2013, Information Security and Malware - Cyber Security Informer

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

Stanx said he was a longtime member of several major forums, including the Russian hacker forum Antichat (since 2005), and the Russian crime forum Exploit (since April 2013). “Something new was required and I decided to leave Omsk and try to live in the States,” Kloster wrote in 2013. ” the post enthuses.

Advertising

Advertising Cybercrime System Administration Hacking

US offers $2.5M reward for Belarusian man involved in mass malware distribution

Security Affairs

AUGUST 28, 2024

million reward for information leading to the arrest of a Belarusian cybercriminal involved in the mass malware distribution. million reward for information leading to the arrest of Volodymyr Kadariya (38), a Belarusian national allegedly involved in a significant malware organization. “The U.S.

Malware

Malware Computers and Electronics Cybercrime Internet

New ZLoader malware campaign hit more than 2000 victims across 111 countries

Security Affairs

JANUARY 10, 2022

A malware campaign spreads ZLoader malware by exploiting a Windows vulnerability that was fixed in 2013 but in 2014 Microsoft revised the fix. Experts from Check Point Research uncovered a new ZLoader malware campaign in early November 2021. banking Trojan and was used to spread Zeus-like banking trojan (i.e.

Malware

Malware Banking Software Cybercrime

North Korea-linked APT Emerald Sleet is using a new tactic

Security Affairs

FEBRUARY 12, 2025

Kimsukycyberespionage group (aka ARCHIPELAGO, Black Banshee, Thallium , Velvet Chollima, APT43 ) was first spotted by Kaspersky researchers in 2013. At the end of October 2020, the US-CERT published a report on Kimuskys recent activities that provided information on their TTPs and infrastructure.

Phishing

Phishing Malware Security Intelligence Hacking

CERT-UA warns of malware campaign conducted by threat actor UAC-0006

Security Affairs

MAY 26, 2024

UAC-0006 has been active since at least 2013. The government experts reported that the group carried out at least two massive campaigns since May 20, threat actors aimed at distributing SmokeLoader malware via email. ” read the advisory published by CERT-UA. . ” read the advisory published by CERT-UA.

Malware

Malware Banking Accountability Phishing

Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan

Security Affairs

APRIL 21, 2025

. “The threat actor also used other means to distribute the malware, such as attaching the same file to emails and exploiting the Microsoft Office Equation Editor vulnerability (CVE-2017-11882) [1].” When opened, they execute PowerShell or Mshta to download malware like PebbleDash and RDP Wrapper, to control the infected systems.

Phishing

Phishing Malware Security Intelligence Hacking

New Mirai botnet variant Murdoc Botnet targets AVTECH IP cameras and Huawei HG532 routers

Security Affairs

JANUARY 21, 2025

Researchers found over 100 servers distributing Mirai malware and communicating with compromised IPs, indicating the campaign is ongoing. “Mirai malware, here dubbed as Murdoc Botnet, is a prominent malware family for *nix systems. Most of the infected systems are in Malaysia, Thailand, Mexico, and Indonesia.

IoT

IoT Malware Hacking Cybercrime

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The epidemic went truly mainstream with the release of CryptoLocker back in 2013, and it has since transformed into a major dark web economy spawning the likes of Sodinokibi, Ryuk, and Maze lineages that are targeting the enterprise on a huge scale in 2020. FBI spoofs 2012 – 2013. File encryption 2013 – 2015.

Ransomware

Ransomware Hacking Encryption Penetration Testing

North Korea-Linked APT Group Kimsuky spotted using new malware

Security Affairs

NOVEMBER 2, 2020

North Korea-linked APT group Kimsuky was recently spotted using a new piece of malware in attacks on government agencies and human rights activists. At the end of October, the US-CERT published a report on Kimusky’s recent activities that provided information of their TTPs and infrastructure.

Malware

Malware Advertising Spyware Government

Kimsuky APT group used custom RDP Wrapper version and forceCopy stealer

Security Affairs

FEBRUARY 8, 2025

Researchers spotted North Korea’s Kimsuky APT group launching spear-phishing attacks to deliver forceCopy info-stealer malware. Researchers from AhnLab Security Intelligence Center (ASEC) observed North Korea’s Kimsuky APT group conducting spear-phishing attacks to deliver forceCopy info-stealer malware.

