SecureList

OCTOBER 15, 2024

The malware uses different strings to load libraries and functions required for execution. q=0" Icon File Name : %systemroot%System32moricons.dll Machine ID : desktop-84bs21b Downloader module The RTF exploits and LNK files execute the same JavaScript malware. In particular, Avast and AVG solutions are of interest to the malware.

Malware 144

Malware Encryption Architecture Phishing 144

Schneier on Security

JULY 3, 2020

Encrochat took the base unit, installed its own encrypted messaging programs which route messages through the firm's own servers, and even physically removed the GPS, camera, and microphone functionality from the phone. That, and maybe KPN was working with the authorities, Encrochat's statement suggested (KPN declined to comment).

Hacking 279

Hacking Telecommunications Encryption Firewall 279

Security Affairs

MAY 26, 2025

Targeted organizations span critical sectors including healthcare, telecommunications, aviation, municipal government, finance, and defense across Europe, North America, and the Asia-Pacific region.” Chinese cyber spies deployed the KrustyLoader malware on Ivanti EPMM systems, using Amazon S3 buckets to deliver their malicious files.

Mobile 96

Mobile Telecommunications Authentication Internet 96

Security Affairs

SEPTEMBER 5, 2024

The group focuses on government departments that are involved in foreign affairs, technology, and telecommunications. The malware is highly obfuscated and disguises itself as system utilities, allowing attackers to perform tasks like file manipulation, command execution, and remote port scanning. TCP, RDP, TLS, Ping, Web).

Malware 124

Malware Telecommunications Encryption Hacking 124

Security Affairs

SEPTEMBER 8, 2024

Multiple threat actors actively exploited the recently disclosed OSGeo GeoServer GeoTools flaw CVE-2024-36401 in malware-based campaigns. government entities in Belgium, and telecommunications companies in Thailand and Brazil. “Analysis of the script download URL’s telemetry reveals a concentrated pattern of infections. .

Malware 138

Malware Telecommunications Encryption DDOS 138

CyberSecurity Insiders

SEPTEMBER 21, 2022

Coming to the third news related to malware, Vmware and Microsoft have jointly issued a warning against Chromeloader Malware that has evolved into a major threat in recent times. Hackers are seen using this malware to exploit browsers leading to advertising and affiliate frauds. Last is the news about the Russian-Ukraine war.

Malware 121

Malware Telecommunications Insurance Ransomware 121

Security Affairs

SEPTEMBER 19, 2023

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. Researchers from Trend Micro, while monitoring the activity of the China-linked threat actor Earth Lusca , discovered an encrypted file hosted on a server under the control of the group.

Malware 131

Malware Encryption Telecommunications Authentication 131

Security Affairs

MARCH 24, 2025

China-linked APT Weaver Ant infiltrated the network of a telecommunications services provider for over four years. The encrypted China Chopper variant, frequently used by the attackers, employed AES encryption to evade detection by Web Application Firewalls (WAFs).

Telecommunications 70

Telecommunications Encryption Accountability Firewall 70

Approachable Cyber Threats

MARCH 9, 2023

Category Awareness, News, Case Study As one of the world’s fastest-growing industries, telecommunication has become a highly vulnerable target for cybersecurity threats. In short, telecommunications (telecom) is a fundamental and critical component of our global infrastructure. What can be done? Read more of the ACT

Telecommunications 52

Telecommunications IoT Firewall Encryption 52

SecureList

DECEMBER 18, 2024

Our latest investigation unearthed new activity by the group, explored the attack stages, and analyzed the tools and malware used. 35:4444 Impact To cause damage to victims, the group encrypts their infrastructure. activity we see it in usernames, ransom notes, encrypted file extensions and group-related merchandise.

Encryption 93

Encryption Passwords Accountability Ransomware 93

Security Affairs

NOVEMBER 21, 2019

The new DePriMon downloader was used by the Lambert APT group, aka Longhorn, to deploy malware. The group is very sophisticated and used zero-day exploits and complex malware to conduct targeted attacks against governments and organizations in almost every industry, including financial, energy, telecommunications, and education, aerospace.

Malware 135

Malware Telecommunications Advertising Encryption 135

Security Affairs

NOVEMBER 28, 2022

While the malware written in.NET is new, its deployment is similar to previous attacks attributed to #Sandworm. In April, Sandworm targeted energy facilities in Ukraine with a new strain of the Industroyer ICS malware (INDUSTROYER2) and a new version of the CaddyWiper wiper. The key is then RSA encrypted and written to aes.bin.

