What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-03-13 18:38:00 | Hike in AI-Created YouTube Videos Loaded With Malware (lien direct) | AI-generated videos pose as tutorials on how to get cracked versions of Photoshop, Premiere Pro, and more. | Malware | ★★ | |
 |
2023-03-13 17:46:14 | Persistance à long terme d\'un malware chinois sur des dipositifs SonicWall, l\'importance du monitoring en continue (lien direct) | Persistance à long terme d'un malware chinois sur des dipositifs SonicWall, l'importance du monitoring en continue Mandiant, en partenariat avec SonicWall Product Security and Incident Response Team (PSIRT), a identifié une campagne chinoise suspecte qui consiste à maintenir une présence à long terme en exécutant un logiciel malveillant sur une application SonicWall Secure Mobile Access (SMA) qui n'a pas été patchée. - Malwares | Malware | ★★ | |
 |
2023-03-13 17:17:00 | Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware (lien direct) | Threat actors have been increasingly observed using AI-generated YouTube Videos to spread a variety of stealer malware such as Raccoon, RedLine, and Vidar. "The videos lure users by pretending to be tutorials on how to download cracked versions of software such as Photoshop, Premiere Pro, Autodesk 3ds Max, AutoCAD, and other products that are licensed products available only to paid users," | Threat Malware | ★★ | |
|
2023-03-13 11:45:00 | KamiKakaBot Malware Used in Latest Dark Pink APT Attacks on Southeast Asian Targets (lien direct) | The Dark Pink advanced persistent threat (APT) actor has been linked to a fresh set of attacks targeting government and military entities in Southeast Asian countries with a malware called KamiKakaBot. Dark Pink, also called Saaiwc, was first profiled by Group-IB earlier this year, describing its use of custom tools such as TelePowerBot and KamiKakaBot to run arbitrary commands and exfiltrate | Threat Malware | ★★★ | |
 |
2023-03-13 10:00:00 | Insights from an external incident response team: Strategies to reduce the impact of cybersecurity attacks (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. "Why are you here if you cannot decrypt our data?" This is how people sometimes react to the arrival of the external incident response team. In this article, I will try to answer this question, but at the same time, I am going to describe the stages of incident response, list the main mistakes that play into the hands of hackers, and give basic advice on how to respond. Let's start by defining what a security incident is. Although the concept is straightforward, various companies may interpret it differently. For instance, some companies may consider incidents to include situations such as a power supply failure or a hard drive malfunction, while others may only classify malicious actions as incidents. In theory, an incident is a moment when some kind of undesirable event occurs. In practice, the definition of an "undesirable event" is determined by each company's own interpretation and perspective. For one organization, the discovery of a phishing email is what requires investigation. Other companies may not see the point in worrying about such incidents. For instance, they may not be concerned about a phishing email being opened on an employee device in a remote location not connected to the main infrastructure since it poses no immediate threat. There are also interesting cases here. For example, online traders consider a drop in the speed of interaction with the online exchange by 1% to be a serious incident. In many industries, proper incident response steps and cybersecurity in general, cannot be overestimated. But if we are talking about serious incidents, then most often, these are events related to the penetration of an attacker into the corporate network. This annoys the vast majority of business leaders. Incident response stages While the interpretation of certain events as security incidents may vary depending on various factors such as context and threat model, the response steps are often the same. These response steps are primarily based on the old SANS standard, which is widely used by many security professionals. SANS identifies six stages of incident response: Preparation Identification Containment Eradication Recovery Lessons learned It is important to note that the external response team is not immediately involved in this process. Preparation Preparation involves properly aligning organizational and technical processes. These are universal measures that should be implemented effectively across all areas: Inventory networks Build subnets correctly Use correct security controls and tools Hire the right people All this is not directly related to the external response team and, at the same time, affects its work significantly. The response is based on preparatory steps. For example, it relies heavily on the log retention policy. Each attack has its own dwell time - the time from an attacker entering the network until their activity is detected. If the attack has an extended dwell time (three-four months) and the logs are kept for seven days, it will be much more difficult for the investigation team to fin | Threat Spam Malware Guideline Vulnerability | ★★★ | |
