Cybercrime, Information Security, Malware and Manufacturing

Experts link Raspberry Robin Malware to Evil Corp cybercrime gang

Security Affairs

SEPTEMBER 2, 2022

Researchers attribute the Raspberry Robin malware to the Russian cybercrime group known as Evil Corp group. IBM Security X-Force researchers discovered similarities between a component used in the Raspberry Robin malware and a Dridex malware loader, which was part of the malicious operations of the cybercrime gang Evil Corp.

Cybercrime

Cybercrime Malware Backups Manufacturing

LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC

Security Affairs

JULY 1, 2023

The LockBit ransomware gang claims to have hacked Taiwan Semiconductor Manufacturing Company (TSMC). The LockBit ransomware group this week claimed to have hacked the Taiwan Semiconductor Manufacturing Company ( TSMC ) and $70 million ransom. In August 2018, a malware infected systems at several Taiwan Semiconductor Manufacturing Co.

Manufacturing

Manufacturing Ransomware Hacking Security Awareness

New RedLine malware version distributed as fake Omicron stat counter

Security Affairs

JANUARY 12, 2022

Experts warn of a new variant of the RedLine malware that is distributed via emails as fake COVID-19 Omicron stat counter app as a lure. The malicious code can also act as a first-stage malware. SecurityAffairs – hacking, RedLine malware). This variant uses 207[.]32.217.89 as its C2 server through port 14588.

Malware

Malware Manufacturing Cryptocurrency Cybercrime

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Airplane manufacturer Bombardier has disclosed a security breach, data leaked online

Security Affairs

FEBRUARY 24, 2021

Hackers posted data stolen from manufacturer of business jets Bombardier on Clop ransomware leak site following alleged FTA hack. Security experts from FireEye linked the cyber attacks to the cybercrime group UNC2546, aka FIN11. Bombardier pointed out that manufacturing and customer support operations have not been impacted.

Manufacturing

Manufacturing Ransomware Cybercrime Hacking

BlackByte ransomware group hit Asahi Group Holdings, a precision metal manufacturing and metal solution provider

Security Affairs

OCTOBER 30, 2022

The BlackByte ransomware group claims to have compromised Asahi Group Holdings, a precision metal manufacturing and metal solution provider. The post BlackByte ransomware group hit Asahi Group Holdings, a precision metal manufacturing and metal solution provider appeared first on Security Affairs. Asahi Group Holdings, Ltd.

Manufacturing

Manufacturing Ransomware Hacking Data breaches

US agricultural machinery manufacturer AGCO suffered a ransomware attack

Security Affairs

MAY 8, 2022

The American agricultural machinery manufacturer AGCO announced that has suffered a ransomware attack that impacted its production facilities. AGCO, one of the most important agricultural machinery manufacturers, announced that a ransomware attack impacted some of its production facilities. To nominate, please visit:?

Manufacturing

Manufacturing Ransomware Hacking Risk

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

“We found samples of the Raspberry Robin malware spreading in telecommunications and government office systems beginning September.” “The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake payload once it detects sandboxing and security analytics tools.”

Government

Government Malware Telecommunications Cybercrime

As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide

Security Affairs

MAY 12, 2024

Most of the victims are in the manufacturing, engineering and construction, and retail sectors. Some of the victims’ ransom payments were sent by both Conti and Black Basta groups to the gang behind the Qakbot malware. The average ransom payment was $1.2 61,9% of the victims are in the US, 15.8% in Germany, and 5.9%

Ransomware

Ransomware Hacking Healthcare Retail

BlackCat Ransomware gang stole secret military data from an industrial explosives manufacturer

Security Affairs

JANUARY 26, 2023

The company is a globally recognised industrial explosives manufacturer, it provides complete blasting solutions, including packaged, bulk explosives and initiating systems to meet its customer needs across the globe. .” The BlackCat Ransomware gang added SOLAR INDUSTRIES INDIA to the list of victims published on its Tor leak site.

Manufacturing

Manufacturing Ransomware Engineering Hacking

TinyNuke banking malware targets French organizations

Security Affairs

DECEMBER 13, 2021

The TinyNuke malware is back and now was used in attacks aimed at French users working in manufacturing, technology, construction, and business services. Proofpoint researchers uncovered a campaign exclusively targeting French entities and organizations with operations in France with the banking malware TinyNuke.

