SecureWorld News

JANUARY 26, 2021

Google's Threat Analysis Group (TAG) has been working for several months to try to identify who is behind an ongoing campaign targeting security researchers, specifically those who work on vulnerability research and development at a variety of organizations. Google's TAG team discovery: cyberattack motive.

Social Engineering 94

Social Engineering Engineering Accountability Malware 94

Security Affairs

JANUARY 26, 2021

Google TAG is warning that North Korea-linked hackers targeting security researchers through social media. Google Threat Analysis Group (TAG) is warning that North Korea-linked hackers targeting security researchers through social media. ” reads the TAG’s report. ” reads the TAG’s report.

Media 89

Media Social Engineering Engineering Accountability 89

Security Affairs

OCTOBER 14, 2021

The data were provided by Google’s Threat Analysis Group (TAG), which tracks government-backed hacking campaign, which warns of a significant increase in the number of the alert compared to the previous year. ” wrote Ajax Bash, a Google security engineer from the TAG.

Phishing 82

Phishing Hacking Government VPN 82

Security Affairs

NOVEMBER 28, 2021

North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported. Google TAG researchers reported that the same group, tracked as Zinc ,” also targeted security researchers in past campaigns.

Malware 124

Malware Phishing Antivirus Hacking 124

SecureList

MARCH 24, 2022

In the phishing script’s code, cybercriminals also indicate the Telegram bot authentication token, e-mail address or other third-party online resources where stolen data will be sent using the phishing kit. Telegram bot token in a phishing kit’s code. Invisible HTML tags. Junk HTML tags. String slicing.

Phishing 106

Phishing Marketing Banking Technology 106

SecureList

JUNE 16, 2021

We were able to trace the implant back to at least 2015, where it also had variants intended to hijack the execution of the Telegram and Chrome applications as a persistence method. Telegram hijacking variant. One of the discovered MarkiRAT variants was used to intercept the execution of Telegram and launch the malware along with it.

Surveillance 133

Surveillance Malware Password Management Passwords 133

Security Affairs

MAY 7, 2020

The first information tag “ prog.params ” is immediately retrieved in the instruction “ HandlerParams.Start() ” seen in Figure 4. The malware tries to find the id of the mutex, declared inside the relative tag seen in code snippet 2, inside the “%TEMP%” folder. Figure 7: Check of a previous infection. Conclusion.

Malware 101

Malware Advertising Cybercrime Internet 101

Security Affairs

JANUARY 29, 2021

Microsoft, like Google TAG, observed a cyber espionage campaign aimed at vulnerability researchers that attributed to North Korea-linked Zinc APT group. ” This week, Google Threat Analysis Group (TAG) also warned of North Korea-linked hackers targeting security researchers through social media.

Malware 114

Malware Antivirus Hacking Accountability 114

Security Affairs

AUGUST 30, 2019

Earlier this year, Google Threat Analysis Group (TAG) experts uncovered an iPhone hacking campaign, initially, they spotted a limited number of hacked websites used in watering hole attacks against iPhone users. “Earlier this year Google’s Threat Analysis Group (TAG) discovered a small collection of hacked websites.

Spyware 88

Spyware Hacking Advertising Encryption 88

Security Affairs

OCTOBER 3, 2021

A complete PoC exploit for CVE-2021-22005 in VMware vCenter is available online Russia-linked Nobelium APT group uses custom backdoor to target Windows domains ERMAC, a new banking Trojan that borrows the code from Cerberus malware New BloodyStealer malware is targeting the gaming sector Expert found RCE flaw in Visual Studio Code Remote Development (..)

Banking 52

Banking Data breaches Malware VPN 52

Schneier on Security

JANUARY 23, 2019

Instead of using websites on the darknet, merchants are now operating invite-only channels on widely available mobile messaging systems like Telegram. Usually each unit of product is tagged with a piece of paper containing a unique secret word which is used to prove to the sales layer that a dead drop was found.

