Cybercrime, Malware and Manufacturing - Cyber Security Informer

Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps

Security Affairs

APRIL 16, 2025

Attackers infiltrated the supply chain, embedding malware in pre-installed apps. Doctor Web warns that the attackers gained access to the supply chain of a number of Chinese manufacturers of Android-based smartphones. The experts found malware-laced applications pre-installed on the phone. ” continues the report.

Malware

Malware Manufacturing Mobile Spyware

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

Security Affairs

MAY 1, 2025

Hive0117 targets Russian firms in multiple sectors with phishing attacks using a modified version of the DarkWatchman malware. A cybercrime group named Hive0117 is behind a fresh phishing campaign that targeted Russian organizations with a new version of the DarkWatchman malware, according to Russian cybersecurity firm F6.

Malware

Malware Phishing Telecommunications Antivirus

UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware

Security Affairs

MAY 5, 2021

A new cybercrime gang, tracked as UNC2529 , has targeted many organizations in the US and other countries using new sophisticated malware. A new financially motivated threat actor, tracked by FireEye Experts as UNC2529, has targeted many organizations in the United States and other countries using several new pieces of malware.

Cybercrime

Cybercrime Malware Manufacturing Phishing

Experts link Raspberry Robin Malware to Evil Corp cybercrime gang

Security Affairs

SEPTEMBER 2, 2022

Researchers attribute the Raspberry Robin malware to the Russian cybercrime group known as Evil Corp group. IBM Security X-Force researchers discovered similarities between a component used in the Raspberry Robin malware and a Dridex malware loader, which was part of the malicious operations of the cybercrime gang Evil Corp.

Cybercrime

Cybercrime Malware Backups Manufacturing

Airplane manufacturer Bombardier has disclosed a security breach, data leaked online

Security Affairs

FEBRUARY 24, 2021

Hackers posted data stolen from manufacturer of business jets Bombardier on Clop ransomware leak site following alleged FTA hack. Security experts from FireEye linked the cyber attacks to the cybercrime group UNC2546, aka FIN11. Bombardier pointed out that manufacturing and customer support operations have not been impacted.

Manufacturing

Manufacturing Ransomware Cybercrime Hacking

BadBox 2.0 botnet infects millions of IoT devices worldwide, FBI warns

Security Affairs

JUNE 9, 2025

malware has infected millions of IoT devices globally, creating a botnet used for cyber criminal activities, the FBI warns. “Most of the infected devices were manufactured in China. The FBI published a Public Service Announcement (PSA) to warn that cybercriminals are using the BADBOX 2.0 ” BADBOX 2.0

IoT

IoT Internet Internet Advertising

XE Group shifts from credit card skimming to exploiting zero-days

Security Affairs

FEBRUARY 10, 2025

The cybercrime group XE Group exploited a VeraCore zero-day to deploy reverse shells, web shells in recent attacks. “By targeting supply chains in the manufacturing and distribution sectors, XE Group not only maximizes the impact of their operations but also demonstrates an acute understanding of systemic vulnerabilities.

Manufacturing

Manufacturing Cybercrime Authentication Hacking

New ATM Malware family emerged in the threat landscape

Security Affairs

MAY 27, 2024

Experts warn of a new ATM malware family that is advertised in the cybercrime underground, it was developed to target Europe. A threat actor is advertising a new ATM malware family that claims to be able of compromised 99% of devices in Europe. “The malware is fully automated, simplifying its deployment and operation.”

Malware

Malware Banking Cybercrime Advertising

New RedLine malware version distributed as fake Omicron stat counter

Security Affairs

JANUARY 12, 2022

Experts warn of a new variant of the RedLine malware that is distributed via emails as fake COVID-19 Omicron stat counter app as a lure. The malicious code can also act as a first-stage malware. SecurityAffairs – hacking, RedLine malware). This variant uses 207[.]32.217.89 as its C2 server through port 14588.

Malware

Malware Manufacturing Cryptocurrency Cybercrime

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Security Affairs

DECEMBER 26, 2024

In November 2024, the Akamai Security Intelligence Research Team (SIRT) observed increased activity targeting the URI /cgi-bin/cgi_main.cgi , linked to a Mirai-based malware campaign exploiting an unassigned RCE vulnerability in DVR devices, including DigiEver DS-2105 Pro. ” reads the analysis published by Akamai. in newer ones.

