2013, Information Security and Malware - Cyber Security Informer

New ZLoader malware campaign hit more than 2000 victims across 111 countries

Security Affairs

JANUARY 10, 2022

A malware campaign spreads ZLoader malware by exploiting a Windows vulnerability that was fixed in 2013 but in 2014 Microsoft revised the fix. Experts from Check Point Research uncovered a new ZLoader malware campaign in early November 2021. banking Trojan and was used to spread Zeus-like banking trojan (i.e.

Malware

Malware Banking Software Cybercrime

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

Stanx said he was a longtime member of several major forums, including the Russian hacker forum Antichat (since 2005), and the Russian crime forum Exploit (since April 2013). “Something new was required and I decided to leave Omsk and try to live in the States,” Kloster wrote in 2013. ” the post enthuses.

Advertising

Advertising Cybercrime System Administration Hacking

North Korea-Linked APT Group Kimsuky spotted using new malware

Security Affairs

NOVEMBER 2, 2020

North Korea-linked APT group Kimsuky was recently spotted using a new piece of malware in attacks on government agencies and human rights activists. At the end of October, the US-CERT published a report on Kimusky’s recent activities that provided information of their TTPs and infrastructure.

Malware

Malware Spyware Advertising Government

Benefits of a Website Malware Scanner

SiteLock

AUGUST 27, 2021

A recent report from PandaLabs suggests that “there were twice as many malware infections in 2014 compared to 2013” and that 2015 could be even worse. Today’s attacks are becoming increasingly sophisticated, and a simple malware injection can compromise your entire database. Automatic remediation of known threats.

Malware

Malware Penetration Testing Insurance DDOS

North Korea-linked malware ATMDtrack infected ATMs in India

Security Affairs

SEPTEMBER 23, 2019

Kaspersky experts spotted a new piece of ATM malware, dubbed ATMDtrack, that was developed and used by North Korea-linked hackers. Kaspersky researchers discovered a new piece of ATM malware, tracked as ATMDtrack, that was developed and used by North Korea-linked hackers. ” reads the analysis published by Kaspersky.

Malware

Malware Banking Advertising Encryption

Gamaredon group uses a new Outlook tool to spread malware

Security Affairs

JUNE 12, 2020

The group was first discovered by Symantec and TrendMicro in 2015 but evidence of its activities has been dated back to 2013. “We have seen this module implemented in two different languages: C# and VBScript” The arsenal of the group includes also multiple malware, most of them downloaders and backdoors. Pierluigi Paganini.

Malware

Malware Phishing Advertising Government

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The epidemic went truly mainstream with the release of CryptoLocker back in 2013, and it has since transformed into a major dark web economy spawning the likes of Sodinokibi, Ryuk, and Maze lineages that are targeting the enterprise on a huge scale in 2020. FBI spoofs 2012 – 2013. File encryption 2013 – 2015.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Attor malware was developed by one of the most sophisticated espionage groups

Security Affairs

OCTOBER 10, 2019

New espionage malware found targeting Russian-speaking users in Eastern Europe. ESET found an advanced malware piece of malware named Attor, targeting diplomats and high-profile Russian-speaking users in Eastern Europe. Threat actors have been using Attor since 2013, the malicious code remained under the radar until last year.

Malware

Malware Encryption Advertising Mobile

North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software

Security Affairs

NOVEMBER 23, 2023

The attackers used a malware-laced version of a legitimate CyberLink application installer that was signed using a valid certificate issued to CyberLink Corp. Microsoft has yet to identify “hands-on-keyboard activity” carried out by the attackers after the compromise via this malware.

Software

Software Malware Media Internet

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Krebs on Security

SEPTEMBER 24, 2022

A native of Omsk, Russia, Kloster came into focus after KrebsOnSecurity followed clues from the RSOCKS botnet master’s identity on the cybercrime forums to Kloster’s personal blog , which featured musings on the challenges of running a company that sells “security and anonymity services to customers around the world.”

