What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-01-22 06:47:43 | Experts Find Strategic Similarities b/w NotPetya and WhisperGate Attacks on Ukraine (lien direct) | Latest analysis into the wiper malware that targeted dozens of Ukrainian agencies earlier this month has revealed "strategic similarities" to NotPetya malware that was unleashed against the country's infrastructure and elsewhere in 2017. The malware, dubbed WhisperGate, was discovered by Microsoft last week, which said it observed the destructive cyber campaign targeting government, non-profit, | Malware | NotPetya NotPetya | |
|
2022-01-22 02:57:39 | Molerats Hackers Hiding New Espionage Attacks Behind Public Cloud Infrastructure (lien direct) | An active espionage campaign has been attributed to the threat actor known as Molerats that abuses legitimate cloud services like Google Drive and Dropbox to host malware payloads and for command-and-control and the exfiltration of data from targets across the Middle East. The cyber offensive is believed to have been underway since at least July 2021, according to cloud-based information | Malware Threat | ||
 |
2022-01-21 14:10:07 | Spyware Blitzes Compromise, Cannibalize ICS Networks (lien direct) | The brief spearphishing campaigns spread malware and use compromised networks to steal credentials that can be sold or used to commit financial fraud. | Malware | ||
 |
2022-01-21 12:54:28 | Phishing impersonates shipping giant Maersk to push STRRAT malware (lien direct) | A new phishing campaign using fake shipping delivery lures installs the STRRAT remote access trojan on unsuspecting victim's devices. [...] | Malware | ★★★★★ | |
 |
2022-01-21 12:19:42 | Ukraine Campaign Delivers Defacement and Wipers, in Continued Escalation (lien direct) | Authored by Nick Biasini and Chris Neal with Contributions from Dmytro Korzhevin. Several cyber attacks against Ukrainian government websites - including website defacements and destructive wiper malware - have made headlines over the past few weeks as military tensions along the Russian/Ukrainian... [[ This is only the beginning! Please visit the blog for the complete entry ]] | Malware | ||
|
2022-01-21 10:56:21 | Microsoft disables Excel 4.0 macros by default to block malware (lien direct) | Microsoft has announced that Excel 4.0 (XLM) macros will now be disabled by default to protect customers from malicious documents. [...] | Malware | ||
|
2022-01-21 03:40:40 | Chinese Hackers Spotted Using New UEFI Firmware Implant in Targeted Attacks (lien direct) | A previously undocumented firmware implant deployed to maintain stealthy persistence as part of a targeted espionage campaign has been linked to the Chinese-speaking Winnti advanced persistent threat group (APT41). Kaspersky, which codenamed the rootkit MoonBounce, characterized the malware as the "most advanced UEFI firmware implant discovered in the wild to date," adding "the purpose of the | Malware Threat Guideline | APT 41 APT 41 | |
|
2022-01-20 13:37:25 | FBI links Diavol ransomware to the TrickBot cybercrime group (lien direct) | The FBI has formally linked the Diavol ransomware operation to the TrickBot Group, the malware developers behind the notorious TrickBot banking trojan. [...] | Ransomware Malware | ||
 |
2022-01-20 09:04:24 | RedLine Stealer Delivered Through FTP, (Thu, Jan 20th) (lien direct) | Here is a piece of malicious Python script that injects a RedLine&#;x26;#;x5b;1&#;x26;#;x5d; stealer into its own process. Process injection is a common attacker&#;x26;#;xe2;&#;x26;#;x80;&#;x26;#;x99;s technique these days (for a long time already). The difference, in this case, is that the payload is delivered through FTP&#;x26;#;x21; It&#;x26;#;xe2;&#;x26;#;x80;&#;x26;#;x99;s pretty unusual because FTP is today less and less used for multiple reasons (lack of encryption by default, complex to filter with those passive/active modes). Support for FTP has even been disabled by default in Chrome starting with version 95&#;x26;#;x21; But&#;x26;#;xc2;&#;x26;#;xa0;FTP remains a common protocol in the IoT/Linux landscape with malware families like Mirai. My honeypots still collect a lot of Mirai samples on FTP servers. I don&#;x26;#;39;t understand why the attacker chose this protocol because, in most corporate environments,&#;x26;#;xc2;&#;x26;#;xa0;FTP is not allowed by default (and should definitely not be&#;x26;#;x21;). | Malware | ||
|
2022-01-20 07:55:29 | New MoonBounce UEFI malware used by APT41 in targeted attacks (lien direct) | Security analysts have discovered and linked MoonBounce, "the most advanced" UEFI firmware implant found so far in the wild, to the Chinese-speaking APT41 hacker group (also known as Winnti). [...] | Malware Guideline | APT 41 | |
 |
2022-01-20 00:00:00 | New STRRAT RAT Phishing Campaign (lien direct) | FortiGuard Labs discovered a phishing email used to deliver a variant of the STRRAT malware as an attachment. This blog deconstructs the phishing email and its malicious payload.
