pierluigi Paganini.

Hacking

Hacking Passwords Accountability Cybercrime

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

At the time of this writing, no ransomware group has claimed responsibility for the security breach. CDHE provides free access to the identify theft monitoring Experian IdentityWorks SM for 24 months.

Education

Education Data breaches Ransomware Hacking

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Beta, D6220, D6400, D7000 CVE-2018-10561, CVE-2018-10562 GPON home routers CVE-2013-3307 Linksys X3000 1.0.03 d26m CVE-2013-5223 D-Link DSL-2760U Gateway CVE-2020-8958 Guangzhou 1GE ONU V2801RW 1.9.1-181203 “To deliver its exploit, the malware first queries the target with a simple “GET” request. A2pvI042j1.d26m

IoT

IoT Firmware Malware Wireless

Attor malware was developed by one of the most sophisticated espionage groups

Security Affairs

OCTOBER 10, 2019

New espionage malware found targeting Russian-speaking users in Eastern Europe. ESET found an advanced malware piece of malware named Attor, targeting diplomats and high-profile Russian-speaking users in Eastern Europe. Threat actors have been using Attor since 2013, the malicious code remained under the radar until last year.

Malware

Malware Encryption Advertising Mobile

Researchers shared technical details of NSA Equation Group’s Bvp47 backdoor

Security Affairs

FEBRUARY 23, 2022

The Bvp47 backdoor was first discovered in 2013 while conducting a forensic investigation into a security breach suffered by a Chinese government organization. In 2016 and 2017, the hacking group The Shadow Brokers l eaked a bunch of data allegedly stolen from the Equation Group, including many hacking tools and exploits.

Encryption

Encryption Hacking Government Engineering

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Security Affairs

APRIL 23, 2020

A security expert uncovered an old APT operation, tracked Nazar, by analyzing the NSA hacking tools included in the dump leaked by Shadow Brokers in 2017. The name ‘Nazar’ comes from the debug paths he found in the dump alongside Farsi resources in some of the malware droppers. ” continues the expert. .

Hacking

Hacking Advertising Malware Engineering

Y2k22 bug in Microsoft Exchange causes failure in email delivery

Security Affairs

JANUARY 1, 2022

Microsoft Exchange on-premise servers cannot deliver emails starting on January 1st, 2022, due to a bug in the FIP-FS anti-malware scanning engine dubbed Y2k22 bug. FIP-FS is the anti-malware scanning engine used by Microsoft to protect its users, it was used starting with Exchange Server 2013. SecurityAffairs – hacking, Y2k22).

Engineering

Engineering Malware Hacking Information Security

A member of the FIN7 group was sentenced to 10 years in prison

Security Affairs

APRIL 18, 2021

The Carbanak gang (aka FIN7 , Anunak or Cobalt ) stole over a billion euros from banks across the world, the name “Carbanak” comes with the name of the malware they used to compromise computers at banks, other financial institutions, restaurants, and other industries. SecurityAffairs – hacking, FIN7). Pierluigi Paganini.

System Administration

System Administration Penetration Testing Malware Banking

Experts spotted two Android spyware used by Indian APT Confucius

Security Affairs

FEBRUARY 11, 2021

Researchers at mobile security firm Lookout have provided details about two recently discovered Android spyware families, dubbed Hornbill and SunBird, used by an APT group named Confucius. Confucius is a pro-India APT group that has been active since 2013, it mainly focused on Pakistani and other South Asian targets.

Spyware

Spyware Surveillance Malware Mobile

US DoJ indicts four members of China-linked APT40 cyberespionage group

Security Affairs

JULY 19, 2021

US DoJ indicted four members of the China-linked cyberespionage group known as APT40 for hacking various entities between 2011 and 2018. The APT40 group has been active since at least 2013 and appears to be focused on supporting naval modernization efforts of the Government of Beijing. Ltd. (????) and Zhu Yunmin (???),

Hacking

Hacking Technology Government Malware

Ukraine intelligence doxed 5 FSB Officers that are members of Gamaredon APT Group

Security Affairs

NOVEMBER 5, 2021

This ‘line of work’ is coordinated by the FSB’s 18th Center (Information Security Center) based in Moscow.” The Gamaredon group was first discovered by Symantec and TrendMicro in 2015, but evidence of its activities has been dated back to 2013. SecurityAffairs – hacking, Gamaredon). Pierluigi Paganini.