 |
2023-03-13 00:49:37 | CHM Malware Disguised as North Korea-related Questionnaire (Kimsuky) (lien direct) | AhnLab Security Emergency response Center (ASEC) has recently discovered a CHM malware which is assumed to have been created by the Kimsuky group. This malware type is the same as the one covered in the following ASEC blog posts and the analysis report on the malware distributed by the Kimsuky group, its goal being the exfiltration of user information. Analysis Report on Malware Distributed by the Kimsuky Group – Oct 20, 2022 APT Attack Being Distributed as Windows Help File (*.chm) –... | Malware | ★★★ | |
 |
2023-03-12 00:03:36 | List of clean mutexes and mutants (lien direct) | A few years ago I released a list of ‘bad’ mutexes/mutants. That list was generated from my malware sandbox reports. I thought that it may be good to revisit the […] | Malware | ★★★★ | |
|
2023-03-11 19:02:00 | BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads (lien direct) | The malware downloader known as BATLOADER has been observed abusing Google Ads to deliver secondary payloads like Vidar Stealer and Ursnif. According to cybersecurity company eSentire, malicious ads are used to spoof a wide range of legitimate apps and services such as Adobe, OpenAPI's ChatGPT, Spotify, Tableau, and Zoom. BATLOADER, as the name suggests, is a loader that's responsible for | Malware | ChatGPT | ★★ |
|
2023-03-10 21:01:30 | BlackLotus Secure Boot Bypass Malware Set to Ramp Up (lien direct) | BlackLotus is the first in-the-wild malware to exploit a vulnerability in the Secure Boot process on Windows, and experts expect copycats and imminent increased activity. | Malware Vulnerability | ★★★ | |
 |
2023-03-10 20:34:34 | Xenomorph Android Malware Steals Data From 400 Banks (lien direct) | A new automatic transfer system (ATS) framework and the capacity to steal login information for 400 banks are two of the main capabilities added to the Xenomorph Android virus in this new iteration. ThreatFabric found the initial iteration in February 2022. The banking malware has amassed over 50,000 downloads on the Google Play store. Using […] | Malware | ★ | |
|
2023-03-10 19:32:00 | New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide (lien direct) | An updated version of a botnet malware called Prometei has infected more than 10,000 systems worldwide since November 2022. The infections are both geographically indiscriminate and opportunistic, with a majority of the victims reported in Brazil, Indonesia, and Turkey. Prometei, first observed in 2016, is a modular botnet that features a large repertoire of components and several proliferation | Malware | ★★★ | |
|
2023-03-10 19:20:00 | China-linked Hackers Targeting Unpatched SonicWall SMA Devices with Malware (lien direct) | A suspecting China-linked hacking campaign has been observed targeting unpatched SonicWall Secure Mobile Access (SMA) 100 appliances to drop malware and establish long-term persistence. "The malware has functionality to steal user credentials, provide shell access, and persist through firmware upgrades," cybersecurity company Mandiant said in a technical report published this week. The | Malware | ★★ | |
 |
2023-03-10 17:30:00 | Hadoken Security Group Upgrades Xenomorph Mobile Malware (lien direct) | The trojan can now start specified applications, show push notifications, steal cookies and more | Malware | ★★★ | |
 |
2023-03-10 16:27:40 | Microsoft OneNote to get enhanced security after recent malware abuse (lien direct) | Microsoft is working on introducing improved protection against phishing attacks pushing malware via malicious Microsoft OneNote files. [...] | Malware | ★★★ | |
|
2023-03-10 15:33:00 | Xenomorph Android Banking Trojan Returns with a New and More Powerful Variant (lien direct) | A new variant of the Android banking trojan named Xenomorph has surfaced in the wild, the latest findings from ThreatFabric reveal. Named "Xenomorph 3rd generation" by the Hadoken Security Group, the threat actor behind the operation, the updated version comes with new features that allow it to perform financial fraud in a seamless manner. "This new version of the malware adds many new | Threat Malware | ★★ | |