|
Malware | ||
|
2022-01-19 23:54:23 | DoNot Hacking Team Targeting Government and Military Entities in South Asia (lien direct) | A threat actor with potential links to an Indian cybersecurity company has been nothing if remarkably persistent in its attacks against military organizations based in South Asia, including Bangladesh, Nepal, and Sri Lanka, since at least September 2020 by deploying different variants of its bespoke malware framework. Slovak cybersecurity firm ESET attributed the highly targeted attack to a | Malware Threat | ||
 |
2022-01-19 22:45:00 | Anomali Cyber Watch: Russia-Sponsored Cyber Threats, China-Based Earth Lusca Active in Cyberespionage and Cybertheft, BlueNoroff Hunts Cryptocurrency-Related Businesses, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, China, HTTP Stack, Malspam, North Korea, Phishing, Russia and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Earth Lusca Employs Sophisticated Infrastructure, Varied Tools and Techniques
(published: January 17, 2022)
The Earth Lusca threat group is part of the Winnti cluster. It is one of different Chinese groups that share aspects of their tactics, techniques, and procedures (TTPs) including the use of Winnti malware. Earth Lusca were active throughout 2021 committing both cyberespionage operations against government-connected organizations and financially-motivated intrusions targeting gambling and cryptocurrency-related sectors. For intrusion, the group tries different ways in including: spearphishing, watering hole attacks, and exploiting publicly facing servers. Cobalt Strike is one of the group’s preferred post-exploitation tools. It is followed by the use of the BioPass RAT, the Doraemon backdoor, the FunnySwitch backdoor, ShadowPad, and Winnti. The group employs two separate infrastructure clusters, first one is rented Vultr VPS servers used for command-and-control (C2), second one is compromised web servers used to scan for vulnerabilities, tunnel traffic, and Cobalt Strike C2.
Analyst Comment: Earth Lusca often relies on tried-and-true techniques that can be stopped by security best practices, such as avoiding clicking on suspicious email/website links and or reacting on random banners urging to update important public-facing applications. Don’t be tricked to download Adobe Flash update, it was discontinued at the end of December 2020. Administrators should keep their important public-facing applications (such as Microsoft Exchange and Oracle GlassFish Server) updated.