Manufacturing

Manufacturing Malware Firmware IoT

Texas oilfield supplier Newpark Resources suffered a ransomware attack

Security Affairs

NOVEMBER 8, 2024

” Newpark Resources pointed out that its manufacturing and field operations remain largely unaffected, continuing with established downtime procedures despite the ransomware attack. The company did not share details about the attack either the family of malware that infected its systems.

Ransomware

Ransomware Manufacturing Hacking Malware

BlackByte ransomware group hit Asahi Group Holdings, a precision metal manufacturing and metal solution provider

Security Affairs

OCTOBER 30, 2022

The BlackByte ransomware group claims to have compromised Asahi Group Holdings, a precision metal manufacturing and metal solution provider. The post BlackByte ransomware group hit Asahi Group Holdings, a precision metal manufacturing and metal solution provider appeared first on Security Affairs. Asahi Group Holdings, Ltd.

Manufacturing

Manufacturing Ransomware Hacking Data breaches

Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries

Security Affairs

SEPTEMBER 13, 2024

Researchers uncovered an Android malware, dubbed Vo1d, that has already infected nearly 1.3 Doctor Web researchers uncovered a malware, tracked as Vo1d , that infected nearly 1.3 Unfortunately, often manufacturers sell older OS versions as newer ones. million Android devices in 197 countries.

Malware

Malware Firmware Antivirus Manufacturing

Who’s Behind the GandCrab Ransomware?

Krebs on Security

JULY 8, 2019

But GandCrab far eclipsed the success of competing ransomware affiliate programs largely because its authors worked assiduously to update the malware so that it could evade antivirus and other security defenses. It remains unclear how many individuals were active in the core GandCrab malware development team. of GandCrab.

Ransomware

Ransomware Accountability Cybercrime Passwords

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Krebs on Security

SEPTEMBER 10, 2021

Qrator says Meris has launched even bigger attacks since: A titanic and ongoing DDoS that hit Russian Internet search giant Yandex last week is estimated to have been launched by roughly 250,000 malware-infected devices globally, sending 21.8 million bogus requests-per-second. “But equally, you never know they may peter out.

IoT

IoT DDOS Internet Internet

Extortion, precision malware, and ruthless scams. Read the State of Malware 2021 report

Malwarebytes

FEBRUARY 16, 2021

Today, we are showing readers just what that evolution looked like, in our State of Malware 2021 report. This report provides our most comprehensive analysis of last year’s malware trends, with breakdowns by malware category, malware type, operating system, region, industry, and more.

Malware

Malware Scams Spyware Healthcare

Honeywell Report OT Under Siege

SecureWorld News

JUNE 6, 2025

This year's report is a must-read for practitioners defending OT-heavy sectors like manufacturing, energy, logistics, and critical infrastructure. The growing sophistication of malware and attacker objectives means OT-focused organizations must rethink how they segment, detect, and respond to threats," the report states.

Media

Media Social Engineering Malware Engineering

TinyNuke banking malware targets French organizations

Security Affairs

DECEMBER 13, 2021

The TinyNuke malware is back and now was used in attacks aimed at French users working in manufacturing, technology, construction, and business services. Proofpoint researchers uncovered a campaign exclusively targeting French entities and organizations with operations in France with the banking malware TinyNuke.

Banking

Banking Malware Manufacturing Business Services

The Link Between AWM Proxy & the Glupteba Botnet

Krebs on Security

JUNE 28, 2022

On December 7, 2021, Google announced it was suing two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. PPI programs) to generate new installations of their malware.” ru , and the website web-site[.]ru ru and alphadisplay[.]ru,

Passwords

Passwords Malware Internet Internet

US agricultural machinery manufacturer AGCO suffered a ransomware attack

Security Affairs

MAY 8, 2022

The American agricultural machinery manufacturer AGCO announced that has suffered a ransomware attack that impacted its production facilities. AGCO, one of the most important agricultural machinery manufacturers, announced that a ransomware attack impacted some of its production facilities. To nominate, please visit:?