Banking

Banking Malware Manufacturing Business Services

Xenomorph malware is back after months of hiatus and expands the list of targets

Security Affairs

SEPTEMBER 26, 2023

A new campaign is spreading Xenomorph malware to Android users in the United States, Spain, Portugal, Italy, Canada, and Belgium. Researchers from ThreatFabric uncovered a new campaign spreading Xenomorph malware to Android users in the United States and all over the world. that was significantly improved. ” concludes the report.

Malware

Malware Banking Phishing Engineering

Microsoft experts linked the Raspberry Robin malware to Evil Corp operation

Security Affairs

JULY 29, 2022

Microsoft linked the recently discovered Raspberry Robin Windows malware to the notorious Evil Corp operation. On July 26, 2022, Microsoft researchers discovered that the FakeUpdates malware was being distributed via Raspberry Robin malware. The malware uses TOR exit nodes as a backup C2 infrastructure.

Malware

Malware Backups Manufacturing Accountability

Grandoreiro banking malware targets Mexico and Spain

Security Affairs

AUGUST 21, 2022

A new Grandoreiro banking malware campaign is targeting organizations in Mexico and Spain, Zscaler reported. Zscaler ThreatLabz researchers observed a Grandoreiro banking malware campaign targeting organizations in the Spanish-speaking nations of Mexico and Spain. ” reads the post published by Zscaler. Pierluigi Paganini.

Banking

Banking Malware Antivirus Phishing

TrickGate, a packer used by malware to evade detection since 2016

Security Affairs

JANUARY 31, 2023

TrickGate is a shellcode-based packer offered as a service to malware authors to avoid detection, CheckPoint researchers reported. TrickGate is a shellcode-based packer offered as a service, which is used at least since July 2016, to hide malware from defense programs. ” concludes the report.

Malware

Malware Antivirus Manufacturing Healthcare

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

“We found samples of the Raspberry Robin malware spreading in telecommunications and government office systems beginning September.” “The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake payload once it detects sandboxing and security analytics tools.”

Government

Government Malware Telecommunications Cybercrime

Security Affairs newsletter Round 433 by Pierluigi Paganini – International edition

Security Affairs

AUGUST 20, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cybercrime

Cybercrime Hacking Malware Phishing

Don’t trust links with known domains: BMW affected by redirect vulnerability

Security Affairs

JANUARY 3, 2024

They were used to access the internal workplace systems for BMW dealers and could have been useful to attackers for spear-phishing campaigns or malware distribution. SAP redirect vulnerability is a security issue that affects web application servers for SAP products (SAP NetWeaver Application Server Java).

Phishing

Phishing Manufacturing Firewall Cybercrime

FIN7 targeted a large U.S. carmaker phishing attacks

Security Affairs

APRIL 18, 2024

In late 2023, BlackBerry researchers spotted the threat actor FIN7 targeting a large US automotive manufacturer with a spear-phishing campaign. BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large U.S. carmaker with spear-phishing attacks. com”, which is a free online scanner.

Phishing

Phishing Cybercrime Manufacturing Hacking

Security Affairs newsletter Round 426 by Pierluigi Paganini – International edition

Security Affairs

JULY 2, 2023

Illicit Telegram Communities Dismantling of an encrypted network sends shockwaves through organised crime groups across Europe TSMC Says Supplier Hacked After Ransomware Group Claims Attack on Chip Giant Malware Trojanized Super Mario Game Installer Spreads SupremeBot Malware Initial research exposing JOKERSPY Who is 8BASE?

Cybercrime

Cybercrime Hacking Ransomware Malware

BianLian group exploits JetBrains TeamCity bugs in ransomware attacks

Security Affairs

MARCH 11, 2024

The BianLian ransomware emerged in August 2022, the malware was employed in attacks against organizations in various industries, including manufacturing, media and entertainment, and healthcare. GuidePoint Security analyzed the PowerShell script and noticed the use of the function ‘cookies’ with specific parameters.

