2020, Cybercrime, Information Security and Malware

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Security Affairs

OCTOBER 9, 2023

A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. The availability of the source in the cybercrime ecosystem can allow threat actors to develop their own version of the Hello Kitty ransomware.

Cybercrime

Cybercrime Ransomware DDOS Encryption

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

Microsoft has uncovered Zerologon attacks that were allegedly conducted by the infamous TA505 Russia-linked cybercrime group. Microsoft spotted a series of Zerologon attacks allegedly launched by the Russian cybercrime group tracked as TA505 , CHIMBORAZO and Evil Corp. states Microsoft. We strongly recommend patching.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

Incident response analyst report 2020

SecureList

SEPTEMBER 13, 2021

The Incident response analyst report provides insights into incident investigation services conducted by Kaspersky in 2020. We deliver a range of services to help organizations when they are in need: incident response, digital forensics and malware analysis. Geography of incident responses by region, 2020.

Social Engineering

Social Engineering Healthcare Ransomware Government

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

ZingoStealer crimeware released for free in the cybercrime ecosystem

Security Affairs

APRIL 15, 2022

ZingoStealer is a new information-stealer developed by a threat actor known as Haskers Gang who released it for free after they attempted to sell the source code for $500. The cybercrime gang has been active since at least January 2020. SecurityAffairs – hacking, cybercrime). ” concludes the experts.

Cybercrime

Cybercrime Malware Cryptocurrency Hacking

DarkIRC botnet is targeting the critical Oracle WebLogic CVE-2020-14882

Security Affairs

DECEMBER 1, 2020

The critical remote code execution (RCE) vulnerability CVE-2020-14882 in Oracle WebLogic is actively exploited by operators behind the DarkIRC botnet. Experts reported that the DarkIRC botnet is actively targeting thousands of exposed Oracle WebLogic servers in the attempt of exploiting the CVE-2020-14882. c25e6559668942[.]xyz.

Malware

Malware DDOS Hacking Cybercrime

Coronavirus-themed attacks March 15 – March 21, 2020

Security Affairs

MARCH 22, 2020

In this post, I decided to share the details of the Coronavirus-themed attacks launched from March 15 to March 21, 2020. March 21, 2020 – New Coronavirus-themed attack uses fake WHO chief emails. March 19, 2020 – Coronavirus news used by Emotet and Trickbot to evade detection. Pierluigi Paganini.

Advertising

Advertising Cybercrime Scams Phishing

Reading the FBI IC3’s ‘2020 Internet Crime Report’

Security Affairs

MARCH 18, 2021

The FBI’s Internet Crime Complaint Center has released its annual report, the 2020 Internet Crime Report , which includes data from 791,790 complaints of suspected cybercrimes. Data that emerged from the report are worrisome, in 2020 the reported losses exceeded $4.2 ” reads 2020 Internet Crime Report.

Internet

Internet Internet Scams Identity Theft

TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide

Security Affairs

SEPTEMBER 9, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. In January 2021, the cybercrime gang launched a new campaign targeting Kubernetes environments with the Hildegard malware. ” Follow me on Twitter: @securityaffairs and Facebook.

Cybercrime

Cybercrime Cryptocurrency Penetration Testing Malware

Coronavirus-themed attacks March 29 – April 04, 2020

Security Affairs

APRIL 5, 2020

In this post, I decided to share the details of the Coronavirus-themed attacks launched from March 29 to April 04, 2020. March 30, 2020 – Your colleague was infected with COVID19, this is the latest phishing lure. The Zeus Sphinx malware is back, operators are now spreading it exploiting the interest in the COVID19 outbreak.

Advertising

Advertising Phishing Malware Cybercrime

AbstractEmu, a new Android malware with rooting capabilities

Security Affairs

OCTOBER 28, 2021

AbstractEmu is a new Android malware that can root infected devices to take complete control and evade detection with different tricks. Security researchers at the Lookout Threat Labs have discovered a new Android malware, dubbed AbstractEmu , with rooting capabilities that is distributed on Google Play and prominent third-party stores (i.e.