Cybercrime

Cybercrime Data breaches Malware Ransomware

CERT-UA warns of an ongoing SmokeLoader campaign

Security Affairs

MAY 8, 2023

Ukraine’s CERT-UA warns of an ongoing phishing campaign aimed at distributing the SmokeLoader malware in the form of a polyglot file. CERT-UA warns of an ongoing phishing campaign that is distributing the SmokeLoader malware in the form of a polyglot file. ” reads the alert published by Ukraine’s CERT.

Malware

Malware Phishing VPN Accountability

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Beta, D6220, D6400, D7000 CVE-2018-10561, CVE-2018-10562 GPON home routers CVE-2013-3307 Linksys X3000 1.0.03 d26m CVE-2013-5223 D-Link DSL-2760U Gateway CVE-2020-8958 Guangzhou 1GE ONU V2801RW 1.9.1-181203 “To deliver its exploit, the malware first queries the target with a simple “GET” request. A2pvI042j1.d26m

IoT

IoT Firmware Malware Wireless

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Security Affairs

FEBRUARY 13, 2020

Microsoft is recommending administrators to disable the SMBv1 network communication protocol on Exchange servers to prevent malware attacks. Microsoft is urging administrators to disable the SMBv1 protocol on Exchange servers as a countermeasure against malware threats like TrickBot and Emotet. ” continues Microsoft.

Authentication

Authentication Malware Advertising Hacking

3 of the Worst Data Breaches in the World That Could Have Been Prevented

Security Affairs

DECEMBER 1, 2022

In 2013, Yahoo suffered one of the worst data breaches in history, exposing over 3 billion user accounts. Near the holiday season of 2013, hackers exposed the credit and debit card information of over 110 million Target customers. Here are three of the worst data breaches that could have been avoided: Yahoo. Pierluigi Paganini.

Data breaches

Data breaches Passwords Social Engineering Encryption

Experts spotted two Android spyware used by Indian APT Confucius

Security Affairs

FEBRUARY 11, 2021

Researchers at mobile security firm Lookout have provided details about two recently discovered Android spyware families, dubbed Hornbill and SunBird, used by an APT group named Confucius. Confucius is a pro-India APT group that has been active since 2013, it mainly focused on Pakistani and other South Asian targets.

Spyware

Spyware Surveillance Malware Mobile

Y2k22 bug in Microsoft Exchange causes failure in email delivery

Security Affairs

JANUARY 1, 2022

Microsoft Exchange on-premise servers cannot deliver emails starting on January 1st, 2022, due to a bug in the FIP-FS anti-malware scanning engine dubbed Y2k22 bug. FIP-FS is the anti-malware scanning engine used by Microsoft to protect its users, it was used starting with Exchange Server 2013.

Engineering

Engineering Malware Hacking Information Security

Hunting the ICEFOG APT group after years of silence

Security Affairs

JUNE 8, 2019

The activities of the APT group were first uncovered by Kaspersky Lab in September 2013, at the time the researchers defined the crew as an emerging group of cyber-mercenaries that was able to carry out surgical hit and run operations against strategic targets. Feedbacks and questions are welcome!

Malware

Malware Government Advertising Banking

Ukraine intelligence doxed 5 FSB Officers that are members of Gamaredon APT Group

Security Affairs

NOVEMBER 5, 2021

This ‘line of work’ is coordinated by the FSB’s 18th Center (Information Security Center) based in Moscow.” The Gamaredon group was first discovered by Symantec and TrendMicro in 2015, but evidence of its activities has been dated back to 2013. .” reads the announcement published by the SSU.

Government

Government Software Cyber threats Cyber Attacks

Winnti APT continues to target game developers in Russia and abroad

Security Affairs

JANUARY 15, 2021

The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. Investigating the attack, the experts discover a number of new malware samples used by the attackers, including various droppers, loaders, and injectors. 229, referenced in a 2018 CrowdStrike report.

Malware

Malware Technology Software Information Security

Threat actor has been targeting the aviation industry since at least 2018

Security Affairs

SEPTEMBER 18, 2021

The group is suspected to have been running successful malware campaigns for more than five years. The attackers have used off-the-shelf malware since the beginning of their operations and have never developed their own malware. SecurityAffairs – hacking, malware). ” reads the analysis published by Cisco Talos.

