2017, Information Security, Malware and Phishing

IcedID malware campaign targets Zoom users

Security Affairs

JANUARY 7, 2023

Cyber researchers warn of a modified Zoom app that was used by threat actors in a phishing campaign to deliver the IcedID Malware. Cyble researchers recently uncovered a phishing campaign targeting users of the popular video conferencing and online meeting platform Zoom to deliver the IcedID malware. Pierluigi Paganini.

Malware

Malware Phishing Banking Hacking

China-based Fangxiao group behind a long-running phishing campaign

Security Affairs

NOVEMBER 17, 2022

A China-based financially motivated group, tracked as Fangxiao, is behind a large-scale phishing campaign dating back as far as 2019. Researchers from Cyjax reported that a China-based financially motivated group, dubbed Fangxiao, orchestrated a large-scale phishing campaign since 2017. SecurityAffairs – hacking, phishing).

Phishing

Phishing Adware Retail Malware

CISA warns of phishing attacks delivering KONNI RAT

Security Affairs

AUGUST 17, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) has published an alert to provide technical details on a new wave of attacks delivering the KONNI remote access Trojan (RAT). The malware has been active since at least 2014, it was undetected for more than 3 years and was used in highly targeted attacks. Pierluigi Paganini.

Phishing

Phishing Malware Advertising Architecture

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

China-linked BlackTech APT uses new Flagpro malware in recent attacks

Security Affairs

DECEMBER 29, 2021

China-linked BlackTech cyberespionage group was targeting Japanese companies using new malware tracked as ‘Flagpro’. Researchers from NTT Security reported that China-linked BlackTech cyberespionage group targeted Japanese companies using new malware tracked as ‘Flagpro’. ” reads the analysis published by NTT Security.

Malware

Malware Phishing Passwords Media

Threat actors target the Ukrainian gov with IcedID malware

Security Affairs

APRIL 16, 2022

Threat actors are targeting Ukrainian government agencies with phishing attacks delivering the IcedID malware. The Ukrainian Computer Emergency Response Team (CERT-UA) uncovered new phishing campaigns aimed at infecting systems of Ukrainian government agencies with the IcedID malware. Patch 1 and 8.8.x x before 8.8.7

Malware

Malware Phishing Banking Government

New Coronavirus-themed malspam campaign delivers FormBook Malware

Security Affairs

MARCH 8, 2020

Experts uncovered a new Coronavirus (COVID-19 ) -themed campaign that is distributing a malware downloader that delivers the FormBook information-stealing Trojan. Experts at MalwareHunterTeam uncovered a new malspam campaign exploiting the fear in the Coronavirus (COVID-19) to deliver malware.

Malware

Malware Scams Social Engineering Phishing

Australian ACSC ‘s report confirms the use of Chinese malware in recent attacks

Security Affairs

JUNE 28, 2020

In many cases, attackers targeted unpatched versions of Telerik user interface (UI) by exploiting CVE-2019-18935 , CVE-2017-9248 , CVE-2017-11317 , CVE-2017-11357 vulnerabilities. “The ACSC has identified instances where users have executed malware embedded in email attachments. Pierluigi Paganini.

Malware

Malware Advertising Government Cyber Attacks

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs

OCTOBER 31, 2022

In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding a ransom in cryptocurrency to restore them, the Wannacry ransomware. The infection chain.

Malware

Malware Computers and Electronics Encryption Ransomware

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Security Affairs

SEPTEMBER 21, 2022

Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. ” reads the report published by Recorded Future.

Malware

Malware Telecommunications DNS Hacking

TA544 group behind a spike in Ursnif malware campaigns targeting Italy

Security Affairs

OCTOBER 3, 2021

TA544 is a financially motivated threat actor that is active at least since 2017, it focuses on attacks on banking users, it leverages banking malware and other payloads to target organizations worldwide, mainly in Italy and Japan. Upon enabling the macro, the infection process will start. Pierluigi Paganini.