Malware

Malware Phishing Security Intelligence Hacking

US Treasury imposes sanctions on a Russian research institute behind Triton malware

Security Affairs

OCTOBER 24, 2020

US Treasury Department announced sanctions against Russia’s Central Scientific Research Institute of Chemistry and Mechanics behind Triton malware. The US Treasury Department announced sanctions against a Russian research institute for its alleged role in the development of the Triton malware. ” continues the press release.

Malware

Malware Government Hacking Cyber Attacks

Gamaredon group uses a new Outlook tool to spread malware

Security Affairs

JUNE 12, 2020

The group was first discovered by Symantec and TrendMicro in 2015 but evidence of its activities has been dated back to 2013. “We have seen this module implemented in two different languages: C# and VBScript” The arsenal of the group includes also multiple malware, most of them downloaders and backdoors. Pierluigi Paganini.

Malware

Malware Phishing Advertising Government

North Korea-linked malware ATMDtrack infected ATMs in India

Security Affairs

SEPTEMBER 23, 2019

Kaspersky experts spotted a new piece of ATM malware, dubbed ATMDtrack, that was developed and used by North Korea-linked hackers. Kaspersky researchers discovered a new piece of ATM malware, tracked as ATMDtrack, that was developed and used by North Korea-linked hackers. ” reads the analysis published by Kaspersky.

Malware

Malware Banking Advertising Encryption

XE Group shifts from credit card skimming to exploiting zero-days

Security Affairs

FEBRUARY 10, 2025

A recent investigation by researchers from Intezer and Solis Security shed light on the recent operations of the XE Group. Active since at least 2013 , XE Group is a cybercriminal group focused on credit card skimming and password theft via supply chain attacks. ” reads the analysis published by Intezer.

Manufacturing

Manufacturing Cybercrime Passwords Authentication

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Krebs on Security

SEPTEMBER 24, 2022

A native of Omsk, Russia, Kloster came into focus after KrebsOnSecurity followed clues from the RSOCKS botnet master’s identity on the cybercrime forums to Kloster’s personal blog , which featured musings on the challenges of running a company that sells “security and anonymity services to customers around the world.”

Cybercrime

Cybercrime Data breaches Malware Ransomware

Attor malware was developed by one of the most sophisticated espionage groups

Security Affairs

OCTOBER 10, 2019

New espionage malware found targeting Russian-speaking users in Eastern Europe. ESET found an advanced malware piece of malware named Attor, targeting diplomats and high-profile Russian-speaking users in Eastern Europe. Threat actors have been using Attor since 2013, the malicious code remained under the radar until last year.

Malware

Malware Encryption Advertising Mobile

CERT-UA warns of a phishing campaign targeting government entities

Security Affairs

AUGUST 13, 2024

CERT-UA warned that Russia-linked actor is impersonating the Security Service of Ukraine (SSU) in a new phishing campaign to distribute malware. Threat actors sent out emails attempting to impersonate Security Service of Ukraine (SSU) and contains a link to download a file named “Documents.zip.”

Government

Government Phishing Malware Banking

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Security Affairs

FEBRUARY 13, 2020

Microsoft is recommending administrators to disable the SMBv1 network communication protocol on Exchange servers to prevent malware attacks. Microsoft is urging administrators to disable the SMBv1 protocol on Exchange servers as a countermeasure against malware threats like TrickBot and Emotet. ” continues Microsoft.

Authentication

Authentication Malware Advertising Hacking

Experts spotted two Android spyware used by Indian APT Confucius

Security Affairs

FEBRUARY 11, 2021

Researchers at mobile security firm Lookout have provided details about two recently discovered Android spyware families, dubbed Hornbill and SunBird, used by an APT group named Confucius. Confucius is a pro-India APT group that has been active since 2013, it mainly focused on Pakistani and other South Asian targets.