 |
2023-03-10 14:46:12 | Use of Malware Decreases in Cyber Attacks as Exploit Usage Skyrockets (lien direct) |
|
Malware | ★★ | |
|
2023-03-10 14:02:23 | New GoBruteforcer malware targets phpMyAdmin, MySQL, FTP, Postgres (lien direct) | A newly discovered Golang-based botnet malware scans for and infects web servers running phpMyAdmin, MySQL, FTP, and Postgres services. [...] | Malware | ★★★ | |
|
2023-03-10 13:13:00 | North Korean UNC2970 Hackers Expands Operations with New Malware Families (lien direct) | A North Korean espionage group tracked as UNC2970 has been observed employing previously undocumented malware families as part of a spear-phishing campaign targeting U.S. and European media and technology organizations since June 2022. Google-owned Mandiant said the threat cluster shares "multiple overlaps" with a long-running operation dubbed "Dream Job" that employs job recruitment lures in | Threat Malware | ★★ | |
|
2023-03-10 12:58:14 | SoulSearcher Malware Released By Chinese Sharp Panda Group (lien direct) | Sharp Panda’s new “SoulSearcher” malware framework is targeting high-profile government agencies in Vietnam, Thailand, and Indonesia. Chinese APTs used the virus to spy on vital Southeast Asian organizations. Check Point found a spear-phishing-based malware campaign that started in late 2022 and continues into 2023. The latest Sharp Panda operation sends spear-phishing emails with malicious DOCX […] | Malware | ★★ | |
|
2023-03-10 12:48:07 | Security researchers targeted with new malware via job offers on LinkedIn (lien direct) | A suspected North Korean hacking group is targeting security researchers and media organizations in the U.S. and Europe with fake job offers that lead to the deployment of three new, custom malware families. [...] | Malware Guideline | ★★★ | |
|
2023-03-10 10:54:50 | Police Seize Netwire RAT Malware Framework, Detains Admin (lien direct) | After seizing the website and bringing down the infrastructure used by criminals connected to the NetWire remote access malware, international law enforcement authorities have declared another triumph over cybercriminals (RAT). A guy who allegedly ran the worldwiredlabs website, which has long sold the NetWire malware, was detained by Croatian police on Tuesday. Swiss law enforcement […] | Malware | ★★★ | |
|
2023-03-10 05:24:00 | Xenomorph Android malware now steals data from 400 banks (lien direct) | The Xenomorph Android malware has released a new version that adds significant capabilities to conduct malicious attacks, including a new automated transfer system (ATS) framework and the ability to steal credentials for 400 banks. [...] | Malware | ★★★ | |
 |
2023-03-10 01:33:57 | Another Malware with Persistence (lien direct) | Here’s a piece of Chinese malware that infects SonicWall security appliances and survives firmware updates. On Thursday, security firm Mandiant published a report that said threat actors with a suspected nexus to China were engaged in a campaign to maintain long-term persistence by running malware on unpatched SonicWall SMA appliances. The campaign was notable for the ability of the malware to remain on the devices even after its firmware received new firmware. “The attackers put significant effort into the stability and persistence of their tooling,” Mandiant researchers Daniel Lee, Stephen Eckels, and Ben Read wrote. “This allows their access to the network to persist through firmware updates and maintain a foothold on the network through the SonicWall Device.”... | Threat Malware | ★★★ | |
|
2023-03-10 00:55:42 | Netcat Attack Cases Targeting MS-SQL Servers (LOLBins) (lien direct) | ASEC (AhnLab Security Emergency response Center) has recently discovered the distribution of the Netcat malware targeting poorly managed MS-SQL servers. Netcat is a utility that allows users to send and receive data from specific destinations on a network connected by the TCP/UDP protocol. Due to its various features and ability to be used on both Linux and Windows, it is utilized by network managers and threat actors alike. 1. Netcat From a malware standpoint, a characteristic of Netcat is its... | Threat Malware | ★★★ | |
 |
2023-03-09 23:20:13 | Malware infecting widely used security appliance survives firmware updates (lien direct) | Update-resistant malware is part of a pattern by highly motivated threat actors. | Threat Malware | ★★★ | |