Ransomware

Ransomware Malware Manufacturing Healthcare

Boeing confirmed its services division suffered a cyberattack

Security Affairs

NOVEMBER 2, 2023

The Boeing Company, commonly known as Boeing, is one of the world’s largest aerospace manufacturers and defense contractors. At this time the cybercrime gang has yet to publish the alleged stolen data. In 2022, Boeing recorded $66.61 billion in sales, the aerospace giant has 156,000 (2022).

Manufacturing

Manufacturing Ransomware Cybercrime Hacking

DoppelPaymer crew leaked internal confidential documents belonging to aerospace companies

Security Affairs

APRIL 10, 2020

Visser Precision is a parts maker for many companies in several industries, including aerospace, automotive, industrial and manufacturing. an antenna in an anti-mortar defense system), billing and payment forms, supplier information, data analysis reports, and legal paperwork. SecurityAffairs – DoppelPaymer ransomware, malware).

Manufacturing

Manufacturing Ransomware Advertising Cybercrime

Delta Electronics, a tech giants’ contractor, hit by Conti ransomware

Security Affairs

JANUARY 28, 2022

Taiwanese electronics manufacturing company Delta Electronics was hit by the Conti ransomware that took place this week. The company did not reveal details about the attack or the malware family that infected its systems. ” reported a statement from the security company cited by CTWANT.

Computers and Electronics

Computers and Electronics Ransomware Manufacturing Malware

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia

Security Affairs

APRIL 16, 2024

Nexperia is a semiconductor manufacturer headquartered in Nijmegen, the Netherlands. The Dark Angels (Dunghill) ransomware group claims responsibility for hacking chipmaker Nexperia and stealing 1 TB of the company’s data. It is a subsidiary of the partially state-owned Chinese company Wingtech Technology.

Ransomware

Ransomware Manufacturing Hacking Insurance

SYS01 stealer targets critical government infrastructure

Security Affairs

MARCH 7, 2023

Researchers discovered a new info stealer dubbed SYS01 stealer targeting critical government infrastructure and manufacturing firms. The last stage malware is the PHP-based SYS01stealer malware which is able to steal browser cookies and abuse authenticated Facebook sessions to steal information from the victim’s Facebook account.

Government

Government Manufacturing Social Engineering Malware

Security Affairs newsletter Round 377

Security Affairs

AUGUST 7, 2022

Every week the best security articles from Security Affairs free for you in your email box. Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports Slack resets passwords for about 0.5% If you want to also receive for free the newsletter with the international press subscribe here.

Spyware

Spyware Manufacturing Small Business Surveillance

Law enforcement operation seized Ragnar Locker group’s infrastructure

Security Affairs

OCTOBER 19, 2023

This is an important achievement in the fight against cybercrime. Law enforcement from the US, Europe, Germany, France, Italy, Japan, Spain, Netherlands, Czech Republic, and Latvia conducted a joint operation that led to the seizure of the Ragnar Locker ransomware’s infrastructure. Both FBI and Europol declined to comment on the events.

Ransomware

Ransomware Financial Services Cybercrime Manufacturing

Security Affairs newsletter Round 392

Security Affairs

NOVEMBER 6, 2022

Cisco addressed several high-severity flaws in its products LockBit ransomware gang claims the hack of Continental automotive group 250+ U.S. Cisco addressed several high-severity flaws in its products LockBit ransomware gang claims the hack of Continental automotive group 250+ U.S. Follow me on Twitter: @securityaffairs and Facebook.

Hacking

Hacking Ransomware Cybercrime Backups

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Security Affairs

OCTOBER 1, 2023

million newborns and pregnancy care patients Xenomorph malware is back after months of hiatus and expands the list of targets Smishing Triad Stretches Its Tentacles into the United Arab Emirates Crooks stole $200 million worth of assets from Mixin Network A phishing campaign targets Ukrainian military entities with drone manual lures Alert!

Artificial Intelligence

Artificial Intelligence Firmware Data breaches Hacking

Microsoft: Raspberry Robin worm already infected hundreds of networks

Security Affairs

JULY 3, 2022

Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The malware uses TOR exit nodes as a backup C2 infrastructure. SecurityAffairs – hacking, malware). Initial access is typically through infected removable drives, often USB devices.