Spyware

Spyware Surveillance Malware Mobile

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Beta, D6220, D6400, D7000 CVE-2018-10561, CVE-2018-10562 GPON home routers CVE-2013-3307 Linksys X3000 1.0.03 d26m CVE-2013-5223 D-Link DSL-2760U Gateway CVE-2020-8958 Guangzhou 1GE ONU V2801RW 1.9.1-181203 “To deliver its exploit, the malware first queries the target with a simple “GET” request. A2pvI042j1.d26m

IoT

IoT Firmware Malware Wireless

North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence

Security Affairs

OCTOBER 1, 2024

By clicking on a malicious PDF, victims would unknowingly download malware, allowing the hackers to spy on their systems.” A spokesperson for Germany’s Federal Office for Information Security (BSI) confirmed that Kimsuky (aka APT43 ) is conducting a broader cyber campaign targeting Germany. defense contractors.

Manufacturing

Manufacturing Hacking Cyber Attacks Malware

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Security Affairs

APRIL 23, 2020

The name ‘Nazar’ comes from the debug paths he found in the dump alongside Farsi resources in some of the malware droppers. The analysis of the submissions times in VirusTotal for the artifacts employed in the Nazar campaign allowed the expert to date the campaign between 2010 and 2013. ” continues the expert. .

Hacking

Hacking Advertising Malware Engineering

CIRWA Project tracks ransomware attacks on critical infrastructure

Security Affairs

SEPTEMBER 14, 2020

The project was launched in September 2019 and as of August 2020, the experts collected 680 records of ransomware attacks that took place since November 2013. These are based on publicly disclosed incidents in the media or security reports.” The maintainers of the project also mapped the attacks to the MITRE ATT&CK framework.

Ransomware

Ransomware Advertising Data collection Healthcare

North Korea-linked APT used a new RAT called MoonPeak

Security Affairs

AUGUST 21, 2024

During the recent campaign, the threat actor distributed a variant of the open-source XenoRAT malware, dubbed ‘MoonPeak,’ which is a remote access trojan (RAT) actively developed by the group. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, MoonPeak malware)

Malware

Malware Phishing Hacking Information Security

Sextortion campaign uses Goontact spyware to target Android and iOS users

Security Affairs

DECEMBER 16, 2020

Security experts spotted a new malware strain, named Goontact, that allows its operators to spy on both Android and iOS users. Security researchers from Lookout have discovered new spyware, dubbed Goontcat, that could target both Android and iOS users. The spyware is likely used as part of a sextortion campaign.

Spyware

Spyware Mobile Surveillance Malware

Prestige reservation platform exposes millions of hotel guests

Security Affairs

NOVEMBER 10, 2020

Exposed data, some of which go back to 2013, include sensitive information and credit card details. The availability of such kind of data could expose hotel guests to a wide range of malicious activities, including identity theft, phishing attacks, scams, malware attacks, and reservation takeover. According to the experts.

Identity Theft

Identity Theft Scams Phishing Malware

Pakistan-linked Transparent Tribe APT expands its arsenal

Security Affairs

MAY 16, 2021

Alleged Pakistan-Linked cyber espionage group, tracked as Transparent Tribe, targets Indian entities with a new Windows malware. Researchers from Cisco Talos warn that the Pakistan-linked APT group Transparent Tribe expanded its Windows malware arsenal. ” read the analysis published Cisco Talos. ” continues the report.

Malware

Malware Phishing Hacking Information Security

Hunting the ICEFOG APT group after years of silence

Security Affairs

JUNE 8, 2019

The activities of the APT group were first uncovered by Kaspersky Lab in September 2013, at the time the researchers defined the crew as an emerging group of cyber-mercenaries that was able to carry out surgical hit and run operations against strategic targets. Feedbacks and questions are welcome!

Malware

Malware Government Advertising Banking

Gamaredon targeted the military mission of a Western country based in Ukraine

Security Affairs

APRIL 10, 2025

Gamaredon targeted a foreign military mission in Ukraine with updated GammaSteel malware on Feb 26, 2025, per Symantec. Shuckworm is known for targeting government, law enforcement, and defense organizations in Ukraine since 2013. Symantec Threat Hunter researchers reported that the Russia-linked APT group Gamaredon (a.k.a.

