2016, Hacking, Information Security and Phishing

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Security Affairs

MAY 13, 2024

Experts reported that since April, the Phorpiex botnet sent millions of phishing emails to spread LockBit Black ransomware. Phishing Reporting : Report phishing emails and other malicious cyber activities to relevant authorities like the FBI’s IC3 and the NJCCIC.

Phishing

Phishing Ransomware Security Awareness Authentication

U.S. authorities charged an Iranian national for long-running hacking campaign

Security Affairs

MARCH 2, 2024

Department of Justice (DoJ) charged Iranian national Alireza Shafie Nasab (39) for multi-year hacking campaign targeting U.S. According to DoJ, from at least in or about 2016 through or about April 2021, Nasab and other co-conspirators carried out a coordinated multi-year campaign to breach computers worldwide. ” concludes DoJ.

Hacking

Hacking Identity Theft Social Engineering Accountability

TrickGate, a packer used by malware to evade detection since 2016

Security Affairs

JANUARY 31, 2023

TrickGate is a shellcode-based packer offered as a service, which is used at least since July 2016, to hide malware from defense programs. The attack chain observed by the experts can vary significantly, but in most cases, threat actors used phishing messages with malicious attachments or malicious links. ” continues the report.

Malware

Malware Antivirus Manufacturing Healthcare

Cybercriminals Use Azure Front Door in Phishing Attacks

Security Affairs

JUNE 21, 2022

Experts identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. USA) has identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. 1 – Example of Phishing Page Delivered by Azure Front Door (AFD).

Phishing

Phishing Accountability Hacking Scams

Facebook ads used to steal 615000+ credentials in a phishing campaign

Security Affairs

JANUARY 1, 2021

Cybercriminals are abusing Facebook ads in a large-scale phishing scam aimed at stealing victims’ login credentials. Researchers from security firm ThreatNix spotted a new large-scale campaign abusing Facebook ads. The landing pages are phishing pages that impersonate legitimate companies. ” continues the post.

Phishing

Phishing Scams Accountability Malware

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals. In 2019, a Canadian company called Defiant Tech Inc.

Hacking

Hacking Accountability Data breaches Marketing

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Security Affairs

JUNE 21, 2023

Russia-linked APT28 group hacked into Roundcube email servers belonging to multiple Ukrainian organizations. The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide.

Hacking

Hacking Government Phishing Malware

Fake Cisco ‘Critical Update’ used in phishing campaign to steal WebEx credentials

Security Affairs

APRIL 11, 2020

Crooks are using a fake Cisco “critical security advisory” in a new phishing campaign aimed at stealing victims’ Webex credentials. The Cofense’s phishing defense center has uncovered an ongoing phishing campaign that uses a Cisco security advisory related to a critical vulnerability as a lure. name=CVE-2016-9223.

Phishing

Phishing Advertising Healthcare Cyber Attacks

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The infamous Locky ransomware was first spotted in the wild in February 2016. CryptXXX, another major family discovered in April 2016 and later rebranded as UltraCrypter, relied on exploit kits that used software vulnerabilities to infiltrate systems. The first viable Mac ransomware called KeRanger was spotted in the spring of 2016.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Security Affairs

DECEMBER 4, 2021

The Hancitor downloader has been active since at least 2016 for dropping Pony and Vawtrak. The Hancitor malware is distributed through phishing emails, or using compromised credentials, exploiting Microsoft Exchange vulnerabilities, or legitimate Remote Desktop Protocol (RDP) tools to gain initial access to a victim’s network.

Ransomware

Ransomware Hacking Malware Encryption

Russia-linked APT28 and crooks are still using the Moobot botnet

Security Affairs

MAY 3, 2024

The threat actors used the botnet harvest credentials, collect NTLMv2 digests, proxy network traffic, and host spear-phishing landing pages and custom tools. The Moobot botnet has been active since at least 2016, it also includes other routers and virtual private servers (VPS). ” reported Trend Micro.

Phishing

Phishing Cryptocurrency Internet Internet

Kaspersky report: Malware shared by USCYBERCOM first seen in December 2016

Security Affairs

JULY 9, 2019

The malware samples shared by USCYBERCOM last week were first detected in December 2016 in attacks attributed to Iran-linked APT33. Last week the United States Cyber Command (USCYBERCOM) uploaded to VirusTotal a malware used by Iran-linked APT33 group in attacks in Dec 2016 and Jan 2017. SecurityAffairs – USCYBERCOM, hacking).

Malware

Malware InfoSec Advertising Government

Hackers use a new technique in phishing attacks to disable Macro security warnings in weaponized docs

Security Affairs

JULY 9, 2021

Threat actors have devised a new trick to disable macro security warning that leverage non-malicious docs in phishing attacks. Most of the phishing attacks leverage weaponized Microsoft Office documents and social engineering techniques to trick recipients into enabling the macros. SecurityAffairs – hacking, phishing).