Government

Government Software Cyber threats Cyber Attacks

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

Security Affairs

APRIL 5, 2022

ua,” the campaign aims at infecting the target systems with malware. The Gamaredon group was first discovered by Symantec and TrendMicro in 2015, but evidence of its activities has been dated back to 2013. SecurityAffairs – hacking, Armageddon). The phishing messages have been sent from “vadim_melnik88@i[.]ua,”

Phishing

Phishing Government Hacking Malware

Sextortion campaign uses Goontact spyware to target Android and iOS users

Security Affairs

DECEMBER 16, 2020

Security experts spotted a new malware strain, named Goontact, that allows its operators to spy on both Android and iOS users. Security researchers from Lookout have discovered new spyware, dubbed Goontcat, that could target both Android and iOS users. SecurityAffairs – hacking, Goontact). ” conclude the experts.

Spyware

Spyware Mobile Surveillance Malware

North Korea-linked TA406 cyberespionage group activity in 2021

Security Affairs

NOVEMBER 19, 2021

The TA406 cyber espionage group was first spotted by Kaspersky researchers in 2013. At the end of October 2020, the US-CERT published a report on Kimusky’s recent activities that provided information of their TTPs and infrastructure. In March, the group orchestrated a malware campaign targeting North American entities.

Cryptocurrency

Cryptocurrency Malware Government Education

CIRWA Project tracks ransomware attacks on critical infrastructure

Security Affairs

SEPTEMBER 14, 2020

The project was launched in September 2019 and as of August 2020, the experts collected 680 records of ransomware attacks that took place since November 2013. These are based on publicly disclosed incidents in the media or security reports.” SecurityAffairs – hacking, ransomware). ” reads the project description.

Ransomware

Ransomware Advertising Data collection Healthcare

Russia-linked Gamaredon APT continues to target Ukraine

Security Affairs

AUGUST 16, 2022

Russia-linked Gamaredon APT group targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad. Russia-linked Gamaredon APT group (aka Shuckworm , Actinium , Armageddon , Primitive Bear , and Trident Ursa) targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad, Symantec warns.

Malware

Malware Phishing Hacking Government

NSA Equation Group tool was used by Chinese hackers years before it was leaked online

Security Affairs

FEBRUARY 22, 2021

The Chinese APT group had access to an NSA Equation Group, NSA hacking tool and used it years before it was leaked online by Shadow Brokers group. used a tool dubbed Jian, which is a clone of NSA Equation Group ‘s “EpMe” hacking tool years before it was leaked online by Shadow Brokers hackers.

Hacking

Hacking Malware Software Information Security

Threat actor has been targeting the aviation industry since at least 2018

Security Affairs

SEPTEMBER 18, 2021

The group is suspected to have been running successful malware campaigns for more than five years. The attackers have used off-the-shelf malware since the beginning of their operations and have never developed their own malware. SecurityAffairs – hacking, malware). ” concludes the experts.

Malware

Malware Phishing DNS Cybercrime

Pakistan-linked Transparent Tribe APT expands its arsenal

Security Affairs

MAY 16, 2021

Alleged Pakistan-Linked cyber espionage group, tracked as Transparent Tribe, targets Indian entities with a new Windows malware. Researchers from Cisco Talos warn that the Pakistan-linked APT group Transparent Tribe expanded its Windows malware arsenal. ” read the analysis published Cisco Talos. ” continues the report.