Malware

Malware Cybercrime Mobile Banking

Info stealers and how to protect against them

Security Affairs

DECEMBER 18, 2023

Info stealers, the type of malware with its purpose in the name, can cripple businesses and everyday users alike. Info stealers, also known as information stealers, are a type of malicious software (malware) designed to covertly collect sensitive and personal information from a victim’s computer or network.

Banking

Banking Cybercrime Malware Accountability

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. Experts reported that brute-force cracking tools and account checkers are available on cybercrime marketplaces and forums for an average of $4. Pierluigi Paganini.

Cybercrime

Cybercrime Antivirus Marketing Accountability

BlackCat ransomware, a very sophisticated malware written in Rust

Security Affairs

DECEMBER 10, 2021

Malware researchers from Recorded Future and MalwareHunterTeam discovered ALPHV (aka BlackCat), the first professional ransomware strain that was written in the Rust programming language. Unlike other malware, ALPHV (BlackCat) is the first Rust ransomware that was used in attacks in the wild by a cybercrime organization.

Ransomware

Ransomware Malware Cybercrime Encryption

Coronavirus-themed attacks April 12 – April 18, 2020

Security Affairs

APRIL 19, 2020

This post includes the details of the Coronavirus-themed attacks launched from April 12 to April 18, 2020. Consumer reports received since January 2020 revealed that that approximately $12 million were lost due to Coronavirus-related scams, FTC says. Coronavirus-themed attacks April 05 – April 11, 2020. Pierluigi Paganini.

Scams

Scams Malware Phishing Surveillance

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion. Experts pointed out that the malware is being actively developed. RCE CVE-2020-5902 F5 BigIP RCE No CVE (vulnerability published on 2019) ThinkPHP 5.X Upon installing the threat, the bot drops a file in /tmp/.pwned

Malware

Malware DDOS IoT Cybercrime

A TrickBot malware developer sentenced to 64 months in prison

Security Affairs

JANUARY 26, 2024

The Russian national malware developer Vladimir Dunaev was sentenced to more than 5 years in prison for his role in the TrickBot operation. The Russian national Vladimir Dunaev (40) has been sentenced in the US to 64 months in prison for his role in the development and distribution of the TrickBot malware. in October 2021.

Malware

Malware Identity Theft Banking Ransomware

Ex-Canadian government employee admits to being a member of the Russian cybercrime gang NetWalker

Security Affairs

JUNE 30, 2022

A former Canadian government IT worker admitted to being a high-level member of the Russian cybercrime group NetWalker. to charges related to his involvement with the Russian cybercrime group NetWalker. In August 2020, the FBI has issued a security alert about Netwalker ransomware attacks targeting U.S.

Cybercrime

Cybercrime Government Ransomware Cryptocurrency

Carding Action 2020: Group-IB supports Europol-backed operation saving €40 million

Security Affairs

NOVEMBER 26, 2020

Carding Action 2020 targeted crooks selling/purchasing compromised card data on sites selling stolen cred itcard data and darkweb marketplaces. The three-month anti-cybercrime effort targeted traders of compromised card details and prevented approximately €40 million in losses. .

Cybercrime

Cybercrime eCommerce Banking Marketing

Conti Ransomware Group Diaries, Part I: Evasion

Krebs on Security

MARCH 1, 2022

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. 22, 2020, the U.S. On Sunday, Feb.

Ransomware

Ransomware Healthcare Cybercrime Government

Security Affairs newsletter Round 459 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 18, 2024

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks CISA adds Microsoft Exchange and Cisco ASA and FTD bugs to its Known Exploited Vulnerabilities catalog US gov offers a reward of up to $10M for info on ALPHV/Blackcat gang leaders U.S.

Cybercrime

Cybercrime Ransomware Malware Data breaches

FIN11 cybercrime group is behind recent wave of attacks on FTA servers

Security Affairs

FEBRUARY 23, 2021

FireEye experts linked a series of attacks targeting Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11. Security experts from FireEye linked a series of cyber attacks against organizations running Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11.