Malware

Malware Banking Social Engineering Retail

Kaspersky report: Malware shared by USCYBERCOM first seen in December 2016

Security Affairs

JULY 9, 2019

The malware samples shared by USCYBERCOM last week were first detected in December 2016 in attacks attributed to Iran-linked APT33. Last week the United States Cyber Command (USCYBERCOM) uploaded to VirusTotal a malware used by Iran-linked APT33 group in attacks in Dec 2016 and Jan 2017. ” reads the report.

Malware

Malware InfoSec Advertising Government

North Korea-linked Konni APT uses Russian-language weaponized documents

Security Affairs

NOVEMBER 24, 2023

North Korea-linked Konni APT group used Russian-language Microsoft Word documents to deliver malware. FortiGuard Labs researchers observed the North Korea-linked Konni APT group using a weaponized Russian-language Word document in an ongoing phishing campaign. ” concludes the report.

Encryption

Encryption Malware Phishing Hacking

North Korea-linked Konni APT targets Russian diplomatic bodies

Security Affairs

JANUARY 6, 2022

North Korea-linked APT group Konni targets Russian Federation’s Ministry of Foreign Affairs (MID) new versions of malware implants. Security researchers at Cluster25 uncovered a recent campaign carried out by the North Korea-linked Konni APT group aimed at Russian diplomatic entities that used new versions of malware implants.

Phishing

Phishing Malware Hacking Accountability

China-linked APT uses a new backdoor in attacks at Russian defense contractor

Security Affairs

APRIL 30, 2021

The state-sponsored hackers sent spear-phishing messages to a general director working at the Rubin Design Bureau , in Saint Petersburg, which is one of three main Russian centers of submarine design. The spear-phishing messages used a malicious Rich Text File (RTF) document that included descriptions of an autonomous underwater vehicle.

Phishing

Phishing Malware Antivirus Encryption

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

The researchers from Google TAG are warning of Russia-linked threat actors targeting Ukraine with phishing campaigns. Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG).

Phishing

Phishing Education Accountability Telecommunications

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. According to the Google Threat Horizons report, the state-sponsored hackers sent fake job offers to employees at the security companies. . ” reads the Google Threat Horizons report.

Malware

Malware Phishing Antivirus Hacking

China-linked Space Pirates APT targets the Russian aerospace industry

Security Affairs

MAY 19, 2022

A previously unknown Chinese cyberespionage group, tracked as ‘Space Pirates’, targets enterprises in the Russian aerospace industry with spear-phishing attacks. The group has been active since at least 2017, researchers believe it is linked with other China-linked APT groups, including APT41 (Winnti), Mustang Panda , and APT27.

Malware

Malware Phishing Government Hacking

Chinese actors behind attacks on industrial enterprises and public institutions

Security Affairs

AUGUST 9, 2022

The threat actors launched spear-phishing campaigns against the victims, in some cases, the messages contained information related to the victims which were not publicly available. The emails used weaponized Microsoft Word documents exploiting the CVE-2017-11882 vulnerability.

Encryption

Encryption Antivirus Malware Hacking

CISA and FBI warn of Truebot infecting US and Canada based organizations

Security Affairs

JULY 6, 2023

A new variant of the Truebot malware was used in attacks against organizations in the United States and Canada. ALERT: Increased #Truebot malware activity targets U.S. & The attackers use the malware to escalate privileges and maintain persistence on the compromised systems. & Canada organizations.

Malware

Malware Cyber threats Phishing Hacking

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

CERT-UA warns of a spear-phishing campaign conducted by APT28 group targeting Ukrainian government bodies with fake ‘Windows Update’ guides. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

System Administration

System Administration Government Phishing Malware

School district IT leaders grade their handling of past malware attacks

SC Magazine

MARCH 15, 2021

The school districts of Rockford, Illinois and Rockingham County, North Carolina learned some very valuable lessons in transparency and communication, timely incident response, access management, data redundancy and disaster recovery after each experienced a debilitating malware attack years ago. It appears the training has been effective.