Cryptocurrency 210

Cryptocurrency Marketing Surveillance Risk 210

Security Affairs

JANUARY 18, 2024

Google TAG researchers warn that COLDRIVER is evolving tactics, techniques and procedures (TTPs), to improve its detection evasion capabilities. Recently, TAG has observed COLDRIVER delivering custom malware via phishing campaigns using PDFs as lure documents. ” reads TAG’s analysis. ” concludes the report.

Phishing 95

Phishing Malware Encryption Accountability 95

Security Affairs

JUNE 6, 2019

Although there was information about APT34 prior to 2019, a series of leaks on the website Telegram by an individual named “ Lab Dookhtegan ”, including Jason project, exposed many names and activities of the organization. The attacker used an old version of Microsoft.Exchange.WebService.dll tagged as 15.0.0.0

Computers and Electronics 81

Computers and Electronics Penetration Testing DNS Passwords 81

SecureList

JANUARY 30, 2023

Tags on an ad offering a job amid the crisis See translation how to earn money amid crisis make some cash during pandemic make money during coronavirus coronavirus updates pandemic jobs jobs amid crisis Some jobseekers lost all hope to find steady, legitimate employment and began to search on dark web forums, spawning a surge of resumes there.

Cybercrime 113

Cybercrime Marketing Encryption Risk 113

SecureList

DECEMBER 6, 2022

One of the main vectors for phishing and scaming are messengers such as WhatsApp and Telegram. Recently, many channels have appeared on Telegram promising prizes or get-rich cryptocurrency investment schemes. Comment in a Telegram chat promoting a currency exchange scheme. Messengers. Social networks. Marketplaces.

Scams 94

Scams Phishing Social Engineering Banking 94

Security Boulevard

JUNE 15, 2023

Mystic can also steal Telegram and Steam credentials. In addition, it collects Steam and Telegram credentials as well as data related to installed cryptocurrency wallets. Data stolen from the infected system is labeled with specific binary tags that identify the type of information when it is sent to the C2 server.

Cryptocurrency 52

Cryptocurrency Password Management Malware DNS 52

Security Boulevard

MAY 2, 2023

using our tag "CryptoScam" (as of this writing we have 3600+ sites on the list -- hosting companies and registrars, please take action!) Dozens of webpages, Telegram channels, and Facebook pages were filled with ads claiming how easy it was to earn money. You can find a list of some of the sites we've identified so far on URLScan.io

Scams 52

Scams Artificial Intelligence Financial Services Marketing 52

Security Affairs

MAY 2, 2019

On April 19 2019 researchers at Chronicle, a security company owned by Google’s parent company, Alphabet, have examined the leaked tools , exfiltrated the past week on a Telegram channel, and confirmed that they are indeed the same ones used by the OilRig attackers. (Source: MISP Project ). Is actually what should be executed.

DNS 86

DNS Computers and Electronics Penetration Testing Government 86

SiteLock

APRIL 7, 2022

This will bring you to the first occurrence of that string and then you just look for the HTML form tag. In addition to logging this data to files, these scripts also send the data via email or even via Telegram messages. Then you can search (Ctrl-F or Cmd-F) for one of the input fields of the form, ‘User ID’, for example.

Phishing 52

Phishing Engineering System Administration Malware 52

SecureList

APRIL 27, 2021

We were able to trace the implant back to at least 2015, along with variants intended to hijack the execution of the Telegram and Chrome applications as a persistence method. On January 25, the Google Threat Analysis Group (TAG) announced that a North Korean-related threat actor had targeted security researchers.

Malware 139

Malware Spyware Government Social Engineering 139

SecureList

MAY 31, 2021

Our EDR ( Endpoint Detection and Response ) solution helps to identify attacks in the early stages by marking suspicious actions with special IoA (Indicators of Attack) tags and by creating corresponding alerts. We also detect and block the backdoors used in the exploitation of these vulnerabilities.

Malware 95

Malware Adware Encryption Architecture 95