Hacking

Hacking Government Malware Risk

Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

Security Affairs

APRIL 27, 2023

Iran-linked APT group Charming Kitten employed a new malware dubbed BellaCiao in attacks against victims in the U.S., The Charming Kitten used a new custom malware, dubbed BellaCiao, that is tailored to suit individual targets and is very sophisticated. Europe, the Middle East and India. Israel, Iraq, and Saudi Arabia.

Malware

Malware DNS Media Architecture

Winnti APT continues to target game developers in Russia and abroad

Security Affairs

JANUARY 15, 2021

The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. Investigating the attack, the experts discover a number of new malware samples used by the attackers, including various droppers, loaders, and injectors. 229, referenced in a 2018 CrowdStrike report.

Malware

Malware Technology Software Information Security

Sophos Sandboxie is now available as an open-source tool

Security Affairs

APRIL 10, 2020

.” The sandbox was developed by Ronen Tzur and released on June 26, 2004, he sold the solution to Invincea in 2013. Releasing the tool as the open-source, Sophos aims at engaging malware researchers to improve its Sandboxie with knowledge of the community. SecurityAffairs – Sandbox, malware). Pierluigi Paganini.

Advertising

Advertising Malware Marketing Technology

North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software

Security Affairs

NOVEMBER 23, 2023

The attackers used a malware-laced version of a legitimate CyberLink application installer that was signed using a valid certificate issued to CyberLink Corp. Microsoft has yet to identify “hands-on-keyboard activity” carried out by the attackers after the compromise via this malware.

Software

Software Malware Media Internet

Ukraine intelligence doxed 5 FSB Officers that are members of Gamaredon APT Group

Security Affairs

NOVEMBER 5, 2021

This ‘line of work’ is coordinated by the FSB’s 18th Center (Information Security Center) based in Moscow.” The Gamaredon group was first discovered by Symantec and TrendMicro in 2015, but evidence of its activities has been dated back to 2013. .” reads the announcement published by the SSU.

Government

Government Software Cyber threats Cyber Attacks

Threat actor has been targeting the aviation industry since at least 2018

Security Affairs

SEPTEMBER 18, 2021

The group is suspected to have been running successful malware campaigns for more than five years. The attackers have used off-the-shelf malware since the beginning of their operations and have never developed their own malware. SecurityAffairs – hacking, malware). ” reads the analysis published by Cisco Talos.

Malware

Malware Phishing DNS Cybercrime

The parabola of a prolific cyber-criminal known as Dton

Security Affairs

MARCH 17, 2020

The man is active at least since 2013 and already earned at least $100,000 US from his ‘work,’ but researchers believe he has earned several times that amount. The experts were able to identify the man, his name is Bill Henry (25) from Benin City, Nigeria, his criminal activity include the theft of credit cards, phishing and malware attacks.

Cybercrime

Cybercrime Malware Advertising Phishing

Chinese APT CactusPete targets military and financial orgs in Eastern Europe

Security Affairs

AUGUST 14, 2020

The CactusPete cyber-espionage group has been active since at least 2013, it has been mainly focused on military, diplomatic, and infrastructure targets in Asia and Eastern Europe. Since the malware contains mostly information gathering functionality, most likely they hack into organizations to gain access to the victims’ sensitive data.

Malware

Malware Advertising Phishing Hacking

A member of the FIN7 group was sentenced to 10 years in prison

Security Affairs

APRIL 18, 2021

The Carbanak gang (aka FIN7 , Anunak or Cobalt ) stole over a billion euros from banks across the world, the name “Carbanak” comes with the name of the malware they used to compromise computers at banks, other financial institutions, restaurants, and other industries. ” reads the press release published by DoJ.

System Administration

System Administration Penetration Testing Malware Hacking

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

Security Affairs

APRIL 6, 2021

at least since 2013. The Cycldek group was first spotted in September 2013, in past campaigns it mainly targeted entities in Southeast Asia using different malware variants, such as PlugX and HttpTunnel. ” reads the technical analysis of the malware.

Government

Government Malware Phishing Education

Pakistani man sentenced to 12 years of prison for his role in AT&T hacking scheme

Security Affairs

SEPTEMBER 19, 2021

In 2013, AT&T implemented a new system to monitor the activity of the employees, for this reason, the Pakistani man corrupted the employees to install malware and other tools on the infrastructure of the company to unlock the devices remotely. SecurityAffairs – hacking, malware). Secret Service, IRS-CI and the U.S.