|
2023-03-09 20:24:00 | Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware (lien direct) | Security vulnerabilities in remote desktop programs such as Sunlogin and AweSun are being exploited by threat actors to deploy the PlugX malware. AhnLab Security Emergency Response Center (ASEC), in a new analysis, said it marks the continued abuse of the flaws to deliver a variety of payloads on compromised systems. This includes the Sliver post-exploitation framework, XMRig cryptocurrency | Threat Malware | ★★★ | |
 |
2023-03-09 18:27:06 | Refreshed from its holiday, Emotet has gone phishing (lien direct) | Notorious botnet starts spamming again after a three-month pause Emotet is back. After another months-long lull since a spate of attacks in November 2022, the notorious malware operation that has already survived a law enforcement takedown and various periods of inactivity began sending out malicious emails on Tuesday morning.… | Malware | ★★ | |
|
2023-03-09 18:24:20 | Police seize Netwire RAT malware infrastructure, arrest admin (lien direct) | An international law enforcement operation involving the FBI and police agencies worldwide led to the arrest of the suspected administrator of the NetWire remote access trojan and the seizure of the service's web domain and hosting server. [...] | Malware | ★★★ | |
 |
2023-03-09 17:59:30 | Custom Chinese Malware Found on SonicWall Appliance (lien direct) | >Malware deployed by Chinese hackers on a SonicWall SMA appliance includes credential theft, shell access, and persistence functionality. | Malware | ★★ | |
|
2023-03-09 17:30:00 | Remcos Trojan Returns to Most Wanted Malware List After Ukraine Attacks (lien direct) | Weekly attacks targeting Ukraine decreased by 44% between October 2022 and February 2023 | Malware | ★★ | |
|
2023-03-09 17:00:00 | 8220 Gang Behind ScrubCrypt Attack Targeting Oracle Weblogic Server (lien direct) | ScrubCrypt malware obfuscates and encrypts applications to evade antivirus detection | Malware | ★★ | |
|
2023-03-09 16:23:20 | Black Lotus Labs uncovers another new malware that targets compromised routers (lien direct) | Black Lotus Labs uncovers another new malware that targets compromised routers HiatusRAT has been targeting business-grade routers to covertly spy on victims since July 2022 - Malware Update | Malware | ★★ | |
|
2023-03-09 12:40:37 | SonicWall devices infected by malware that survives firmware upgrades (lien direct) | A suspected Chinese hacking campaign has been targeting unpatched SonicWall Secure Mobile Access (SMA) appliances to install custom malware that establish long-term persistence for cyber espionage campaigns. [...] | Malware | ★★ | |
 |
2023-03-09 11:00:28 | February 2023\'s Most Wanted Malware: Remcos Trojan Linked to Cyberespionage Operations Against Ukrainian Government (lien direct) | >Researchers report that Remcos Trojan was used by threat actors to target Ukrainian government entities through phishing attacks as part of wider cyberespionage operations. Meanwhile, Formbook and Emotet returned to the top three most prevalent malware families, and Education/Research remained the most targeted industry Our latest Global Threat Index for February 2023 saw Remcos Trojan… | Threat Malware | ★★★ | |
|
2023-03-09 10:35:58 | There\'s A RAT In mi Note, What Am I Gonna Do? (lien direct) | Cybercriminals use Microsoft OneNote attachments in phishing emails to spread malware and password stealers. Phishing campaigns are one of the most typical ways criminals obtain private or sensitive information. According to Verizon Data Breach Investigations Report, 94% of the malware is delivered by email. Malicious Word and Excel attachments for phishing have been prevalent for […] | Data Breach Malware | ★★★ | |
|
2023-03-09 02:26:12 | Suspected Chinese cyber spies target unpatched SonicWall devices (lien direct) | They've been lurking in networks since at least 2021 Suspected Chinese cyber criminals have zeroed in on unpatched SonicWall gateways and are infecting the devices with credential-stealing malware that persists through firmware upgrades, according to Mandiant.… | Malware | ★★★ | |
|
2023-03-09 00:00:00 | PlugX Malware Being Distributed via Vulnerability Exploitation (lien direct) | The ASEC (AhnLab Security Emergency response Center) has recently discovered the installation of the PlugX malware through the Chinese remote control programs Sunlogin and Awesun’s remote code execution vulnerability. Sunlogin’s remote code execution vulnerability (CNVD-2022-10270 / CNVD-2022-03672) is still being used for attacks even now ever since its exploit code was disclosed. The team previously made a post about how Sliver C2, XMRig CoinMiner, and Gh0st RAT were being distributed through the Sunlogin RCE vulnerability. Additionally, since Gh0st RAT was... | Malware Vulnerability | ★★★ | |