Malware

Malware Phishing DNS Cybercrime

North Korea-linked TA406 cyberespionage group activity in 2021

Security Affairs

NOVEMBER 19, 2021

The TA406 cyber espionage group was first spotted by Kaspersky researchers in 2013. At the end of October 2020, the US-CERT published a report on Kimusky’s recent activities that provided information of their TTPs and infrastructure. In March, the group orchestrated a malware campaign targeting North American entities.

Cryptocurrency

Cryptocurrency Malware Government Education

Sextortion campaign uses Goontact spyware to target Android and iOS users

Security Affairs

DECEMBER 16, 2020

Security experts spotted a new malware strain, named Goontact, that allows its operators to spy on both Android and iOS users. Security researchers from Lookout have discovered new spyware, dubbed Goontcat, that could target both Android and iOS users. The spyware is likely used as part of a sextortion campaign.

Spyware

Spyware Mobile Surveillance Malware

Russia-linked Gamaredon APT continues to target Ukraine

Security Affairs

AUGUST 16, 2022

Russia-linked Gamaredon APT group targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad. Russia-linked Gamaredon APT group (aka Shuckworm , Actinium , Armageddon , Primitive Bear , and Trident Ursa) targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad, Symantec warns.

Malware

Malware Phishing Hacking Government

CIRWA Project tracks ransomware attacks on critical infrastructure

Security Affairs

SEPTEMBER 14, 2020

The project was launched in September 2019 and as of August 2020, the experts collected 680 records of ransomware attacks that took place since November 2013. These are based on publicly disclosed incidents in the media or security reports.” The maintainers of the project also mapped the attacks to the MITRE ATT&CK framework.

Ransomware

Ransomware Advertising Data collection Healthcare

Pakistan-linked Transparent Tribe APT expands its arsenal

Security Affairs

MAY 16, 2021

Alleged Pakistan-Linked cyber espionage group, tracked as Transparent Tribe, targets Indian entities with a new Windows malware. Researchers from Cisco Talos warn that the Pakistan-linked APT group Transparent Tribe expanded its Windows malware arsenal. ” read the analysis published Cisco Talos. ” continues the report.

Malware

Malware Phishing Hacking Information Security

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Security Affairs

APRIL 23, 2020

The name ‘Nazar’ comes from the debug paths he found in the dump alongside Farsi resources in some of the malware droppers. The analysis of the submissions times in VirusTotal for the artifacts employed in the Nazar campaign allowed the expert to date the campaign between 2010 and 2013. ” continues the expert. .

Hacking

Hacking Advertising Malware Engineering

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

Security Affairs

OCTOBER 21, 2019

Security experts have a new malware, dubbed skip-2.0 Security experts at ESET have discovered a new malware, dubbed skip-2.0, The Winnti group was first spotted by Kaspersky in 2013, according to the researchers the gang has been active since 2007. The skip-2.0 by its authors and part of the Winnti Group’s arsenal.”

Malware

Malware Passwords Advertising DNS

Microsoft rolled out emergency fix for Y2k22 bug in Exchange servers

Security Affairs

JANUARY 2, 2022

This is not an issue with malware scanning or the malware engine, and it is not a security-related issue.” “The version checking performed against the signature file is causing the malware engine to crash, resulting in messages being stuck in transport queues.”

Engineering

Engineering Malware Hacking Information Security

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

CDHE provides free access to the identify theft monitoring Experian IdentityWorks SM for 24 months.

Education

Education Data breaches Ransomware Hacking

Sophos Sandboxie is now available as an open-source tool

Security Affairs

APRIL 10, 2020

.” The sandbox was developed by Ronen Tzur and released on June 26, 2004, he sold the solution to Invincea in 2013. Releasing the tool as the open-source, Sophos aims at engaging malware researchers to improve its Sandboxie with knowledge of the community. SecurityAffairs – Sandbox, malware). Pierluigi Paganini.