Malware

Malware Backups Education Ransomware

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. According to the joint report, APT28 exploited the known vulnerability to carry out reconnaissance and reploy malware on unpatched Cisco routers. government institutions, and about 250 Ukrainian victims. ” reads the joint advisory.

Malware

Malware Firmware Government Education

Iran-linked APT TA453 targets Windows and macOS systems

Security Affairs

JULY 8, 2023

Iran-linked APT group tracked TA453 has been linked to a new malware campaign targeting both Windows and macOS systems. The Iran-linked threat actor TA453 has been linked to a malware campaign that targets both Windows and macOS. GorjolEcho maintains persistence by copying the initial stages malware in a StartUp entry.

Malware

Malware VPN Media Encryption

US indicted 4 Russian government employees for attacks on critical infrastructure

Security Affairs

MARCH 25, 2022

. “According to the indictment, between May and September 2017, the defendant and co-conspirators hacked the systems of a foreign refinery and installed malware, which cyber security researchers have referred to as “Triton” or “Trisis,” on a safety system produced by Schneider Electric, a multinational corporation.

Government

Government Energy and Utilities Malware Hacking

COVID-19 Has United Cybersecurity Experts, But Will That Unity Survive the Pandemic?

Krebs on Security

APRIL 15, 2020

The Coronavirus has prompted thousands of information security professionals to volunteer their skills in upstart collaborative efforts aimed at frustrating cybercriminals who are seeking to exploit the crisis for financial gain. “I’ve never seen this volume of phishing,” Rogers told Reuters. “I

Cybersecurity

Cybersecurity Cyber threats Government Phishing

Grandoreiro Malware implements new features in Q2 2020

Security Affairs

MAY 27, 2020

The updated Grandoreiro Malware equipped with latenbot-C2 features in Q2 2020 now extended to Portuguese banks. Cybercriminals attempt to compromise computers to generate revenue by exfiltrating information from victims’ devices, typically banking-related information. Technical Analysis. 100:51224/$rdgate?

Malware

Malware Banking Advertising Data collection

XLoader, a $49 spyware that could target both Windows and macOS devices

Security Affairs

JULY 21, 2021

Check Point Research (CPR) experts have spotted a cheap malware, dubbed XLoader variant, which was upgraded to target both Windows and macOS PCs. XLoader is a very cheap malware strain that is based on the popular Formbook Windows malware. Thus, a “Malware-as-a-Service” scheme is used. ” continues the report.

Spyware

Spyware Malware Cybercrime Advertising

Most ransomware attacks take place outside the working hours

Security Affairs

MARCH 17, 2020

FireEye compiled the report using data from dozens of ransomware infections that it has investigated from 2017 to 2019. The timing of the ransomware attacks is not casual, attackers attempt to deploy the malware when the presence of the IT staff is reduced and the likelihood to be detected is low.

Ransomware

Ransomware Advertising Malware Cybercrime

Unprecedented cyber attack hit State Infrastructure of Montenegro

Security Affairs

AUGUST 27, 2022

In June 2017, Montenegro was targeted by the Russia-linked hacker group APT28 after Montenegro officially joined NATO alliance despite the strong opposition from the Russian Government that threatened to retaliate. Abazovic said it was politically motivated following the fall of his government last week.” ” reported the Reuters.

Cyber Attacks

Cyber Attacks Government Telecommunications Malware

Is APT28 behind the STIFF#BIZON attacks attributed to North Korea-linked APT37?

Security Affairs

JULY 24, 2022

The attackers employed the Konni RAT (remote access trojan), which was first spotted by Cisco Talos researchers in 2017 and has been undetected since 2014 while being employed in highly targeted attacks. The attack chain starts with phishing messages that attempt to trick victims into opening a malicious attachment. Pierluigi Paganini.

Malware

Malware Encryption Phishing Hacking

A deeper insight into the CloudWizard APT’s activity revealed a long-running activity

Security Affairs

MAY 23, 2023

In October 2022, Kaspersky researchers uncovered a malware campaign aimed at infecting government, agriculture and transportation organizations located in the Donetsk, Lugansk, and Crimea regions with a previously undetected framework dubbed CommonMagic. Since 2017, there have been no traces of Groundbait and BugDrop operations.