Ransomware 141

Ransomware Encryption Telecommunications Malware 141

SecureList

DECEMBER 22, 2022

Around the same time, we identified ransomware and wiper malware samples resembling those used in the first wave, though with a few interesting modifications that likely allowed evasion of security controls and better attack speeds. Below, we compare and discuss the differences between the wave 1 and wave 2 ransomware and wiper malware.

Ransomware 133

Ransomware Telecommunications Malware Encryption 133

Security Affairs

NOVEMBER 16, 2022

The backdoor unpacking process is composed of several stages, the second-stage malicious code is stored inside the malware PE file. The second stage payload is a heavily obfuscated shellcode, the APT group used an encryption method different for each sample. ” continues the analysis.

Telecommunications 143

Telecommunications Manufacturing Malware Education 143

Security Affairs

SEPTEMBER 28, 2021

Microsoft discovered new custom malware, dubbed FoggyWeb, used by the Nobelium cyberespionage group to implant backdoor in Windows domains. “Once NOBELIUM obtains credentials and successfully compromises a server, the actor relies on that access to maintain persistence and deepen its infiltration using sophisticated malware and tools.

Malware 112

Malware Telecommunications Encryption Government 112

Security Affairs

MARCH 4, 2024

LightBasin targeted and compromised mobile telephone networks around the globe and used specialized tools to access calling records and text messages from telecommunications companies. CrowdStrike researchers reported that at least 13 telecommunication companies were compromised by since 2019.

Telecommunications 145

Telecommunications Firewall Mobile Malware 145

SecureList

NOVEMBER 15, 2022

Dtrack hides itself inside an executable that looks like a legitimate program, and there are several stages of decryption before the malware payload starts. DTrack unpacks the malware in several stages. The second stage is stored inside the malware PE file. The encryption method used by the second layer differs for each sample.

Malware 145

Malware Telecommunications Encryption Manufacturing 145

Security Affairs

DECEMBER 12, 2019

The Microsoft Threat Intelligence Center (MSTIC) warns of GALLIUM threat group targeting global telecommunication providers worldwide. The Microsoft Threat Intelligence Center (MSTIC) warns of GALLIUM threat group targeting global telecommunication providers worldwide. ” reads the warning published by Microsoft.

Telecommunications 97

Telecommunications DNS Malware Advertising 97

Security Affairs

SEPTEMBER 20, 2024

Targets include organizations in the government and telecommunications sectors across the Middle East. The experts observed the use of the malware BABYWIPER in Israel in 2022 and the malware ROADSWEEP in Albania in 2022. The group is known for maintaining long-term access to victim networks. ” Mandiant said.

Malware 130

Malware Telecommunications Antivirus Encryption 130

The Last Watchdog

FEBRUARY 27, 2023

And since malware and vulnerabilities constantly change, threat models must continually evolve too. The best all-around metric for SASE/ZT testing is QoE, as it reflects multiple underlying factors, including performance, error detection, encryption variability, overall transaction latency, and (for ZT) concurrent authentication rate.

Risk 208

Risk Architecture Firewall Telecommunications 208

Krebs on Security

DECEMBER 29, 2022

This bold about-face dumbfounded many longtime Norton users because antivirus firms had spent years broadly classifying all cryptomining programs as malware. Among the Twilio customers targeted was encrypted messaging service Signal , which relied on Twilio to provide phone number verification services. ” SEPTEMBER.

Cryptocurrency 313

Cryptocurrency Cybercrime Computers and Electronics Scams 313

Security Affairs

JANUARY 14, 2022

The gang was targeting organizations via spam campaigns to spread ransomware, however, the police did not disclose the malware family used by the group in its attacks. The gang was also providing VPN-like services used by other cybercriminal organizations to carry out malicious activities used to deliver malware to the target organization.

Ransomware 140

Ransomware DDOS Telecommunications Malware 140

SecureList

OCTOBER 23, 2024

We closely monitor their activities and quite often see them using their signature malware in their attacks — a full-feature backdoor called Manuscrypt. After that, we reverse engineered how the data was encoded: it turned out to be a JSON encrypted with AES256 and encoded with Base64.

Engineering 145

Engineering Social Engineering Accountability Cryptocurrency 145

Security Affairs

OCTOBER 24, 2020

The ransomware encrypted files and renamed their filenames by adding the “ easy2lock” extension, this extension was previously associated with recent WastedLocker ransomware infections. Most of the victims belong to the manufacturing industry, followed by IT and media and telecommunications sectors.

Ransomware 128

Ransomware Telecommunications Banking Advertising 128

Security Affairs

OCTOBER 7, 2024

Telecommunications giant Comcast is notifying approximately 238,000 customers impacted by the Financial Business and Consumer Solutions (FBCS) data breach. Telecommunications provider Comcast is one of the FBCS customers impacted by the incident. Starting on April 4, 2024, the agency began notifying impacted customers.