Cybercrime

Cybercrime Software Ransomware Cyber Attacks

NetWalker ransomware operators have made $25 million since March 2020

Security Affairs

AUGUST 4, 2020

NetWalker ransomware operators continue to be very active, according to McAfee the cybercrime gang has earned more than $25 million since March 2020. McAfee researchers believe that the NetWalker ransomware operators continue to be very active, the gang is believed to have earned more than $25 million since March 2020.

Ransomware

Ransomware VPN Cybercrime Advertising

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Security Affairs

DECEMBER 31, 2021

The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The Have I Been Pwned data breach notification service now allows victims of the RedLine malware to check if their credentials have been stolen. The malicious code can also act as a first-stage malware.

Accountability

Accountability Malware Data breaches Passwords

Ransomware en masse on the wane: top threats inside web-phishing in H1 2020

Security Affairs

SEPTEMBER 18, 2020

Singapore, 09/18/2020 — Group-IB , a global threat hunting and intelligence company headquartered in Singapore, evidenced the transformation of the threat portfolio over the first half of 2020. Secure web- phishing.

Phishing

Phishing Ransomware Spyware Banking

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Security Affairs

DECEMBER 30, 2021

The attacks were spotted by Iranian cybersecurity firm Amnpardaz, this is the first time ever that malware targets iLO firmware. The persistence achieved by tampering this module allows the malware to survive to the re-installation of the operating system. ” reads the report published by the expers. ” continues the report.

Firmware

Firmware Malware System Administration Technology

Exclusive: The largest mobile malware marketplace identified by Resecurity in the Dark Web

Security Affairs

DECEMBER 5, 2022

Resecurity has identified a new underground marketplace in the Dark Web oriented towards mobile malware developers and operators. This trend comes from the “Man in The Browser” (MiTB) attacks and WEB-injects designed for traditional PC-based malware such as Zeus, Gozi and SpyEye.

Mobile

Mobile Malware Banking Retail

TinyNuke banking malware targets French organizations

Security Affairs

DECEMBER 13, 2021

The TinyNuke malware is back and now was used in attacks aimed at French users working in manufacturing, technology, construction, and business services. Proofpoint researchers uncovered a campaign exclusively targeting French entities and organizations with operations in France with the banking malware TinyNuke. Pierluigi Paganini.

Banking

Banking Malware Manufacturing Business Services

Kinsing malware targets Kubernetes environments via misconfigured PostgreSQL

Security Affairs

JANUARY 9, 2023

The crypto-miner Kinsing was first spotted by security firm Aqua Security in April 2020, at the time the experts spotted threat actors scanning the Internet for Docker servers running API ports exposed without a password. The Kinsing malware abuses the resources of the Docker installations to mine cryptocurrency.

Malware

Malware Authentication Cryptocurrency Internet

UN approves Russia-Cina sponsored resolution on new cybercrime convention

Security Affairs

DECEMBER 30, 2019

The United Nations on Friday have approved a Russian-sponsored and China-backed resolution to create a new convention on cybercrime. The United Nations on Friday has approved a Russian-sponsored and China-backed resolution to create a new convention on cybercrime. It will only serve to stifle global efforts to combat cybercrime.”

Cybercrime

Cybercrime Surveillance Spyware Government

GriftHorse malware infected more than 10 million Android phones from 70 countries

Security Affairs

SEPTEMBER 29, 2021

Security researchers uncovered a massive malware operation, dubbed GriftHorse, that has already infected more than 10 million Android devices worldwide. Security researchers from Zimperium have uncovered a piece of malware, dubbed GriftHorse, that has infected more than 10 million Android smartphones across more than 70 countries.

Malware

Malware Scams Mobile Phishing

Crooks use weaponized coronavirus map to deliver malware

Security Affairs

MARCH 12, 2020

Cybercriminals continue to exploit the fear in the coronavirus outbreak to spread malware and steal sensitive data from victims. Experts from cybersecurity Reason reported cybercrimnals are using new coronavirus -themed attacks to deliver malware. To make sure the malware can persist and keep operating, it uses the “Task Scheduler”.”