Manufacturing

Manufacturing Ransomware Hacking Risk

The Vanilla Tempest cybercrime gang used INC ransomware for the first time in attacks on the healthcare sector

Security Affairs

SEPTEMBER 20, 2024

The threat actor has been active since July 2022, it was observed targeting organizations in the education, healthcare, IT, and manufacturing sectors. Microsoft Defender for Endpoint detects multiple stages of Vanilla Tempest activity and known INC ransomware and other malware identified in this campaign. ” Microsoft wrote on X.

Healthcare

Healthcare Ransomware Cybercrime Manufacturing

LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC

Security Affairs

JULY 1, 2023

The LockBit ransomware gang claims to have hacked Taiwan Semiconductor Manufacturing Company (TSMC). The LockBit ransomware group this week claimed to have hacked the Taiwan Semiconductor Manufacturing Company ( TSMC ) and $70 million ransom. In August 2018, a malware infected systems at several Taiwan Semiconductor Manufacturing Co.

Manufacturing

Manufacturing Ransomware Hacking Security Awareness

Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates

Krebs on Security

FEBRUARY 20, 2024

LockBit operated as a ransomware-as-a-service group, wherein the ransomware gang takes care of everything from the bulletproof hosting and domains to the development and maintenance of the malware. The DOJ today unsealed indictments against two Russian men alleged to be active members of LockBit. Ivan Gennadievich Kondratyev , a.k.a.

Ransomware

Ransomware Cybercrime Encryption Insurance

Rhysida Ransomware gang claims the hack of the Government of Peru

Security Affairs

MAY 3, 2025

The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. According to the gangs Tor leak site, at least 182 companies are victims of the operation. The victims of the group are targets of opportunity.

Government

Government Hacking Ransomware Manufacturing

Enhanced capabilities sustain the rapid growth of Vo1d botnet

Security Affairs

FEBRUARY 28, 2025

In September 2024, Doctor Web researchers uncovered a malware, tracked as Vo1d , that infected nearly 1.3 Unfortunately, manufacturers often sell older OS versions as newer ones. Researchers at the Chinese cybersecurity firm QiAnXin (QAX) recently discovered 89 new malware samples.

Antivirus

Antivirus Firmware Encryption Manufacturing

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

Security Affairs

NOVEMBER 16, 2018

According to Group-IB’s report findings, Asia is one of the most actively attacked regions in the world, the company presented latest cybercrime trends. New cybercrime groups are also expected to start operations in Asia and Latin America. Security Affairs – Central Bank of Russia, cybercrime ). Pierluigi Paganini.

Cybercrime

Cybercrime Hacking Banking Phishing

Special-Purpose Vehicle Maker Aebi Schmidt Hit by Malware

Security Affairs

APRIL 25, 2019

The special-purpose vehicle maker Aebi Schmidt was hit by a malware attack that disrupted some of its operations. The Aebi Schmidt Group is a manufacturer of product systems and services for the management, cleaning and clearance of traffic areas as well as for the maintenance of green areas in demanding terrain. Pierluigi Paganini.

Malware

Malware Manufacturing Cyber Attacks Ransomware

Sarcoma ransomware gang claims the theft of sensitive data from PCB maker Unimicron

Security Affairs

FEBRUARY 12, 2025

The Sarcoma ransomware group announced a breach of the Taiwanese printed circuit board (PCB) manufacturing giant Unimicron. The Sarcoma ransomware group claims to have breached Taiwanese PCB manufacturer Unimicron, leaked sample files, and threatened a full data release if no ransom is paid by Tuesday, February 20, 2025.

Computers and Electronics

Computers and Electronics Ransomware Manufacturing Data breaches

Chinese Cyberespionage Groups Probe SentinelOne in Sophisticated ShadowPad and PurpleHaze Campaigns

Penetration Testing

JUNE 9, 2025

ShadowPad, a privately sold modular malware platform, was used in a global campaign spanning June 2024 to March 2025, compromising victims in manufacturing, government, finance, telecom, and research. The cluster included a notable intrusion into a South Asian government IT provider.

Penetration Testing

Penetration Testing Advertising DNS Cybersecurity

Microsoft experts linked the Raspberry Robin malware to Evil Corp operation

Security Affairs

JULY 29, 2022

Microsoft linked the recently discovered Raspberry Robin Windows malware to the notorious Evil Corp operation. On July 26, 2022, Microsoft researchers discovered that the FakeUpdates malware was being distributed via Raspberry Robin malware. The malware uses TOR exit nodes as a backup C2 infrastructure.