MITRE ATT&CK: [MITRE ATT&CK] Drive-by Compromise - T1189 | [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Scheduled Task - T1053 | [MITRE ATT&CK] System Services - T1569 | [MITRE ATT&CK] Windows Management Instrumentation - T1047 | [MITRE ATT&CK] Account Manipulation - T1098 | [MITRE ATT&CK] BITS Jobs - T1197 | [MITRE ATT&CK] Create Account - T1136 | [MITRE ATT&CK] Create or Modify System Process - T1543 | [MITRE ATT&CK] External Remote Services - T1133 | [MITRE ATT&CK] Hijack Execution Flow |
Ransomware Malware Tool Vulnerability Threat Patching Guideline | APT 41 APT 38 APT 29 APT 28 APT 28 | |
|
2022-01-19 21:26:42 | New BHUNT Password Stealer Malware Targeting Cryptocurrency Wallets (lien direct) | A new evasive crypto wallet stealer named BHUNT has been spotted in the wild with the goal of financial gain, adding to a list of digital currency stealing malware such as CryptBot, Redline Stealer, and WeSteal. "BHUNT is a modular stealer written in .NET, capable of exfiltrating wallet (Exodus, Electrum, Atomic, Jaxx, Ethereum, Bitcoin, Litecoin wallets) contents, passwords stored in the | Malware | ||
|
2022-01-19 20:55:28 | Destructive Wiper Targeting Ukraine Aimed at Eroding Trust, Experts Say (lien direct) | Disruptive malware attacks on Ukrainian organizations (posing as ransomware attacks) are very likely part of Russia's wider effort to undermine Ukraine's sovereignty, according to analysts. | Ransomware Malware | ||
 |
2022-01-19 20:05:49 | Microsoft Edge Adds Security Mode to Thwart Malware Attacks (lien direct) | A new security feature in the latest beta of the Microsoft Edge browser can help protect web surfers from zero-day attacks. | Malware | ||
|
2022-01-19 18:44:07 | Thousands of Industrial Firms Targeted in Attacks Leveraging Short-Lived Malware (lien direct) | Thousands of industrial organizations worldwide have been hit in campaigns that leverage short-lived malware to harvest corporate credentials that are then sold by threat actors for a profit, according to Kaspersky. | Malware Threat | ||
 |
2022-01-19 17:37:01 | Technical Analysis of the WhisperGate Malicious Bootloader (lien direct) | On Jan. 15, 2022, a set of malware dubbed WhisperGate was reported to have been deployed against Ukrainian targets. The incident is widely reported to contain three individual components deployed by the same adversary, including a malicious bootloader that corrupts detected local disks, a Discord-based downloader and a file wiper. The activity occurred at approximately […] | Malware | ||
|
2022-01-19 14:27:42 | BlackBerry Researchers Dive Into Prometheus TDS Operations (lien direct) | BlackBerry's security researchers have closely analyzed the Prometheus TDS (Traffic Direction System) and discovered a correlation with a leaked Cobalt Strike SSL key pair, as well as with various malware families. | Malware | ||
|
2022-01-19 10:15:45 | New BHUNT malware targets your crypto wallets and passwords (lien direct) | A novel modular crypto-wallet stealing malware dubbed 'BHUNT' has been spotted targeting cryptocurrency wallet contents, passwords, and security phrases. [...] | Malware | ||
|
2022-01-19 06:39:32 | Russian Hackers Heavily Using Malicious Traffic Direction System to Distribute Malware (lien direct) | Potential connections between a subscription-based crimeware-as-a-service (Caas) solution and a cracked copy of Cobalt Strike have been established in what the researchers suspect is being offered as a tool for its customers to stage post-exploitation activities. Prometheus, as the service is called, first came to light in August 2021 when cybersecurity company Group-IB disclosed details of | Malware Tool | ||
 |
2022-01-19 06:05:49 | Is White Rabbit ransomware linked to FIN8 financially motivated group? (lien direct) | A new ransomware gang named White Rabbit appeared in the threat landscape, experts believe it is linked to the FIN8 hacking group. A new ransomware gang called ‘White Rabbit’ launched its operations and according to the experts, it is likely linked to the FIN8 financially motivated group. In December the popular malware researcher Michael Gillespie, […] | Ransomware Malware Threat | ||