Hacking

Hacking Malware Cybercrime Information Security

PhantomLance, a four-year-long cyberespionage spying campaign

Security Affairs

APRIL 28, 2020

The malware was an info stealer and according to the researchers, it was part of a long-term campaign, tracked as “PhantomLance” that has been active at least since December 2015. We informed Google of the malware, and it was removed from the market shortly after.” ” reads the analysis published by Kaspersky.

Malware

Malware Advertising Marketing Hacking

A new variant of Cicada ransomware targets VMware ESXi systems

Security Affairs

SEPTEMBER 2, 2024

A second round of puzzles began one year later on January 4, 2013, and then a third round following the confirmation of a fresh clue posted on Twitter on January 4, 2014. Truesec researchers dissected a variant that targets VMware ESXi systems, which appears to be a version of the same malware for Windows.

Ransomware

Ransomware Encryption Malware Cybercrime

Microsoft rolled out emergency fix for Y2k22 bug in Exchange servers

Security Affairs

JANUARY 2, 2022

This is not an issue with malware scanning or the malware engine, and it is not a security-related issue.” “The version checking performed against the signature file is causing the malware engine to crash, resulting in messages being stuck in transport queues.”

Engineering

Engineering Malware Hacking Information Security

Y2k22 bug in Microsoft Exchange causes failure in email delivery

Security Affairs

JANUARY 1, 2022

Microsoft Exchange on-premise servers cannot deliver emails starting on January 1st, 2022, due to a bug in the FIP-FS anti-malware scanning engine dubbed Y2k22 bug. FIP-FS is the anti-malware scanning engine used by Microsoft to protect its users, it was used starting with Exchange Server 2013.

Engineering

Engineering Malware Hacking Information Security

Meet the Administrators of the RSOCKS Proxy Botnet

US offers $2.5M reward for Belarusian man involved in mass malware distribution

Trending Sources

New ZLoader malware campaign hit more than 2000 victims across 111 countries

North Korea-linked APT Emerald Sleet is using a new tactic

CERT-UA warns of malware campaign conducted by threat actor UAC-0006

Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan

New Mirai botnet variant Murdoc Botnet targets AVTECH IP cameras and Huawei HG532 routers

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

North Korea-Linked APT Group Kimsuky spotted using new malware

Kimsuky APT group used custom RDP Wrapper version and forceCopy stealer

US Treasury imposes sanctions on a Russian research institute behind Triton malware

Gamaredon group uses a new Outlook tool to spread malware

North Korea-linked malware ATMDtrack infected ATMs in India

XE Group shifts from credit card skimming to exploiting zero-days

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Attor malware was developed by one of the most sophisticated espionage groups

CERT-UA warns of a phishing campaign targeting government entities

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Experts spotted two Android spyware used by Indian APT Confucius

BotenaGo botnet targets millions of IoT devices using 33 exploits

North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

CIRWA Project tracks ransomware attacks on critical infrastructure

North Korea-linked APT used a new RAT called MoonPeak

Sextortion campaign uses Goontact spyware to target Android and iOS users

Prestige reservation platform exposes millions of hotel guests

Pakistan-linked Transparent Tribe APT expands its arsenal

Hunting the ICEFOG APT group after years of silence

Gamaredon targeted the military mission of a Western country based in Ukraine

Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

Winnti APT continues to target game developers in Russia and abroad

Sophos Sandboxie is now available as an open-source tool

North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software

Ukraine intelligence doxed 5 FSB Officers that are members of Gamaredon APT Group

Threat actor has been targeting the aviation industry since at least 2018

The parabola of a prolific cyber-criminal known as Dton

Chinese APT CactusPete targets military and financial orgs in Eastern Europe

A member of the FIN7 group was sentenced to 10 years in prison

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

Pakistani man sentenced to 12 years of prison for his role in AT&T hacking scheme

PhantomLance, a four-year-long cyberespionage spying campaign

A new variant of Cicada ransomware targets VMware ESXi systems

Microsoft rolled out emergency fix for Y2k22 bug in Exchange servers

Y2k22 bug in Microsoft Exchange causes failure in email delivery

Stay Connected