Malware

Malware Backups Manufacturing Accountability

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

“We found samples of the Raspberry Robin malware spreading in telecommunications and government office systems beginning September.” ” Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. .” exe, and rundll32.exe.

Government

Government Malware Telecommunications Cybercrime

Raspberry Robin Malware Evolves with Sophisticated Evasion Tactics

SecureWorld News

APRIL 11, 2024

The Raspberry Robin malware, a heavily obfuscated Windows worm first identified in late 2021, has become one of the most prevalent threats facing enterprises today. Jason Soroko, Senior Vice President of Product at Sectigo, discussed the sophistication of this malware.

Malware

Malware IoT Ransomware Manufacturing

World Backup Day: Pledge to protect your digital life

Webroot

MARCH 12, 2025

But if your hard drive crashes, your laptop gets stolen, or you fall victim to cybercrime, the loss can be devastating. Many hard drives fail in less than three years , and its been found that the newer drives have shorter lifespans than those manufactured before 2015. Its a nightmare scenario that happens more often than you think.

Backups

Backups Encryption Antivirus Data preservation

A ransomware attack pushed the German napkin firm Fasana into insolvency

Security Affairs

JUNE 20, 2025

. “A cyberattack has potentially serious consequences for the approximately 240 employees of the Euskirchen-based company Fasana : The attack caused so much damage to the paper napkin manufacturer that it has now filed for insolvency.” This is malware that can lock computers and encrypt files.”

Ransomware

Ransomware Encryption Manufacturing Hacking

BlackCat Ransomware gang stole secret military data from an industrial explosives manufacturer

Security Affairs

JANUARY 26, 2023

The company is a globally recognised industrial explosives manufacturer, it provides complete blasting solutions, including packaged, bulk explosives and initiating systems to meet its customer needs across the globe. .” The BlackCat Ransomware gang added SOLAR INDUSTRIES INDIA to the list of victims published on its Tor leak site.

Manufacturing

Manufacturing Ransomware Engineering Hacking

Grandoreiro banking malware targets Mexico and Spain

Security Affairs

AUGUST 21, 2022

A new Grandoreiro banking malware campaign is targeting organizations in Mexico and Spain, Zscaler reported. Zscaler ThreatLabz researchers observed a Grandoreiro banking malware campaign targeting organizations in the Spanish-speaking nations of Mexico and Spain. ” reads the post published by Zscaler. Pierluigi Paganini.

Banking

Banking Malware Antivirus Phishing

New Ballista Botnet spreads using TP-Link flaw. Is it an Italian job?

Security Affairs

MARCH 12, 2025

“The botnet exploits this vulnerability by injecting a payload that downloads and executes a cleartext shell dropper named dropbpb.sh, responsible for downloading the malware binaries and executing them on the compromised device.” 70) via HTTP on port 81. It processes encrypted data over a RAW socket, limiting further analysis.

IoT

IoT Malware Encryption DDOS

Ransomware attack hit Indian multinational Tata Technologies

Security Affairs

FEBRUARY 1, 2025

The company, which is engaged in product engineering, provides services to automotive and aerospace original equipment manufacturers as well as industrial machinery companies. Indian multinational Tata Technologies , a Tata Motors subsidiary, suspended some IT services following a ransomware attack.

Technology

Technology Ransomware Manufacturing Engineering

Xenomorph malware is back after months of hiatus and expands the list of targets

Security Affairs

SEPTEMBER 26, 2023

A new campaign is spreading Xenomorph malware to Android users in the United States, Spain, Portugal, Italy, Canada, and Belgium. Researchers from ThreatFabric uncovered a new campaign spreading Xenomorph malware to Android users in the United States and all over the world. that was significantly improved. ” concludes the report.

Malware

Malware Banking Phishing Engineering

New PumaBot targets Linux IoT surveillance devices

Security Affairs

MAY 28, 2025

PumaBot targets Linux IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and mine crypto. Darktrace researchers discovered a new botnet called PumaBot targets Linux-based IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and mine cryptocurrency. ” states the report.