Data breaches 135

Data breaches Telecommunications Ransomware Accountability 135

CyberSecurity Insiders

MAY 31, 2022

However, he failed to provide a statement on whether the company paid any ransom to free up the data from encryption. . Kirk Saville, the spokesperson for Hannes Brand, confirmed the news and said that the situation was brought under control within no time.

Ransomware 112

Ransomware Telecommunications Encryption Cyber Attacks 112

Security Affairs

AUGUST 21, 2019

The group hit entities in several industries, including the gaming, healthcare, high-tech, higher education, telecommunications, and travel services industries. Unlike other China-based actors, the group used custom malware in cyber espionage operations, experts observed 46 different malware families and tools in APT41 campaigns.

Malware 109

Malware Telecommunications Advertising Healthcare 109

SecureList

OCTOBER 7, 2022

Using LOLBINS, common legitimate pentesting tools, and fileless malware; misleading security researchers by placing false flags—these and other anti-forensic tricks often make threat attribution a matter of luck. The malware spreads through spear-phishing emails with a malicious Microsoft Office document as attachment.

Malware 145

Malware Computers and Electronics Telecommunications Encryption 145

Malwarebytes

SEPTEMBER 25, 2023

The announcement says Sony's data is for sale: Sony Group Corporation, formerly Tokyo Telecommunications Engineering Corporation, and Sony Corporation, is a Japanese multinational conglomerate corporation headquartered in Minato, Tokyo, Japan We have successfully compromissed [sic] all of sony systems. Stop malicious encryption.

Ransomware 145

Ransomware Computers and Electronics Backups Telecommunications 145

SecureList

MARCH 30, 2021

Most of the discovered malware families are fileless malware and they have not been seen before. One particular piece of malware from this campaign is called Ecipekac (a.k.a Encrypted Ecipekac Layer II loader (shellcode). Encrypted Ecipekac Layer IV loader (shellcode). size of encrypted data. pcasvc.dll.

Malware 145

Malware Encryption VPN Telecommunications 145

Digital Shadows

MARCH 17, 2025

VPN Infrastructures Allure for Threat Actors PNs have become a fundamental part of network security for organizations worldwide, enabling secure remote access to systems, encrypting sensitive data during transmission, and protecting internal networks from unauthorized access. 3 Whats Behind its Enduring Popularity? 1 hxxps://www.first[.]org/epss/

VPN 133

VPN Authentication Ransomware Risk 133

Security Affairs

OCTOBER 19, 2021

Symantec spotted a previously unknown nation-state actor, tracked as Harvester, that is targeting telecommunication providers and IT firms in South Asia. “The Harvester group uses both custom malware and publicly available tools in its attacks, which began in June 2021, with the most recent activity seen in October 2021.

Telecommunications 90

Telecommunications Malware Government Encryption 90

SecureList

JUNE 2, 2022

It primarily goes after targets located in China, such as foreign diplomatic organizations established in the country, members of the academic community, or companies from the defense, logistics and telecommunications sectors. Leaving the mystery of the delivery method aside for now, let’s look at the capabilities of the malware itself.

Malware 138

Malware Encryption Social Engineering Telecommunications 138

Malwarebytes

OCTOBER 27, 2023

” Since then the group has expanded its range of activities to include targeting organizations providing cable telecommunications, email, and tech services, and partnering with the ALPHV/BlackCat ransomware group. Use endpoint security software that can prevent exploits and malware used to deliver ransomware. Detect intrusions.

Social Engineering 124

Social Engineering Engineering Ransomware Backups 124

Hacker Combat

JANUARY 30, 2022

Zimperium research team discovered Dark Herring Malware; the team’s report stated that over A hundred million Android users downloaded and installed the applications from the google play store and other app stores. Dark Herring Malware used four hundred and seventy applications to target users in different countries.

Consumer Protection 124

Consumer Protection Telecommunications Malware Scams 124

SecureList

SEPTEMBER 30, 2021

This cluster stood out for its usage of a formerly unknown Windows kernel mode rootkit that we dubbed Demodex, and a sophisticated multi-stage malware framework aimed at providing remote control over the attacked servers. We identified multiple attack vectors that triggered an infection chain leading to the execution of malware in memory.

Malware 145

Malware Engineering Encryption Telecommunications 145

SecureWorld News

JANUARY 27, 2023

The United States Department of Justice (DOJ) recently announced that it has successfully taken down the HIVE ransomware network, an international cybercrime ring that had been responsible for stealing and encrypting the data of more than 1,500 companies from 80 different countries.

Ransomware 98

Ransomware Cybercrime Cryptocurrency Telecommunications 98