Malware

Malware Phishing Hacking Information Security

Hunting the ICEFOG APT group after years of silence

Security Affairs

JUNE 8, 2019

The activities of the APT group were first uncovered by Kaspersky Lab in September 2013, at the time the researchers defined the crew as an emerging group of cyber-mercenaries that was able to carry out surgical hit and run operations against strategic targets. SecurityAffairs – cyberespionage, hacking). Pierluigi Paganini.

Malware

Malware Government Advertising Banking

Microsoft rolled out emergency fix for Y2k22 bug in Exchange servers

Security Affairs

JANUARY 2, 2022

This is not an issue with malware scanning or the malware engine, and it is not a security-related issue.” “The version checking performed against the signature file is causing the malware engine to crash, resulting in messages being stuck in transport queues.” SecurityAffairs – hacking, Y2k22 bug).

Engineering

Engineering Malware Hacking Information Security

Winnti APT continues to target game developers in Russia and abroad

Security Affairs

JANUARY 15, 2021

The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. Investigating the attack, the experts discover a number of new malware samples used by the attackers, including various droppers, loaders, and injectors. 229, referenced in a 2018 CrowdStrike report.

Malware

Malware Technology Software Information Security

Russia-linked InvisiMole APT targets state organizations of Ukraine

Security Affairs

MARCH 21, 2022

Then the backdoor contacts the command-and-control (C2) server to downloads and executes other malicious payloads, including the TunnelMole, malware that abuses the DNS protocol to establish a tunnel for malicious purposes, and RC2FM and RC2CL. SecurityAffairs – hacking, InvisiMole). ” reads the advisory published by CERT-UA.

Spyware

Spyware DNS Phishing Government

StrongPity APT spreads backdoored Android Telegram app via fake Shagle site

Security Affairs

JANUARY 10, 2023

StrongPity APT group has been active since at least 2013, it’s responsible for cyberespionage campaigns against Turkish targets. The group used zero-day exploits, social engineering tricks, and Trojanized software installers to deliver malware to their victims. SecurityAffairs – hacking, Android). ” continues the report.

Mobile

Mobile Social Engineering Malware Data collection

PhantomLance, a four-year-long cyberespionage spying campaign

Security Affairs

APRIL 28, 2020

The malware was an info stealer and according to the researchers, it was part of a long-term campaign, tracked as “PhantomLance” that has been active at least since December 2015. We informed Google of the malware, and it was removed from the market shortly after.” SecurityAffairs – PhantomLance, hacking).

Malware

Malware Advertising Spyware Marketing

Russia-linked Gamaredon APT targeted a western government entity in Ukraine

Security Affairs

FEBRUARY 4, 2022

In Mid January the Ukrainian government was hit with destructive malware, tracked as WhisperGate , and several Ukrainian government websites were defaced by exploiting a separate vulnerability in OctoberCMS. These clusters link to over 700 malicious domains, 215 IP addresses, and over 100 samples of malware. Pierluigi Paganini.

Government

Government Malware Phishing Software

Alfer Microsoft, also SonicWall confirmed that its products were affected by Y2K22 bug

Security Affairs

JANUARY 8, 2022

The problem is caused by a bug in the FIP-FS anti-malware scanning engine. FIP-FS is the anti-malware scanning engine used by Microsoft to protect its users, it was used starting with Exchange Server 2013. SecurityAffairs – hacking, IKEA). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Firewall

Firewall Engineering Firmware Malware

Winnti uses a new PipeMon backdoor in attacks aimed at the gaming industry

Security Affairs

MAY 22, 2020

The Winnti hacking group continues to target gaming industry, recently it used a new malware named PipeMon and a new method to achieve persistence. Winnti hacking group is using a new malware dubbed PipeMon and a novel method to achieve persistence in attacks aimed at video game companies. ” concludes ESET.