Malware

Malware Spyware Encryption Phishing

China-linked APT Sharp Panda targets government entities in Southeast Asia

Security Affairs

MARCH 8, 2023

The researchers pointed out that this is the first time the Soul malware framework is attributed to a known cluster of malicious activity, although it was previously used in attacks targeting the defense, healthcare, and ICT sectors in Southeast Asia. t Downloader and a second-stage loader that delivers the final backdoor.

Government

Government Malware Architecture Healthcare

New APT ChamelGang Targets energy and aviation companies in Russia

Security Affairs

OCTOBER 4, 2021

In March, the cyberespionage group was observed leveraging ProxyShell against targets in 10 countries and used a variety of malware in its campaign. FRP, Cobalt Strike Beacon, and Tiny Shell) and previously undetected malware tracked as ProxyT, BeaconLoader and the DoorMe backdoor. ” reads the analysis published by the experts.

Energy and Utilities

Energy and Utilities Malware Technology Antivirus

DRBControl cyber-espionage group targets gambling, betting companies

Security Affairs

FEBRUARY 19, 2020

The DRBControl APT group has been targeting gambling and betting companies worldwide with malware that links to two China-linked APT groups. Security researchers from TrendMicro have uncovered a cyber espionage campaign carried out by an APT group tracked as DRBControl that employed a new family of malware.

Malware

Malware Advertising Phishing Passwords

Operation North Star – North-Korea hackers targeted US defense and aerospace companies

Security Affairs

JULY 30, 2020

The attackers sent out spear-phishing emails using boobytrapped documents leveraging the fake job offer as bait. Threat actors behind this campaign are utilizing compromised infrastructure from multiple European countries to host their C2 infrastructure and distribute the malware to the targets.

Advertising

Advertising Data collection Malware Phishing

GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon

Security Affairs

MARCH 28, 2022

Ukraine CERT-UA uncovered a spear-phishing campaign conducted by Belarus-linked GhostWriter APT group targeting Ukrainian state entities with Cobalt Strike Beacon. The phishing messages use a RAR-archive named “Saboteurs.rar”, which contains RAR-archive “Saboteurs 21.03.rar.”

Phishing

Phishing Government Hacking Accountability

SilverTerrier gang uses COVID-19 lures in BEC attacks against healthcare, government organizations

Security Affairs

MAY 9, 2020

30), we have observed three SilverTerrier actors/groups launch a series of 10 COVID-19 themed malware campaigns.” ” Between January 30 and April 30, 2020, the researchers observed three SilverTerrier groups launching ten COVID-19-themed malware campaigns, some of them also targeted organizations involved in the COVID-19 response.

Healthcare

Healthcare Government Energy and Utilities Insurance

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

Why we’re in the ‘Golden Age’ of cyber espionageThe fact is cyber criminals are expert at refining and carrying out phishing, malvertising and other tried-and-true ruses that gain them access to a targeted victim’s Internet-connected computing device. Apps from other sources can carry malware or spyware.

Passwords

Passwords Password Management Antivirus Internet

Earth Empusa targets minority group with Android ActionSpy spyware

Security Affairs

JUNE 15, 2020

The threat actors are spreading the malware through watering hole attacks targeting Tibet, Turkey, and Taiwan, The malware was first spotted in April 2020, but experts believe the ActionSpy spyware has been active at least since 2017.

Spyware

Spyware Advertising Encryption Phishing

Microsoft sued North Korea-linked Thallium group

Security Affairs

DECEMBER 30, 2019

Microsoft sued Thallium North Korea-linked APT for hacking into its customers’ accounts and networks via spear-phishing attacks. Microsoft sued a North Korea-linked cyber espionage group tracked as Thallium for hacking into its customers’ accounts and networks via spear-phishing attacks. 27 in the U.S.