|
2023-03-08 23:30:00 | CHM Malware Disguised as Security Email from a Korean Financial Company: Redeyes (Scarcruft) (lien direct) | The ASEC (AhnLab Security Emergency response Center) analysis team has discovered that the CHM malware, which is assumed to have been created by the RedEyes threat group (also known as APT37, ScarCruft), is being distributed to Korean users. The team has confirmed that the command used in the “2.3. Persistence” stage of the RedEyes group’s M2RAT malware attack, which was reported back in February, has the same format as the command used in this attack. This information, as well as... | Threat Malware Cloud | APT 37 | ★★ |
|
2023-03-08 20:14:00 | 40% of Global ICS Systems Attacked With Malware in 2022 (lien direct) | Led by growth in Russia, more than 40% of global ICS systems faced malicious activity in the second half of 2022. | Malware | ★★ | |
|
2023-03-08 16:50:40 | AI-Powered \'BlackMamba\' Keylogging Attack Evades Modern EDR Security (lien direct) | Researchers warn that polymorphic malware created with ChatGPT and other LLMs will force a reinvention of security automation. | Malware | ChatGPT ChatGPT | ★★ |
|
2023-03-08 13:47:29 | \'Sys01 Stealer\' Malware Targeting Government Employees (lien direct) | The Sys01 Stealer has been observed targeting the Facebook accounts of critical government infrastructure employees. | Malware | ★★ | |
 |
2023-03-08 13:00:00 | La campagne chinoise suspectée de persister sur les appareils Sonicwall, souligne l'importance de surveiller les appareils Edge Suspected Chinese Campaign to Persist on SonicWall Devices, Highlights Importance of Monitoring Edge Devices (lien direct) |
mandiant, travaillant en partenariat avec l'équipe de sécurité et d'intervention des incidents de sonicwall (PSIRT), a identifié une campagne chinoise suspectée qui implique de maintenir la persistance à long termeEn exécutant des logiciels malveillants sur un appareil non corrigé sur l'accès mobile sécurisé (SMA).Le logiciel malveillant a des fonctionnalités pour voler des informations d'identification des utilisateurs, fournir un accès aux coquilles et persister grâce à des mises à niveau du micrologiciel.Mandiant suit actuellement cet acteur comme unc4540.
malware
L'analyse d'un périphérique compromis a révélé une collection de fichiers qui donnent à l'attaquant un accès très privilégié et disponible au
Mandiant, working in partnership with SonicWall Product Security and Incident Response Team (PSIRT), has identified a suspected Chinese campaign that involves maintaining long term persistence by running malware on an unpatched SonicWall Secure Mobile Access (SMA) appliance. The malware has functionality to steal user credentials, provide shell access, and persist through firmware upgrades. Mandiant currently tracks this actor as UNC4540. Malware Analysis of a compromised device revealed a collection of files that give the attacker a highly privileged and available access to the |
Malware | ★★★ | |
 |
2023-03-08 11:59:13 | Thank you and goodbye to the Chrome Cleanup Tool (lien direct) | Posted by Jasika Bawa, Chrome Security Team Starting in Chrome 111 we will begin to turn down the Chrome Cleanup Tool, an application distributed to Chrome users on Windows to help find and remove unwanted software (UwS). Origin story The Chrome Cleanup Tool was introduced in 2015 to help users recover from unexpected settings changes, and to detect and remove unwanted software. To date, it has performed more than 80 million cleanups, helping to pave the way for a cleaner, safer web. A changing landscape In recent years, several factors have led us to reevaluate the need for this application to keep Chrome users on Windows safe. First, the user perspective – Chrome user complaints about UwS have continued to fall over the years, averaging out to around 3% of total complaints in the past year. Commensurate with this, we have observed a steady decline in UwS findings on users' machines. For example, last month just 0.06% of Chrome Cleanup Tool scans run by users detected known UwS. Next, several positive changes in the platform ecosystem have contributed to a more proactive safety stance than a reactive one. For example, Google Safe Browsing as well as antivirus software both block file-based UwS more effectively now, which was originally the goal of the Chrome Cleanup