|
2022-01-18 23:32:41 | DDoS IRC Bot Malware Spreading Through Korean WebHard Platforms (lien direct) | An IRC (Internet Relay Chat) bot strain programmed in GoLang is being used to launch distributed denial-of-service (DDoS) attacks targeting users in Korea. "The malware is being distributed under the guise of adult games," researchers from AhnLab's Security Emergency-response Center (ASEC) said in a new report published on Wednesday. "Additionally, the DDoS malware was installed via downloader | Malware | ★★★★★ | |
|
2022-01-18 22:56:23 | Ukraine: Recent Cyber Attacks Part of Wider Plot to Sabotage Critical Infrastructure (lien direct) | The coordinated cyberattacks targeting Ukrainian government websites and the deployment of a data-wiper malware called WhisperGate on select government systems are part of a broader wave of malicious activities aimed at sabotaging critical infrastructure in the country. The Secret Service of Ukraine on Monday confirmed that the two incidents are related, adding the breaches also exploited the | Malware | ||
|
2022-01-18 21:58:59 | AlphV/BlackCat ransomware gang published data stolen from fashion giant Moncler (lien direct) | Luxury fashion giant Moncler confirmed a data breach after a ransomware attack carried out by the AlphV/BlackCat. Moncler confirmed a data breach after an attack that took place in December. The luxury fashion giant was hit by AlphV/BlackCat ransomware that today published the stolen data on its leak site in the Tor network. In December, malware […] | Ransomware Data Breach Malware | ||
|
2022-01-18 15:44:21 | Critical ManageEngine Desktop Server Bug Opens Orgs to Malware (lien direct) | Zoho's comprehensive endpoint-management platform suffers from an authentication-bypass bug (CVE-2021-44757) that could lead to remote code execution. | Malware Guideline | ||
 |
2022-01-18 08:59:00 | SysJoker, une porte dérobée mystérieuse qui cible à la fois Windows, macOS et Linux (lien direct) | Des chercheurs ont trouvé un malware plutôt sophistiqué qui sert probablement pour le cyberespionnage. Mais dans l'ensemble, c'est encore un mystère.  |
Malware | ||
|
2022-01-18 06:55:34 | Europol shuts down VPN service used by ransomware groups (lien direct) | Law enforcement authorities from 10 countries took down VPNLab.net, a VPN service provider used by ransomware operators and malware actors. [...] | Ransomware Malware | ||
|
2022-01-17 20:32:11 | Wiper malware hit Ukrainian organizations (lien direct) | FortiGuard Labs is aware of a report that multiple organizations in the Ukraine were impacted by destructive malware. The malware looks to be some kind of ransomware at first glance; however, it does not have the telltale signs of ransomware. It overwrites the victim's Master Boot Record (MBR) and files with specific file extensions without any recovery mechanism, which are enough to classify the malware as a destructive wiper malware.Why is this Significant?This is significant because the attack involves a wiper malware that destroys the victim's MBR and certain files without any recovery mechanism.How Widespread is the Attack?At this point, the attack only affected multiple unnamed organizations in Ukraine.What the Details of the Attack?Initial attack vector has not yet been identified.This attack involves three malware.The first malware overwrites the victim's Master Boot Record (MBR) which makes Windows OS unbootable and leaves a ransom note that reads below:Your hard drive has been corrupted.In case you want to recover all hard drivesof your organization,You should pay us $10k via bitcoin wallet1AVNM68gj6PGPFcJuftKATa4WLnzg8fpfv and send message viatox ID 8BEDC411012A33BA34F49130D0F186993C6A32DAD8976F6A5D82C1ED23054C057ECED5496F65with your organization name.We will contact you to give further instructions.The second malware simply downloads a wiper malware hosted on a Discord channel and executes it.The wiper malware searches for and overwrites files