Advertising

Advertising Malware Marketing Technology

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

Security Affairs

APRIL 5, 2022

ua,” the campaign aims at infecting the target systems with malware. The Gamaredon group was first discovered by Symantec and TrendMicro in 2015, but evidence of its activities has been dated back to 2013. The phishing messages have been sent from “vadim_melnik88@i[.]ua,”

Phishing

Phishing Government Hacking Malware

Russia-linked Gamaredon APT targeted a western government entity in Ukraine

Security Affairs

FEBRUARY 4, 2022

In Mid January the Ukrainian government was hit with destructive malware, tracked as WhisperGate , and several Ukrainian government websites were defaced by exploiting a separate vulnerability in OctoberCMS. These clusters link to over 700 malicious domains, 215 IP addresses, and over 100 samples of malware.

Government

Government Malware Phishing Software

A member of the FIN7 group was sentenced to 10 years in prison

Security Affairs

APRIL 18, 2021

The Carbanak gang (aka FIN7 , Anunak or Cobalt ) stole over a billion euros from banks across the world, the name “Carbanak” comes with the name of the malware they used to compromise computers at banks, other financial institutions, restaurants, and other industries. ” reads the press release published by DoJ.

System Administration

System Administration Penetration Testing Malware Banking

StrongPity APT spreads backdoored Android Telegram app via fake Shagle site

Security Affairs

JANUARY 10, 2023

StrongPity APT group has been active since at least 2013, it’s responsible for cyberespionage campaigns against Turkish targets. The group used zero-day exploits, social engineering tricks, and Trojanized software installers to deliver malware to their victims. ” continues the report. ” concludes the report.

Mobile

Mobile Social Engineering Malware Data collection

Pakistani man sentenced to 12 years of prison for his role in AT&T hacking scheme

Security Affairs

SEPTEMBER 19, 2021

In 2013, AT&T implemented a new system to monitor the activity of the employees, for this reason, the Pakistani man corrupted the employees to install malware and other tools on the infrastructure of the company to unlock the devices remotely. SecurityAffairs – hacking, malware). Secret Service, IRS-CI and the U.S.

Hacking

Hacking Malware Cybercrime Information Security

Russia-linked InvisiMole APT targets state organizations of Ukraine

Security Affairs

MARCH 21, 2022

Then the backdoor contacts the command-and-control (C2) server to downloads and executes other malicious payloads, including the TunnelMole, malware that abuses the DNS protocol to establish a tunnel for malicious purposes, and RC2FM and RC2CL. The LoadEdge backdoor maintains persistence through the Windows registry.

Spyware

Spyware DNS Phishing Government

Alfer Microsoft, also SonicWall confirmed that its products were affected by Y2K22 bug

Security Affairs

JANUARY 8, 2022

The problem is caused by a bug in the FIP-FS anti-malware scanning engine. FIP-FS is the anti-malware scanning engine used by Microsoft to protect its users, it was used starting with Exchange Server 2013.

Firewall

Firewall Engineering Firmware Malware

Experts detail a new Kimsuky social engineering campaign

Security Affairs

JUNE 8, 2023

The campaign has the objective of stealing Google and subscription credentials of a reputable news and analysis service focusing on North Korea, as well as delivering reconnaissance malware. Kimsuky cyberespionage group (aka ARCHIPELAGO, Black Banshee, Thallium , Velvet Chollima, APT43 ) was first spotted by Kaspersky researcher in 2013.

Social Engineering

Social Engineering Engineering Malware Risk

The parabola of a prolific cyber-criminal known as Dton

Security Affairs

MARCH 17, 2020

The man is active at least since 2013 and already earned at least $100,000 US from his ‘work,’ but researchers believe he has earned several times that amount. The experts were able to identify the man, his name is Bill Henry (25) from Benin City, Nigeria, his criminal activity include the theft of credit cards, phishing and malware attacks.

Cybercrime

Cybercrime Malware Advertising Phishing

Researchers shared technical details of NSA Equation Group’s Bvp47 backdoor

Security Affairs

FEBRUARY 23, 2022

The Bvp47 backdoor was first discovered in 2013 while conducting a forensic investigation into a security breach suffered by a Chinese government organization. The experts extracted the backdoor from Linux systems “during an in-depth forensic investigation of a host in a key domestic department.”