Surveillance

Surveillance IoT Malware Manufacturing

DoppelPaymer crew leaked internal confidential documents belonging to aerospace companies

Security Affairs

APRIL 10, 2020

Visser Precision is a parts maker for many companies in several industries, including aerospace, automotive, industrial and manufacturing. Some documents provide details about the SpaceX’s manufacturing partner program. SecurityAffairs – DoppelPaymer ransomware, malware). Pierluigi Paganini.

Manufacturing

Manufacturing Ransomware Advertising Cybercrime

Top 10 Cybersecurity Trends to Expect in 2025

Hacker's King

DECEMBER 24, 2024

AI-powered malware and phishing schemes can adapt to defenses in real time, making them harder to detect and counter. Expect an increase in regulations requiring manufacturers to implement stronger security features in devices, alongside enhanced monitoring of IoT networks.

Cybersecurity

Cybersecurity Cyber Insurance IoT Insurance

Operation Phobos Aetor: Police dismantled 8Base ransomware gang

Security Affairs

FEBRUARY 11, 2025

“They allegedly used the Phobos malware to encrypt information on the networks, blocking the companies from accessing the data unless a ransom was paid and a decryption key was provided by the gang. ” reported the website Nation Thailand.

Ransomware

Ransomware Encryption Backups Malware

2025 Supply Chain Threat Landscape: AI, APIs, and the Weakest Link

SecureWorld News

JULY 10, 2025

Manufacturing and logistics firms, increasingly digitized and AI-driven, are acutely at risk: state-aligned hackers are "infiltrating the digital arteries of commerce" from ports to payment systems. The World Economic Forum warns that AI-powered cybercrime is among the top concerns shaping the 2025 threat landscape.

Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

Trending Sources

UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware

Experts link Raspberry Robin Malware to Evil Corp cybercrime gang

Airplane manufacturer Bombardier has disclosed a security breach, data leaked online

BadBox 2.0 botnet infects millions of IoT devices worldwide, FBI warns

XE Group shifts from credit card skimming to exploiting zero-days

New ATM Malware family emerged in the threat landscape

New RedLine malware version distributed as fake Omicron stat counter

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Texas oilfield supplier Newpark Resources suffered a ransomware attack

BlackByte ransomware group hit Asahi Group Holdings, a precision metal manufacturing and metal solution provider

Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries

Who’s Behind the GandCrab Ransomware?

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Extortion, precision malware, and ruthless scams. Read the State of Malware 2021 report

Honeywell Report OT Under Siege

TinyNuke banking malware targets French organizations

The Link Between AWM Proxy & the Glupteba Botnet

US agricultural machinery manufacturer AGCO suffered a ransomware attack

The Vanilla Tempest cybercrime gang used INC ransomware for the first time in attacks on the healthcare sector

LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC

Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates

Rhysida Ransomware gang claims the hack of the Government of Peru

Enhanced capabilities sustain the rapid growth of Vo1d botnet

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

Special-Purpose Vehicle Maker Aebi Schmidt Hit by Malware

Sarcoma ransomware gang claims the theft of sensitive data from PCB maker Unimicron

Chinese Cyberespionage Groups Probe SentinelOne in Sophisticated ShadowPad and PurpleHaze Campaigns

Microsoft experts linked the Raspberry Robin malware to Evil Corp operation

Raspberry Robin malware used in attacks against Telecom and Governments

Raspberry Robin Malware Evolves with Sophisticated Evasion Tactics

World Backup Day: Pledge to protect your digital life

A ransomware attack pushed the German napkin firm Fasana into insolvency

BlackCat Ransomware gang stole secret military data from an industrial explosives manufacturer

Grandoreiro banking malware targets Mexico and Spain

New Ballista Botnet spreads using TP-Link flaw. Is it an Italian job?

Ransomware attack hit Indian multinational Tata Technologies

Xenomorph malware is back after months of hiatus and expands the list of targets

New PumaBot targets Linux IoT surveillance devices

DoppelPaymer crew leaked internal confidential documents belonging to aerospace companies

Top 10 Cybersecurity Trends to Expect in 2025

Operation Phobos Aetor: Police dismantled 8Base ransomware gang

2025 Supply Chain Threat Landscape: AI, APIs, and the Weakest Link

Stay Connected