Manufacturing

Manufacturing Malware Backups Technology

VNC instances exposed to Internet pose critical infrastructures at risk

Security Affairs

AUGUST 15, 2022

Threat actors could use the access through VNC to carry out a broad range of malicious activities, such as deploying ransomware, malware, or spy on the victims. Cyble also reported that threat actors are selling access to systems exposed on the Internet via VNC on cybercrime forums. connected via VNC and exposed over the internet.

Internet

Internet Internet Risk Cybercrime

Raspberry Robin operators are selling initial access to compromised enterprise networks to ransomware gangs

Security Affairs

OCTOBER 27, 2022

In October 2022, the malware was used in post-compromise activity attributed to another actor, DEV-0950 (which overlaps with FIN11 / TA505 cybercrime gang). In some cases, the attackers delivered the Truebot malware between the Raspberry Robin infection and the Cobalt Strike deployment.

Ransomware

Ransomware Malware Data collection Encryption

Lockbit ransomware gang claims to have stolen data from Boeing

Security Affairs

OCTOBER 27, 2023

The Lockbit ransomware gang claims to have hacked the aerospace manufacturer and defense contractor Boeing and threatened to leak the stolen data. The Boeing Company, commonly known as Boeing, is one of the world’s largest aerospace manufacturers and defense contractors. In 2022, Boeing recorded $66.61

Ransomware

Ransomware Manufacturing InfoSec Hacking

Ransomware attacks break records in 2023: the number of victims rose by 128%

Security Affairs

JANUARY 19, 2024

This group primarily focused its attacks on the construction, manufacturing/industrial, and retail industries. The data shows a shift in ransomware targets over the past three years. Previously dominated by the construction industry, the IT sector now claims the top spot in 2023.

Ransomware

Ransomware Manufacturing Retail Insurance

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

OCTOBER 8, 2023

Human Security identified a supply chain of a Chinese manufacturer that was compromised to backdoor the firmware of several products delivered to resellers, physical retail stores and e-commerce warehouses. Products containing the malicious backdoor have been found on public school networks throughout the United States.

Firmware

Firmware Mobile Malware Retail

8Base ransomware operators use a new variant of the Phobos ransomware

Security Affairs

NOVEMBER 19, 2023

The group has been active since March 2022, it focused on small and medium-size businesses in multiple industries, including finance, manufacturing, business services, and IT. Security experts attributed 67 attacks to the group in May 2023, most of the victims are in the U.S. and Brazil.

Ransomware

Ransomware Encryption Backups Manufacturing

FBI: Operation ‘Duck Hunt’ dismantled the Qakbot botnet

Security Affairs

AUGUST 30, 2023

’ Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. The malware spreads via malspam campaigns, it inserts replies in active email threads. The Duck Hunt operation involved law enforcement agencies from the U.S., and abroad.

Malware

Malware Manufacturing Data breaches Cyber threats

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

This email address is also connected to accounts on several Russian cybercrime forums, including “ __edman__ ,” who had a history of selling “logs” — large amounts of data stolen from many bot-infected computers — as well as giving away access to hacked Internet of Things (IoT) devices. .”

Scams

Scams DDOS Cryptocurrency Accountability

RansomEXX gang claims to have hacked Ferrari and leaked online internal documents

Security Affairs

OCTOBER 3, 2022

The Italian luxury sports car manufacturer Ferrari confirmed the availability of internal documents online, but said it has no evidence of cyber attack. Documents belonging to the Italian luxury sports car manufacturer Ferrari are circulating online, the company confirmed their authenticity stating it is not aware of cyber attacks.

Hacking

Hacking Manufacturing Cyber Attacks Ransomware

Unraveling the truth behind the DDoS attack from electric toothbrushes

Security Affairs

FEBRUARY 8, 2024

The journalists reported that threat actors gained access to three million electric toothbrushes and installed a malware that joined them to the botnet. The newspaper quoted an employee of cybersecurity firm Fortinet as a source of the information. The botnet was used to target a Swiss company, causing millions of dollars in damages.