Encryption

Encryption Hacking Government Engineering

Russian Gamaredon APT is targeting Ukraine since October

Security Affairs

FEBRUARY 6, 2022

In Mid January the Ukrainian government was hit with destructive malware, tracked as WhisperGate , and several Ukrainian government websites were defaced by exploiting a separate vulnerability in OctoberCMS. These clusters link to over 700 malicious domains, 215 IP addresses, and over 100 samples of malware.

Government

Government Phishing Malware Hacking

Chinese APT CactusPete targets military and financial orgs in Eastern Europe

Security Affairs

AUGUST 14, 2020

The CactusPete cyber-espionage group has been active since at least 2013, it has been mainly focused on military, diplomatic, and infrastructure targets in Asia and Eastern Europe. Since the malware contains mostly information gathering functionality, most likely they hack into organizations to gain access to the victims’ sensitive data.

Malware

Malware Advertising Phishing Hacking

US DoJ indicts four members of China-linked APT40 cyberespionage group

Security Affairs

JULY 19, 2021

The APT40 group has been active since at least 2013 and appears to be focused on supporting naval modernization efforts of the Government of Beijing. According to the indictment, threat actors hit targets with spearphishing messages, their arsenal includes sophisticated malware, including custom-made malicious code.

Hacking

Hacking Technology Government Malware

NSA Equation Group tool was used by Chinese hackers years before it was leaked online

Security Affairs

FEBRUARY 22, 2021

In 2015, Kaspersky first spotted the NSA Equation Group, it revealed it was operating since at least 2001 and targeted almost any industry with sophisticated zero-day malware. EpMe dates back to at least 2013 – four years before APT31 was caught exploiting this vulnerability in the wild.”

Hacking

Hacking Malware Software Information Security

New ZLoader malware campaign hit more than 2000 victims across 111 countries

Meet the Administrators of the RSOCKS Proxy Botnet

Trending Sources

North Korea-Linked APT Group Kimsuky spotted using new malware

Benefits of a Website Malware Scanner

North Korea-linked malware ATMDtrack infected ATMs in India

Gamaredon group uses a new Outlook tool to spread malware

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Attor malware was developed by one of the most sophisticated espionage groups

North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

CERT-UA warns of an ongoing SmokeLoader campaign

BotenaGo botnet targets millions of IoT devices using 33 exploits

Microsoft recommends Exchange admins to disable the SMBv1 protocol

3 of the Worst Data Breaches in the World That Could Have Been Prevented

Experts spotted two Android spyware used by Indian APT Confucius

Y2k22 bug in Microsoft Exchange causes failure in email delivery

Hunting the ICEFOG APT group after years of silence

Ukraine intelligence doxed 5 FSB Officers that are members of Gamaredon APT Group

Winnti APT continues to target game developers in Russia and abroad

Threat actor has been targeting the aviation industry since at least 2018

North Korea-linked TA406 cyberespionage group activity in 2021

Sextortion campaign uses Goontact spyware to target Android and iOS users

Russia-linked Gamaredon APT continues to target Ukraine

CIRWA Project tracks ransomware attacks on critical infrastructure

Pakistan-linked Transparent Tribe APT expands its arsenal

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

Microsoft rolled out emergency fix for Y2k22 bug in Exchange servers

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Sophos Sandboxie is now available as an open-source tool

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

Russia-linked Gamaredon APT targeted a western government entity in Ukraine

A member of the FIN7 group was sentenced to 10 years in prison

StrongPity APT spreads backdoored Android Telegram app via fake Shagle site

Pakistani man sentenced to 12 years of prison for his role in AT&T hacking scheme

Russia-linked InvisiMole APT targets state organizations of Ukraine

Alfer Microsoft, also SonicWall confirmed that its products were affected by Y2K22 bug

Experts detail a new Kimsuky social engineering campaign

The parabola of a prolific cyber-criminal known as Dton

Researchers shared technical details of NSA Equation Group’s Bvp47 backdoor

Russian Gamaredon APT is targeting Ukraine since October

Chinese APT CactusPete targets military and financial orgs in Eastern Europe

US DoJ indicts four members of China-linked APT40 cyberespionage group

NSA Equation Group tool was used by Chinese hackers years before it was leaked online

Stay Connected