Computers and Electronics

Computers and Electronics Phishing Accountability Malware

Malaysia’s MyCERT warns cyber espionage campaign carried out by APT40

Security Affairs

FEBRUARY 10, 2020

The attackers aimed at stealing confidential documents from government systems after having infected them with malware. The attackers exploit the CVE-2014-6352 and CVE-2017-0199 Office vulnerabilities to drop and execute the malware on the victim’s computer. ” reads the alert issued by MyCERT.

Government

Government Advertising Malware Hacking

Security Affairs newsletter Round 318

Security Affairs

JUNE 13, 2021

million customers impacted. million customers impacted. million customers impacted. million customers impacted.

Data breaches

Data breaches Hacking Cryptocurrency Scams

A Ukrainian man is the third FIN7 member sentenced in the United States

Security Affairs

APRIL 8, 2022

Iarmak was directly involved in designing phishing emails embedded with malware, intruding on victim networks, and extracting data such as payment card information,” said U.S. Polite, Jr. of the Justice Department’s Criminal Division. “Mr. Attorney Nicholas W. Brown of the Western District of Washington. .

Cybercrime

Cybercrime Hacking Software Phishing

FBI is helping Montenegro in investigating the ongoing cyberattack

Security Affairs

SEPTEMBER 1, 2022

The National Security Agency said that Montenegro was “under a hybrid war at the moment.”. The state has been a Russian ally since 2017 when it joined NATO despite strong opposition from Russia, it also expressed support to Ukraine after its invasion. The Government believes that the attack was orchestrated by a nation-state actor.

Government

Government Cyber Attacks Telecommunications Malware

IcedID malware campaign targets Zoom users

China-based Fangxiao group behind a long-running phishing campaign

Webinars

Trending Sources

CISA warns of phishing attacks delivering KONNI RAT

Webinars

China-linked BlackTech APT uses new Flagpro malware in recent attacks

Threat actors target the Ukrainian gov with IcedID malware

New Coronavirus-themed malspam campaign delivers FormBook Malware

Australian ACSC ‘s report confirms the use of Chinese malware in recent attacks

Wannacry, the hybrid malware that brought the world to its knees

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

TA544 group behind a spike in Ursnif malware campaigns targeting Italy

Kaspersky report: Malware shared by USCYBERCOM first seen in December 2016

North Korea-linked Konni APT uses Russian-language weaponized documents

North Korea-linked Konni APT targets Russian diplomatic bodies

China-linked APT uses a new backdoor in attacks at Russian defense contractor

Google TAG warns of Russia-linked APT groups targeting Ukraine

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

China-linked Space Pirates APT targets the Russian aerospace industry

Chinese actors behind attacks on industrial enterprises and public institutions

CISA and FBI warn of Truebot infecting US and Canada based organizations

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

School district IT leaders grade their handling of past malware attacks

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Iran-linked APT TA453 targets Windows and macOS systems

US indicted 4 Russian government employees for attacks on critical infrastructure

COVID-19 Has United Cybersecurity Experts, But Will That Unity Survive the Pandemic?

Grandoreiro Malware implements new features in Q2 2020

XLoader, a $49 spyware that could target both Windows and macOS devices

Most ransomware attacks take place outside the working hours

Unprecedented cyber attack hit State Infrastructure of Montenegro

Is APT28 behind the STIFF#BIZON attacks attributed to North Korea-linked APT37?

A deeper insight into the CloudWizard APT’s activity revealed a long-running activity

China-linked APT Sharp Panda targets government entities in Southeast Asia

New APT ChamelGang Targets energy and aviation companies in Russia

DRBControl cyber-espionage group targets gambling, betting companies

Operation North Star – North-Korea hackers targeted US defense and aerospace companies

GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon

SilverTerrier gang uses COVID-19 lures in BEC attacks against healthcare, government organizations

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

Earth Empusa targets minority group with Android ActionSpy spyware

Microsoft sued North Korea-linked Thallium group

Malaysia’s MyCERT warns cyber espionage campaign carried out by APT40

Security Affairs newsletter Round 318

A Ukrainian man is the third FIN7 member sentenced in the United States

FBI is helping Montenegro in investigating the ongoing cyberattack

Stay Connected