with the following file extensions on the victim's machine:.3DM .3DS .7Z .ACCDB .AI .ARC .ASC .ASM .ASP .ASPX .BACKUP .BAK .BAT .BMP .BRD .BZ .BZ2 .CGM .CLASS .CMD .CONFIG .CPP .CRT .CS .CSR .CSV .DB .DBF .DCH .DER .DIF .DIP .DJVU.SH .DOC .DOCB .DOCM .DOCX .DOT .DOTM .DOTX .DWG .EDB .EML .FRM .GIF .GO .GZ .HDD .HTM .HTML .HWP .IBD .INC .INI .ISO .JAR .JAVA .JPEG .JPG .JS .JSP .KDBX .KEY .LAY .LAY6 .LDF .LOG .MAX .MDB .MDF .MML .MSG .MYD .MYI .NEF .NVRAM .ODB .ODG .ODP .ODS .ODT .OGG .ONETOC2 .OST .OTG .OTP .OTS .OTT .P12 .PAQ .PAS .PDF .PEM .PFX .PHP .PHP3 .PHP4 .PHP5 .PHP6 .PHP7 .PHPS .PHTML .PL .PNG .POT .POTM .POTX .PPAM .PPK .PPS .PPSM .PPSX .PPT .PPTM .PPTX .PS1 .PSD .PST .PY .RAR .RAW .RB .RTF .SAV .SCH .SHTML .SLDM .SLDX .SLK .SLN .SNT .SQ3 .SQL .SQLITE3 .SQLITEDB .STC .STD .STI .STW .SUO .SVG .SXC .SXD .SXI .SXM .SXW .TAR .TBK .TGZ .TIF .TIFF .TXT .UOP .UOT .VB .VBS .VCD .VDI .VHD .VMDK .VMEM .VMSD .VMSN .VMSS .VMTM .VMTX .VMX .VMXF .VSD .VSDX .VSWP .WAR .WB2 .WK1 .WKS .XHTML .XLC .XLM .XLS .XLSB .XLSM .XLSX .XLT .XLTM .XLTX .XLW .YML .ZIPIt also changes the file extension of the affected file to a random four-byte extension.What is the Status of Coverage?FortiGuard Labs provides the following AV coverage against the malware involved:W32/KillMBR.NGI!trMSIL/Agent.FP!tr.dldrThe following AV coverage is available for the wiper malware that has not yet been confirmed: MSIL/Agent.VVH!trFortiGuard Labs is currently investigating the last file to confirm the destructive capability of the wiper malware. This blog will be updated when additional information becomes available. | Ransomware Malware | ||
|
2022-01-17 10:13:30 | Experts warn of attacks using a new Linux variant of SFile ransomware (lien direct) | The operators of the SFile ransomware (aka Escal) have developed a Linux version of their malware to expand their operations. SFile ransomware (aka Escal), has been active since 2020, it was observed targeting only Windows systems. Some variants of the ransomware append the English name of the target company to the filenames of the encrypted files. […] | Ransomware Malware | ||
 |
2022-01-17 09:20:00 | Microsoft Warns of Destructive Malware Campaign Targeting Ukraine (lien direct) | NotPetya-like attacks are disguised as ransomware | Malware | NotPetya | |
 |
2022-01-16 21:48:05 | A bad day in the office for the REvil ransomware gang, as Russia arrests 14 members (lien direct) | While data-wiping malware is hitting the PCs of multiple Ukrainian organisations, Russia has taken the surprising step of arresting 14 members of the REvil ransomware gang. | Ransomware Malware | ||
|
2022-01-16 21:06:57 | Microsoft Uncovers Destructive Malware Used in Ukraine Cyberattacks (lien direct) | Newly detected WhisperGate malware being used by previously unknown threat group in cyberattacks against Ukraine | Malware Threat | ||
|
2022-01-16 21:06:47 | Data-wiping malware hitting Ukrainian computers displays fake ransom demand (lien direct) | Someone is targeting Windows computers in Ukraine with malware, and for some reason they want it to look like ransomware. | Malware | ||
|
2022-01-16 15:31:09 | Microsoft spotted a destructive malware campaign targeting Ukraine (lien direct) | Microsoft spotted a new destructive malware operation targeting government, non-profit, and IT entities in Ukraine. Microsoft spotted a destructive attack that targeted government, non-profit, and IT entities in Ukraine with a wiper disguised as ransomware. The attackers were discovered by Microsoft on January 13, the experts attributed the attack to an emerging threat cluster tracked […] | Malware Threat | ||
|
2022-01-16 13:32:35 | Microsoft: Fake ransomware targets Ukraine in data-wiping attacks (lien direct) | Microsoft is warning of destructive data-wiping malware disguised as ransomware being used in attacks against multiple organizations in Ukraine. [...] | Ransomware Malware | ||
|