DDOS

DDOS IoT Media Internet

Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022

Security Affairs

DECEMBER 1, 2023

” Most of the victims are in the manufacturing, engineering and construction, and retail sectors. Some of the victims’ ransom payments were sent by both Conti and Black Basta groups to gang behind the Qakbot malware. The malware spreads via malspam campaigns, it inserts replies in active email threads.

Ransomware

Ransomware Retail Malware Insurance

RansomExx Ransomware upgrades to Rust programming language

Security Affairs

NOVEMBER 24, 2022

The operators of the RansomExx ransomware (aka Defray777 and Ransom X) have developed a new variant of their malware, tracked as RansomExx2, that was ported into the Rust programming language. The main reason to rewrite malware in Rust is to have lower AV detection rates, compared to malware written in more common languages.

Ransomware

Ransomware Encryption Malware Manufacturing

MSI confirms security breach after Money Message ransomware attack

Security Affairs

APRIL 7, 2023

Micro-Star International AKA MSI designs, manufactures, and sells motherboards and graphics cards for customers in the United States, Canada, and internationally. In response to the incident, the company announced it is enhancing the information security control measures of its network and infrastructure.

Ransomware

Ransomware Firmware Hacking Manufacturing

French authorities arrested a Russian national for his role in the Hive ransomware operation

Security Affairs

DECEMBER 14, 2023

anti-cybercrime (Ofac).” The authorities reported that from June 2021 through at least November 2022, threat actors targeted a wide range of businesses and critical infrastructure sectors, including Government Facilities, Communications, Critical Manufacturing, Information Technology, and especially Healthcare and Public Health (HPH).

Ransomware

Ransomware Cryptocurrency Cybercrime VPN

Experts link Raspberry Robin Malware to Evil Corp cybercrime gang

LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC

Webinars

Trending Sources

New RedLine malware version distributed as fake Omicron stat counter

Webinars

Airplane manufacturer Bombardier has disclosed a security breach, data leaked online

BlackByte ransomware group hit Asahi Group Holdings, a precision metal manufacturing and metal solution provider

US agricultural machinery manufacturer AGCO suffered a ransomware attack

Raspberry Robin malware used in attacks against Telecom and Governments

As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide

BlackCat Ransomware gang stole secret military data from an industrial explosives manufacturer

TinyNuke banking malware targets French organizations

Xenomorph malware is back after months of hiatus and expands the list of targets

Microsoft experts linked the Raspberry Robin malware to Evil Corp operation

Grandoreiro banking malware targets Mexico and Spain

TrickGate, a packer used by malware to evade detection since 2016

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs newsletter Round 433 by Pierluigi Paganini – International edition

Don’t trust links with known domains: BMW affected by redirect vulnerability

FIN7 targeted a large U.S. carmaker phishing attacks

Security Affairs newsletter Round 426 by Pierluigi Paganini – International edition

BianLian group exploits JetBrains TeamCity bugs in ransomware attacks

Boeing confirmed its services division suffered a cyberattack

DoppelPaymer crew leaked internal confidential documents belonging to aerospace companies

Delta Electronics, a tech giants’ contractor, hit by Conti ransomware

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia

SYS01 stealer targets critical government infrastructure

Security Affairs newsletter Round 377

Law enforcement operation seized Ragnar Locker group’s infrastructure

Security Affairs newsletter Round 392

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Microsoft: Raspberry Robin worm already infected hundreds of networks

VNC instances exposed to Internet pose critical infrastructures at risk

Raspberry Robin operators are selling initial access to compromised enterprise networks to ransomware gangs

Lockbit ransomware gang claims to have stolen data from Boeing

Ransomware attacks break records in 2023: the number of victims rose by 128%

Android devices shipped with backdoored firmware as part of the BADBOX network

8Base ransomware operators use a new variant of the Phobos ransomware

FBI: Operation ‘Duck Hunt’ dismantled the Qakbot botnet

Interview With a Crypto Scam Investment Spammer

RansomEXX gang claims to have hacked Ferrari and leaked online internal documents

Unraveling the truth behind the DDoS attack from electric toothbrushes

Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022

RansomExx Ransomware upgrades to Rust programming language

MSI confirms security breach after Money Message ransomware attack

French authorities arrested a Russian national for his role in the Hive ransomware operation

Stay Connected