Phishing

Phishing Social Engineering Banking Engineering

New phishing campaign targets bank customers with WSH RAT

Security Affairs

JUNE 17, 2019

Security researchers at Cofense have spotted a phishing campaign aimed at commercial banking customers distributing a new remote access trojan (RAT) tracked as WSH RAT. Threat actors are using the RAT to deliver keyloggers and information stealers. Within five days, WSH RAT was observed being actively distributed via phishing.

Banking

Banking Phishing Advertising Malware

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces. The Russian criminal was arrested in Prague in October 2016 in an international joint operation with the FBI. SecurityAffairs – hacking, cybercrime).

Hacking

Hacking Cybercrime Data breaches Advertising

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

The group was involved also in the string of attacks that targeted 2016 Presidential election. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).

Government

Government Education Phishing Malware

San Francisco’s transport agency Metropolitan Transportation Commission (MTC) exposes drivers’ plate numbers and addresses

Security Affairs

OCTOBER 3, 2023

Our researchers found that the letters are dated between 2016 and 2021. Risk of plate cloning While the leaked parking permits are no longer valid, malicious actors could use the exposed data for identity theft and to craft spear phishing attacks. Researchers contacted MTC, and public access to the data was closed.

Identity Theft

Identity Theft Scams Risk Phishing

Microsoft to notify Office 365 users of nation-state attacks

Security Affairs

FEBRUARY 8, 2021

Since 2016 , Microsoft has been alerting users of nation-state activity, now the IT giant added the same service to the Defender for Office 365 dashboard. The new security alert will notify companies when their employees are being targeted by state-sponsored attacks. SecurityAffairs – hacking, nation-state hacking).

System Administration

System Administration Hacking Cyber threats Accountability

Google warns of APT28 attack attempts against 14,000 Gmail users

Security Affairs

OCTOBER 8, 2021

Google warned more than 14,000 Gmail users that they have been the target of nation-state spear-phishing campaigns. Shane Huntley, the head of the Threat Analysis Group (TAG), wrote on Twitter that his group had sent an above-average batch of government-backed security warnings. . SecurityAffairs – hacking, spear-phishing).

Phishing

Phishing Government Hacking Accountability

Social Blade discloses security breach

Security Affairs

DECEMBER 16, 2022

However the company recommends users to change their password as a precaution and remain vigilant to recognize phishing attempts. This is not the first time that the Social Blade infrastructure was breached, in 2016, the company suffered another security breach. SecurityAffairs – hacking, Social Blade).

Data breaches

Data breaches Passwords Media Phishing

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. According to the Google Threat Horizons report, the state-sponsored hackers sent fake job offers to employees at the security companies. . SecurityAffairs – hacking, North Korea).

Malware

Malware Phishing Antivirus Hacking

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

Security Affairs

OCTOBER 27, 2023

The group was involved also in the string of attacks that targeted 2016 Presidential election. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).

Government

Government Phishing Accountability Hacking

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election. Pierluigi Paganini.

Phishing

Phishing Accountability Advertising DNS

CISA and FBI warn of ongoing TrickBot attacks

Security Affairs

MARCH 19, 2021

On Wednesday, the two US agencies published an advisory to warn organizations of a new wave of attacks conducted by cybercrime actors that are leveraging a traffic infringement phishing scheme to trick victims into installing the TrickBot malware. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Phishing

Phishing Cybercrime Malware Ransomware

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Security Affairs

DECEMBER 10, 2020

Russia-link cyberespionage APT28 leverages COVID-19 as phishing lures to deliver the Go version of their Zebrocy (or Zekapab) malware. Russia-linked APT28 is leveraging COVID-19 as phishing lures in a new wave of attacks aimed at distributing the Go version of their Zebrocy (or Zekapab) malware. SecurityAffairs – hacking, Zebrocy).

Malware

Malware Phishing Government Data collection

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

CERT-UA warns of a spear-phishing campaign conducted by APT28 group targeting Ukrainian government bodies with fake ‘Windows Update’ guides. The group was involved also in the string of attacks that targeted 2016 Presidential election. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

System Administration

System Administration Government Phishing Malware

Europol arrested 1800 money mules as part of an anti-money-laundering operation

Security Affairs

DECEMBER 2, 2021

The name EMMA is an acronym for European Money Mule Action operation, the first EMMA operation led by Europol took place in 2016. The money mules have a crucial role in criminal organizations to launder money for a wide array of illegal activities, such as online scams, sim-swapping, e-commerce fraud, and phishing. Pierluigi Paganini.