2022-01-16 01:28:50 | A New Destructive Malware Targeting Ukrainian Government and Business Entities (lien direct) | Cybersecurity teams from Microsoft on Saturday disclosed they identified evidence of a new destructive malware operation targeting government, non-profit, and information technology entities in Ukraine amid brewing geopolitical tensions between the country and Russia. "The malware is disguised as ransomware but, if activated by the attacker, would render the infected computer system inoperable," | Ransomware Malware | ||
|
2022-01-15 10:12:24 | Linux malware sees 35% growth during 2021 (lien direct) | The number of malware infections on Linux-based IoT (internet of things) devices rose by 35% in 2021 compared to the previous year's numbers. The principal goal was recruiting devices to be part of DDoS (distributed denial of service) attacks. [...] | Malware | ||
 |
2022-01-14 20:30:00 | Préparation proactive et durcissement pour protéger contre les attaques destructrices |Blog Proactive Preparation and Hardening to Protect Against Destructive Attacks | Blog (lien direct) |
À la lumière de la crise en Ukraine, Mandiant se prépare aux acteurs russes à mener une cyber-activité agressive contre nos clients et notre communauté.La Russie utilise régulièrement sa cyber-capacité pour effectuer des opérations de collecte de renseignements et de l'information, mais nous sommes particulièrement préoccupés par le fait qu'à mesure que les tensions s'améliorent, elles peuvent cibler les organisations à l'intérieur et à l'extérieur de l'Ukraine avec des cyberattaques perturbatrices et destructrices.
Les acteurs de la menace exploitent des logiciels malveillants destructeurs pour détruire les données, éliminer les preuves d'activité malveillante ou manipuler les systèmes d'une manière qui les rend inopérables
In light of the crisis in Ukraine, Mandiant is preparing for Russian actors to carry out aggressive cyber activity against our customers and community. Russia regularly uses its cyber capability to carry out intelligence collection and information operations, but we are particularly concerned that as tensions escalate, they may target organizations within and outside of Ukraine with disruptive and destructive cyber attacks. Threat actors leverage destructive malware to destroy data, eliminate evidence of malicious activity, or manipulate systems in a way that renders them inoperable |
Malware | ★★★ | |
 |
2022-01-14 13:36:57 | Campagne malware en cours exploitant des infrastructures de cloud public (lien direct) | Une campagne de malwares en cours a récemment été documentée par le groupe Talos de Cisco. Selon ses experts, elle exploite des infrastructures de cloud public, comme les services cloud AWS d'Amazon et Azure de Microsoft. À la vue de cette attaque, les cybercriminels optent désormais pour une infrastructure d'attaque entièrement dynamique, afin de contourner la distribution initiale et la détection d'accès. The post Campagne malware en cours exploitant des infrastructures de cloud public first appeared on UnderNews. | Malware Cloud | ||
 |
2022-01-14 12:13:47 | Using EM Waves to Detect Malware (lien direct) | I don’t even know what I think about this. Researchers have developed a malware detection system that uses EM waves: “Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification.” Abstract: The Internet of Things (IoT) is constituted of devices that are exponentially growing in number and in complexity. They use numerous customized firmware and hardware, without taking into consideration security issues, which make them a target for cybercriminals, especially malware authors. We will present a novel approach of using side channel information to identify the kinds of threats that are targeting the device. Using our approach, a malware analyst is able to obtain precise knowledge about malware type and identity, even in the presence of obfuscation techniques which may prevent static or symbolic binary analysis. We recorded 100,000 measurement traces from an IoT device infected by various in-the-wild malware samples and realistic benign activity. Our method does not require any modification on the target device. Thus, it can be deployed independently from the resources available without any overhead. Moreover, our approach has the advantage that it can hardly be detected and evaded by the malware authors. In our experiments, we were able to predict three generic malware types (and one benign class) with an accuracy of 99.82%. Even more, our results show that we are able to classify altered malware samples with unseen obfuscation techniques during the training phase, and to determine what kind of obfuscations were applied to the binary, which makes our approach particularly useful for malware analysts... | Malware | ||