Malware

Malware Advertising Passwords Cryptocurrency

Security Affairs newsletter Round 425 by Pierluigi Paganini – International edition

Security Affairs

JUNE 25, 2023

Someone is sending mysterious smartwatches to the US Military personnel CISA orders govt agencies to fix recently disclosed flaws in Apple devices VMware fixed five memory corruption issues in vCenter Server Fortinet fixes critical FortiNAC RCE, install updates asap More than a million GitHub repositories potentially vulnerable to RepoJacking New Mirai (..)

DDOS

DDOS Cybercrime Spyware Malware

Iranian govt uses BouldSpy Android malware for internal surveillance operations

Security Affairs

MAY 1, 2023

Iranian authorities have been spotted using the BouldSpy Android malware to spy on minorities and traffickers. The researchers are tracking the spyware since March 2020, starting in 2023, multiple security experts [ 1 , 2 ] started monitoring its activity.

Surveillance

Surveillance Malware Spyware Education

CISA’s advisory warns of notable increase in LokiBot malware

Security Affairs

SEPTEMBER 22, 2020

US Cybersecurity and Infrastructure Security Agency (CISA) is warning of a notable increase in the use of LokiBot malware by threat actors since July 2020. The Agency’s EINSTEIN Intrusion Detection System has detected persistent malicious activity associated with the LokiBot malware. Pierluigi Paganini.

Malware

Malware Passwords Advertising Antivirus

Gootkit AaaS malware is still active and uses updated tactics

Security Affairs

AUGUST 2, 2022

Gootkit access-as-a-service (AaaS) malware is back with tactics and fileless delivery of Cobalt Strike beacons. In the past, Gootkit distributed malware masquerading as freeware installers, now it uses legal documents to trick users into downloading these files. . ” reads the analysis published by Trend Micro. Pierluigi Paganini.

Malware

Malware Encryption Engineering Hacking

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Security Affairs

AUGUST 26, 2021

Cybersecurity and Infrastructure Security Agency (CISA) released five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. CISA published five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. ” reads CISA’s advisory.

Malware

Malware VPN Authentication Hacking

Crooks stole 800,000€ from ATMs in Italy with Black Box attack

Security Affairs

NOVEMBER 29, 2020

The Carabinieri of Monza dismantled by the gang, the Italian law enforcement agency confirmed that the cybercrime organization stole about 800,000€ in just 7 months using #ATM Black Box attack. Here the list of victim Banks with date and impacted City: [link] pic.twitter.com/NkRr5IfUGn — Bank Security (@Bank_Security) November 27, 2020.

Banking

Banking Cybercrime Mobile Manufacturing

Russian hacker Pavel Sitnikov arrested for distributing malware via Telegram

Security Affairs

JUNE 1, 2021

The popular Russian hacker Pavel Sitnikov was arrested by Russian authorities on charges of distributing malware via his Telegram channel. Pavel Sitnikov (@Flatl1ne), a prominent figure of the hacking underground, was arrested earlier this month by Russian authorities on charges of distributing malware via his Freedom F0x Telegram channel.

Malware

Malware Banking Hacking Cybercrime

European police dismantled the DoppelPaymer ransomware gang

Security Affairs

MARCH 6, 2023

German police announced to have dismantled an international cybercrime gang behind the DoppelPaymer ransomware operation. DoppelPaymer ransomware has been active since June 2019 , in November 2020 Microsoft Security Response Center (MSRC) warned customers of the DoppelPaymer ransomware and provided useful information on the threat.

Ransomware

Ransomware Cybercrime Malware Phishing

A Ukrainian Raccoon Infostealer operator is awaiting trial in the US

Security Affairs

FEBRUARY 19, 2024

In October 2020, the US Justice Department charged a Ukrainian national, Mark Sokolovsky (28), with computer fraud for allegedly infecting millions of computers with the Raccoon Infostealer. The man was held in the Netherlands, and he was charged for his alleged role in the international cybercrime operation known as Raccoon Infostealer.

Identity Theft

Identity Theft Cryptocurrency Cybercrime Hacking

Russian National pleads guilty to conspiracy to plant malware on Tesla systems

Security Affairs

MARCH 19, 2021

The Russian national who attempted to convince a Tesla employee to plant malware on Tesla systems has pleaded guilty. Justice Department announced on Thursday that the Russian national Egor Igorevich Kriuchkov (27), who attempted to convince a Tesla employee to install malware on the company’s computers, has pleaded guilty.