Banking

Banking Scams Phishing Media

Grandoreiro banking malware targets Mexico and Spain

Security Affairs

AUGUST 21, 2022

” The infection chain begins with a spear-phishing message written in Spanish that includes a link that points to a website that further downloads a malicious ZIP archive on the victim’s machine. . SecurityAffairs – hacking, Log4Shell). ” reads the post published by Zscaler. ” concludes the report.

Banking

Banking Malware Antivirus Phishing

Security Affairs newsletter Round 431 by Pierluigi Paganini – International edition

Security Affairs

AUGUST 6, 2023

Reptile Rootkit employed in attacks against Linux systems in South Korea New PaperCut flaw in print management software exposes servers to RCE attacks A cyberattack impacted operations of multiple hospitals in several US states Married couple pleaded guilty to laundering billions in cryptocurrency stolen from Bitfinex in 2016 Malicious packages in (..)

Malware

Malware Cybercrime Cryptocurrency Social Engineering

A Ukrainian man is the third FIN7 member sentenced in the United States

Security Affairs

APRIL 8, 2022

for high-level hacking activity in the cybercrime group FIN7 (aka Carbanak Group and the Navigator Group). The cybercriminal had pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking. SecurityAffairs – hacking, FIN7). in May 2020. Polite, Jr. Attorney Nicholas W.

Cybercrime

Cybercrime Hacking Software Phishing

U.S. Department of Defense discloses details about critical and high severity issues

Security Affairs

SEPTEMBER 4, 2020

They could: XSS Phishing Bypass domain security Steal sensitive user data, cookies, etc.” ” An attacker could exploit the issue to target visitors of the website with phishing and cross-site scripting attacks. . SecurityAffairs – hacking, U.S. Pierluigi Paganini. Department of Defense). The post U.S.

Advertising

Advertising Phishing Hacking Technology

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Security Affairs

DECEMBER 5, 2023

The group was involved also in the string of attacks that targeted 2016 Presidential election. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, APT28)

Accountability

Accountability Government Phishing Authentication

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Security Affairs

DECEMBER 7, 2023

The group was involved also in the string of attacks that targeted 2016 Presidential election. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, APT28)

Government

Government Telecommunications Accountability Phishing

New Linux malware targets WordPress sites by exploiting 30 bugs

Security Affairs

DECEMBER 30, 2022

Newspaper Theme on WordPress Access Control (vulnerability CVE-2016-10972). ” Visitors of compromised pages are redirected to malicious sites used to distribute malware and serve phishing pages. SecurityAffairs – hacking, Lunix Malware). WordPress – Yuzo Related Posts. Yellow Pencil Visual Theme Customizer Plugin.

Malware

Malware Hacking Accountability Phishing

Russia-linked threat actors targets critical infrastructure, US authorities warn

Security Affairs

JANUARY 12, 2022

The alert provides information about tactics, techniques, and procedures (TTPs) associated with Russia-Linked threat actors, along with recommendations on incident response and mitigations. Russia-linked cyber-espionage groups have used common tactics, such as spear-phishing, and brute force attacks. Pierluigi Paganini.

Malware

Malware Cyber threats Cybersecurity Government

FIN8 group used a previously undetected Sardonic backdoor in a recent attack

Security Affairs

AUGUST 25, 2021

The group has been active since 2016, it leverages known malware such as PUNCHTRACK and BADHATCH to infect PoS systems and steal payment card data. Tune the e-mail security solution to automatically discard malicious or suspicious attachments. SecurityAffairs – hacking, FIN8). Pierluigi Paganini.

Retail

Retail Insurance Malware Phishing

Donot Team cyberespionage group updates its Windows malware framework

Security Affairs

AUGUST 21, 2022

The Donot Team has been active since 2016, it focuses on government and military organizations, ministries of foreign affairs, and embassies in India, Pakistan, Sri Lanka, Bangladesh, and other South Asian countries. SecurityAffairs – hacking, Donot Team). ” reads the report published by Morphisec. Pierluigi Paganini.

Malware

Malware Spyware Phishing Government

The Only Thing Surprising About The Crippling Ransomware Attack On A Major US Fuel Pipeline Is That Anyone Is Surprised That The Attack Succeeded

Joseph Steinberg

MAY 12, 2021

And, just before the COVID-19 pandemic hit the United States, the Department of Homeland Security alerted information security professionals that a ransomware attack delivered via phishing emails had adversely impacted operations at one of the country’s natural gas processors. Nor were those isolated incidents.