Tool. Where file-based UwS migrated over to extensions, our substantial investments in the Chrome Web Store review process have helped catch malicious extensions that violate the Chrome Web Store's policies. Finally, we've observed changing trends in the malware space with techniques such as Cookie Theft on the rise – as such, we've doubled down on defenses against such malware via a variety of improvements including hardened authentication workflows and advanced heuristics for blocking phishing and social engineering emails, malware landing pages, and downloads. What to expect Starting in Chrome 111, users will no longer be able to request a Chrome Cleanup Tool scan through Safety Check or leverage the "Reset settings and cleanup" option offered in chrome://settings on Windows. Chrome will also remove the component that periodically scans Windows machines and prompts users for cleanup should it find anything suspicious. Even without the Chrome Cleanup Tool, users are automatically protected by Safe Browsing in Chrome. Users also have the option to turn on Enhanced protection by navigating to chrome://settings/security – this mode substantially increases protection from dangerous websites and downloads by sharing real-time data with Safe Browsing. While we'll miss the Chrome Cleanup Tool, we wanted to take this opportunity to acknowledge its role in combating UwS for the past 8 years. We'll continue to monitor user feedback and trends in the malware ecosystem, and when adversaries adapt their techniques again – which they will – we'll be at the ready. As always, please feel free to send us feedback or find us on Twitter @googlechrome. | Malware Tool | ★★★ | |
|
2023-03-08 11:11:14 | BlackLotus Malware Hijacks Windows Secure Boot Process (lien direct) | Researchers have discovered malware that “can hijack a computer's boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows.” Dubbed BlackLotus, the malware is what’s known as a UEFI bootkit. These sophisticated pieces of malware target the UEFI—short for Unified Extensible Firmware Interface—the low-level and complex chain of firmware responsible for booting up virtually every modern computer. As the mechanism that bridges a PC's device firmware with its operating system, the UEFI is an OS in its own right. It’s located in an ... | Malware | ★★ | |
|
2023-03-08 10:49:55 | Global Consumer Survey Reveals British Consumers\' Have High Expectations of Mobile App Security (lien direct) | Global Consumer Survey Reveals British Consumers' Have High Expectations of Mobile App Security The majority of British consumers said protecting them against security, fraud and malware threats is “just as important as (equal to) new features in an app.” - Special Reports | Malware | ★★ | |
 |
2023-03-08 07:41:00 | Old Cyber Gang Uses New Crypter – ScrubCrypt (lien direct) | FortiGuard Labs elaborates on the details of ScrubCrypt malware that obfuscates and encrypts applications and makes them able to dodge to security programs. Read more. | Malware | ★★ | |
|
2023-03-08 02:35:18 | ASEC Weekly Malware Statistics (February 27th, 2023 – March 5th, 2023) (lien direct) | The ASEC (AhnLab Security response Center) uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from February 27th, 2023 (Monday) to March 5th, 2023 (Sunday). For the main category, backdoor ranked top with 51.4%, followed by Infostealer with 31.2%, downloader with 16.5%, and ransomware with 0.9%. Top 1 – RedLine RedLine ranked first place with 41.0%. The malware steals various information such as web browsers, FTP clients, cryptocurrency... | Ransomware Malware | ★★ | |
|
2023-03-08 00:01:13 | These DrayTek routers are under actual attack – and there\'s no patch (lien direct) | Workaround: Throw away kit? If you're still running post-support DrayTek Vigor routers it may be time to junk them, or come up with some other workaround, as a cunning malware variant is setting up shop in the kit.… | Malware | ★★ | |
|
2023-03-07 20:40:24 | Hiatus Campaign Infects DrayTek Gear for Cyber Espionage, Proxy Control (lien direct) | Two novel malware binaries, including "HiatusRAT," offer unique capabilities that point to the need for better security for companies' router infrastructure. | Malware | ★★ | |
|
2023-03-07 17:49:02 | New malware variant has “radio silence” mode to evade detection (lien direct) | The Sharp Panda cyber-espionage hacking group was observed targeting high-profile government entities in Vietnam, Thailand, and Indonesia, using a new version of the 'Soul' malware framework. [...] | Malware | ★★ |
To see everything:
Our RSS (filtrered)