 |
2022-01-14 11:49:40 | SnatchCrypto campaign plants backdoors in crypto startups, DeFi, blockchain networks (lien direct) | Malware is used to find and empty cryptocurrency wallets at victim organizations. | Malware | ||
|
2022-01-14 08:22:48 | Threat actors can bypass malware detection due to Microsoft Defender weakness (lien direct) | A weakness in the Microsoft Defender antivirus can allow attackers to retrieve information to use to avoid detection. Threat actors can leverage a weakness in Microsoft Defender antivirus to determine in which folders plant malware to avoid the AV scanning. Microsoft Defender allows users to exclude locations on their machines that should be excluded from […] | Malware Threat | ||
|
2022-01-13 17:35:34 | US Military Ties Prolific MuddyWater Cyberespionage APT to Iran (lien direct) | US Cyber Command linked the group to Iranian intelligence and detailed its multi-pronged, increasingly sophisticated suite of malware tools. | Malware | ||
|
2022-01-13 15:44:36 | Threat actors abuse public cloud services to spread multiple RATs (lien direct) | Threat actors are actively abusing cloud services from Amazon and Microsoft to deliver RATs such as Nanocore, Netwire, and AsyncRAT. Threat actors are actively exploiting public cloud services from Amazon and Microsoft to spread RATs such as Nanocore, Netwire, and AsyncRAT used to steal sensitive information from compromised systems. The malware campaign was spotted by Cisco Talos in October 2021, most […] | Malware Threat | ||
|
2022-01-13 15:04:01 | New GootLoader Campaign Targets Accounting, Law Firms (lien direct) | Once prolific spreaders of REvil ransomware, the GootLoader malware gang has pivoted to actively targeting employees of law and accounting firms with malicious downloads. The Threat Response Unit from eSentire issued an alert about having over the past three weeks observed GootLoader attacks on three law firms and one accounting firm. WordPress vulnerabilities let the […] | Malware Threat | ||
|
2022-01-13 13:08:36 | Microsoft Defender weakness lets hackers bypass malware detection (lien direct) | Threat actors can take advantage of a weakness that affects Microsoft Defender antivirus on Windows to learn locations excluded from scanning and plant malware there. [...] | Malware Threat | ||
|
2022-01-13 12:04:18 | Linux-Targeted Malware Increases by 35% in 2021: XorDDoS, Mirai and Mozi Most Prevalent (lien direct) | Malware targeting Linux systems increased by 35% in 2021 compared to 2020 XorDDoS, Mirai and Mozi malware families accounted for over 22% of Linux-targeted threats observed by CrowdStrike in 2021 Ten times more Mozi malware samples were observed in 2021 compared to 2020 Malware targeting Linux-based operating systems, commonly deployed in Internet of Things (IoT) […] | Malware | ||
|
2022-01-13 11:49:44 | UK jails man for spying on kids, adults with Remote Access Trojans (lien direct) | Malware was used to take explicit photos and videos. | Malware | ||
|
2022-01-13 11:00:00 | Threat Source Newsletter (Jan. 13, 2022) (lien direct) | Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers. Move out of the way, Log4j! Traditional malware is back with a bang in 2022. While Log4j is likely still occupying many defenders' minds, the bad guys are still out there doing not-Log4j things. We have new research out... [[ This is only the beginning! Please visit the blog for the complete entry ]] | Malware |
To see everything:
Our RSS (filtrered)