Energy and Utilities

Energy and Utilities Ransomware Artificial Intelligence Cyber Attacks

Pakistan-linked Transparent Tribe APT expands its arsenal

Security Affairs

MAY 16, 2021

The Operation Transparent Tribe (Operation C-Major, APT36, and Mythic Leopard) was first spotted by Proofpoint Researchers in Feb 2016, in a series of cyber espionage operations against Indian diplomats and military personnel in some embassies in Saudi Arabia and Kazakhstan. SecurityAffairs – hacking, APT). Pierluigi Paganini.

Malware

Malware Phishing Hacking Information Security

Ways to Develop a Cybersecurity Training Program for Employees

Security Affairs

APRIL 15, 2022

While you may disagree, data breach studies show that employees and negligence are the most typical causes of security breaches, yet these prevalent issues are least discussed. While there are numerous approaches to promoting a more cyber secure workplace, here are the most common and effective ways: Trick Employees via a Phishing Campaign.

Cybersecurity

Cybersecurity Data privacy Data breaches Phishing

North Korea-linked Lazarus APT targets the COVID-19 research

Security Affairs

DECEMBER 25, 2020

The group is considered responsible for the massive WannaCry ransomware attack, a string of SWIFT attacks in 2016, and the Sony Pictures hack. The wAgent backdoor allows the attackers to executed various shell commands to gather information from the infected device. . SecurityAffairs – hacking, North Korea).

Cryptocurrency

Cryptocurrency Malware Hacking Phishing

Microsoft disrupted APT28 attacks on Ukraine through a court order

Security Affairs

APRIL 8, 2022

The group was involved also in the string of attacks that targeted 2016 Presidential election. Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks. SecurityAffairs – hacking, APT28). The post Microsoft disrupted APT28 attacks on Ukraine through a court order appeared first on Security Affairs.

Government

Government Media Malware Hacking

North Korea-linked APT37 targets South with RokRat Trojan

Security Affairs

JANUARY 7, 2021

” The VBA self-decoding technique is not a novelty, the threat actor is using it since 2016. “The primary initial infection vector used by APT37 is spear phishing, in which the actor sends an email to a target that is weaponized with a malicious document. SecurityAffairs – hacking, APT37). Pierluigi Paganini.

Government

Government Phishing Encryption Malware

Mandiant identifies 3 hacktivist groups working in support of Russia

Security Affairs

SEPTEMBER 27, 2022

The group was involved also in the string of attacks that targeted 2016 Presidential election. Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks. SecurityAffairs – hacking, Russia). The post Mandiant identifies 3 hacktivist groups working in support of Russia appeared first on Security Affairs.

DDOS

DDOS Cyber threats Phishing Hacking

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

U.S. authorities charged an Iranian national for long-running hacking campaign

Trending Sources

TrickGate, a packer used by malware to evade detection since 2016

Cybercriminals Use Azure Front Door in Phishing Attacks

Facebook ads used to steal 615000+ credentials in a phishing campaign

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Fake Cisco ‘Critical Update’ used in phishing campaign to steal WebEx credentials

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Russia-linked APT28 and crooks are still using the Moobot botnet

Kaspersky report: Malware shared by USCYBERCOM first seen in December 2016

Hackers use a new technique in phishing attacks to disable Macro security warnings in weaponized docs

New phishing campaign targets bank customers with WSH RAT

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

San Francisco’s transport agency Metropolitan Transportation Commission (MTC) exposes drivers’ plate numbers and addresses

Microsoft to notify Office 365 users of nation-state attacks

Google warns of APT28 attack attempts against 14,000 Gmail users

Social Blade discloses security breach

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

Russia-linked APT28 has been scanning vulnerable email servers in the last year

CISA and FBI warn of ongoing TrickBot attacks

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Europol arrested 1800 money mules as part of an anti-money-laundering operation

Grandoreiro banking malware targets Mexico and Spain

Security Affairs newsletter Round 431 by Pierluigi Paganini – International edition

A Ukrainian man is the third FIN7 member sentenced in the United States

U.S. Department of Defense discloses details about critical and high severity issues

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

New Linux malware targets WordPress sites by exploiting 30 bugs

Russia-linked threat actors targets critical infrastructure, US authorities warn

FIN8 group used a previously undetected Sardonic backdoor in a recent attack

Donot Team cyberespionage group updates its Windows malware framework

The Only Thing Surprising About The Crippling Ransomware Attack On A Major US Fuel Pipeline Is That Anyone Is Surprised That The Attack Succeeded

Pakistan-linked Transparent Tribe APT expands its arsenal

Ways to Develop a Cybersecurity Training Program for Employees

North Korea-linked Lazarus APT targets the COVID-19 research

Microsoft disrupted APT28 attacks on Ukraine through a court order

North Korea-linked APT37 targets South with RokRat Trojan

Mandiant identifies 3 hacktivist groups working in support of Russia

Stay Connected