Malware

Malware Hacking Advertising Architecture

Chinese APT CactusPete targets military and financial orgs in Eastern Europe

Security Affairs

AUGUST 14, 2020

The CactusPete cyber-espionage group has been active since at least 2013, it has been mainly focused on military, diplomatic, and infrastructure targets in Asia and Eastern Europe. Since the malware contains mostly information gathering functionality, most likely they hack into organizations to gain access to the victims’ sensitive data.

Malware

Malware Advertising Phishing Hacking

Malaysia’s MyCERT warns cyber espionage campaign carried out by APT40

Security Affairs

FEBRUARY 10, 2020

Malaysia’s MyCERT issued a security alert to warn of a hacking campaign targeting government officials that was carried out by the China-linked APT40 group. The attackers aimed at stealing confidential documents from government systems after having infected them with malware. ” reads the alert issued by MyCERT.

Government

Government Advertising Malware Hacking

Experts detail a new Kimsuky social engineering campaign

Security Affairs

JUNE 8, 2023

The campaign has the objective of stealing Google and subscription credentials of a reputable news and analysis service focusing on North Korea, as well as delivering reconnaissance malware. Kimsuky cyberespionage group (aka ARCHIPELAGO, Black Banshee, Thallium , Velvet Chollima, APT43 ) was first spotted by Kaspersky researcher in 2013.

Social Engineering

Social Engineering Engineering Malware Risk

New ZLoader malware campaign hit more than 2000 victims across 111 countries

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Webinars

Trending Sources

Meet the Administrators of the RSOCKS Proxy Botnet

Webinars

Pakistani man sentenced to 12 years of prison for his role in AT&T hacking scheme

North Korea-Linked APT Group Kimsuky spotted using new malware

North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software

North Korea-linked malware ATMDtrack infected ATMs in India

3 of the Worst Data Breaches in the World That Could Have Been Prevented

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

PoC Released for Critical CVE-2020-1147 flaw, SharePoint servers exposed to hack

Microsoft recommends Exchange admins to disable the SMBv1 protocol

CERT-UA warns of an ongoing SmokeLoader campaign

Gamaredon group uses a new Outlook tool to spread malware

Ticketmaster will pay $10 Million fine over hacking a competitor

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

BotenaGo botnet targets millions of IoT devices using 33 exploits

Attor malware was developed by one of the most sophisticated espionage groups

Researchers shared technical details of NSA Equation Group’s Bvp47 backdoor

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Y2k22 bug in Microsoft Exchange causes failure in email delivery

A member of the FIN7 group was sentenced to 10 years in prison

Experts spotted two Android spyware used by Indian APT Confucius

US DoJ indicts four members of China-linked APT40 cyberespionage group

Ukraine intelligence doxed 5 FSB Officers that are members of Gamaredon APT Group

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

Sextortion campaign uses Goontact spyware to target Android and iOS users

North Korea-linked TA406 cyberespionage group activity in 2021

CIRWA Project tracks ransomware attacks on critical infrastructure

Russia-linked Gamaredon APT continues to target Ukraine

NSA Equation Group tool was used by Chinese hackers years before it was leaked online

Threat actor has been targeting the aviation industry since at least 2018

Pakistan-linked Transparent Tribe APT expands its arsenal

Hunting the ICEFOG APT group after years of silence

Microsoft rolled out emergency fix for Y2k22 bug in Exchange servers

Winnti APT continues to target game developers in Russia and abroad

Russia-linked InvisiMole APT targets state organizations of Ukraine

StrongPity APT spreads backdoored Android Telegram app via fake Shagle site

PhantomLance, a four-year-long cyberespionage spying campaign

Russia-linked Gamaredon APT targeted a western government entity in Ukraine

Alfer Microsoft, also SonicWall confirmed that its products were affected by Y2K22 bug

Winnti uses a new PipeMon backdoor in attacks aimed at the gaming industry

Chinese APT CactusPete targets military and financial orgs in Eastern Europe

Malaysia’s MyCERT warns cyber espionage campaign carried out by APT40

Experts detail a new Kimsuky social engineering campaign

Stay Connected