Malware

Malware Surveillance Hacking Technology

TeamTNT is back and targets servers to run Bitcoin encryption solvers

Security Affairs

SEPTEMBER 19, 2022

AquaSec researchers observed the cybercrime gang TeamTNT hijacking servers to run Bitcoin solver since early September. In the first week of September, AquaSec researchers identified at least three different attacks targeting their honeypots, the experts associated them with the cybercrime gang TeamTNT. ” concludes the report.

Encryption

Encryption Cybercrime Hacking Malware

FluBot malware continues to evolve. What’s new in Version 5.0 and beyond?

Security Affairs

JANUARY 8, 2022

Researchers warn of new campaigns distributing a new improved version of the FluBot malware posing as Flash Player. Researchers from F5 security are warning of a new enhanced version of the FluBot Android malware that that spread posed as Flash Player. cy do klikni?cia cia w link z rzekomo ciekawym filmem? In version 4.9,

Malware

Malware DNS Banking Hacking

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Security Affairs

FEBRUARY 2, 2020

Security experts from Microsoft have uncovered an ongoing p hishing campaign launched by the TA505 cybercrime gang (aka Evil Corp ) that is employing attachments featuring HTML redirectors for delivering malicious Excel docs. In contrast, past Dudear email campaigns carried the malware as attachment or used malicious URLs.

Malware

Malware Security Intelligence Banking Phishing

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Webinars

Trending Sources

Incident response analyst report 2020

Webinars

ZingoStealer crimeware released for free in the cybercrime ecosystem

DarkIRC botnet is targeting the critical Oracle WebLogic CVE-2020-14882

Coronavirus-themed attacks March 15 – March 21, 2020

Reading the FBI IC3’s ‘2020 Internet Crime Report’

TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide

Coronavirus-themed attacks March 29 – April 04, 2020

AbstractEmu, a new Android malware with rooting capabilities

Info stealers and how to protect against them

15 billion credentials available in the cybercrime marketplaces

BlackCat ransomware, a very sophisticated malware written in Rust

Coronavirus-themed attacks April 12 – April 18, 2020

EnemyBot malware adds new exploits to target CMS servers and Android devices

A TrickBot malware developer sentenced to 64 months in prison

Ex-Canadian government employee admits to being a member of the Russian cybercrime gang NetWalker

Carding Action 2020: Group-IB supports Europol-backed operation saving €40 million

Conti Ransomware Group Diaries, Part I: Evasion

Security Affairs newsletter Round 459 by Pierluigi Paganini – INTERNATIONAL EDITION

FIN11 cybercrime group is behind recent wave of attacks on FTA servers

NetWalker ransomware operators have made $25 million since March 2020

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Ransomware en masse on the wane: top threats inside web-phishing in H1 2020

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Exclusive: The largest mobile malware marketplace identified by Resecurity in the Dark Web

TinyNuke banking malware targets French organizations

Kinsing malware targets Kubernetes environments via misconfigured PostgreSQL

UN approves Russia-Cina sponsored resolution on new cybercrime convention

GriftHorse malware infected more than 10 million Android phones from 70 countries

Crooks use weaponized coronavirus map to deliver malware

Security Affairs newsletter Round 425 by Pierluigi Paganini – International edition

Iranian govt uses BouldSpy Android malware for internal surveillance operations

CISA’s advisory warns of notable increase in LokiBot malware

Gootkit AaaS malware is still active and uses updated tactics

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Crooks stole 800,000€ from ATMs in Italy with Black Box attack

Russian hacker Pavel Sitnikov arrested for distributing malware via Telegram

European police dismantled the DoppelPaymer ransomware gang

A Ukrainian Raccoon Infostealer operator is awaiting trial in the US

Russian National pleads guilty to conspiracy to plant malware on Tesla systems

TeamTNT is back and targets servers to run Bitcoin encryption solvers

FluBot malware continues to evolve. What’s new in Version 5.0 and beyond?

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Stay Connected