Author: Admin
November 25, 2024Ravi LakshmananMalware / Windows Security Cybersecurity researchers have discovered a new malicious campaign that uses a technique called Bring Your Own Vulnerable Driver (BEUD) to remove the protection and eventually gain access to the infected system. “This malware takes a more sinister path: it removes the legitimate Avast Anti-Rootkit driver (aswArPot.sys) and manipulates it to execute its destructive program,” Trellix Security Researcher Trishaan Kalra said in an analysis published last week. “The malware uses the deep access provided by the driver to stop security processes, disable security software, and seize control of the infected system.” The starting point…
November 23, 2024Ravi LakshmananArtificial Intelligence / Cryptocurrency A North Korean-linked individual known as Sapphire Slit is estimated to have stolen more than $10 million worth of cryptocurrency in social engineering campaigns organized over a six-month period. These findings Microsoft said several threat clusters linked to the country were creating fake LinkedIn profiles posing as both recruiters and job seekers in order to generate illicit profits for the sanctioned country. Known to be active since at least 2020, Sapphire Sleet aligns with hacker groups tracked as APT38 and BlueNoroff. In November 2023 a technology giant revealed that the threat actor created…
November 23, 2024Ravi LakshmananCloud Security / Threat Intelligence Government agencies and non-governmental organizations in the United States have been targeted by a Chinese state threat known as Storm 2077. The adversary, which is believed to be active since at least January 2024, has also carried out cyber attacks against the Defense Industrial Base (DIB), aviation, telecommunications, and financial and legal services around the world, Microsoft said. The company added that the cluster of activity coincides with a group of threats that Recorded Future’s Insikt Group tracks as TEG-100. The cybersecurity firm noted back in July that the attack chains are…
November 22, 2024Ravi LakshmananCyber espionage / malware A Chinese-linked nation-state group called TAG-112 has compromised Tibetan media and university websites as part of a new cyberespionage campaign designed to facilitate the delivery of post-exploitation Cobalt Strike toolkits for later intelligence gathering. “The attackers embedded malicious JavaScript into these sites that falsified a TLS certificate error to force visitors to download a disguised security certificate,” Recorded Future’s Insikt Group said. “This malware, which is often used by threat actors for remote access and post-exploitation, highlights the continued focus of cyber espionage on Tibetan organizations.” The compromises were attributed to a state-sponsored…
November 22, 2024Ravi LakshmananCyber attack / malware A threat actor known as The mysterious elephant observed the use of an advanced version of the malware called Asynshell. The attack campaign is said to have used Hajj-themed decoys to trick victims into executing a malicious payload disguised as a Microsoft Compiled HTML Help (CHM) file, Knownsec 404 command said in an analysis published today. Mysterious Elephant, which is also known as APT-K-47, is a threat actor of South Asian origin that has been active since at least 2022, primarily against Pakistani organizations. The group’s tactics and tools were found to share…
November 22, 2024Ravi LakshmananCyber espionage / malware Threat actors linked to Russia have been linked to a cyber espionage campaign targeting organizations in Central Asia, East Asia and Europe. Insikt Group Recorded Future, which named the cluster of activity as TAG-110, said it matched a threat group tracked by Ukraine’s Emergency Response Team (CERT-UA) as UAC-0063, which in turn matched APT28. The hacking team has been active since at least 2021. “Using the custom tools of the HATVIBE and CHERRYSPY malware, TAG-110 primarily attacks government organizations, human rights groups, and educational institutions,” the cybersecurity firm reported. said in a report…
Meta Platforms, Microsoft and the US Department of Justice (DoJ) have announced independent actions to combat cybercrime and shut down services that enable scams, fraud and phishing attacks. This was announced by Microsoft’s Digital Crime Unit (DCU). 240 fraudulent websites were seized linked to an Egyptian cybercrime facilitator named Abanoub Nadi (aka MRxC0DER and mrxc0derii) who advertised a phishing kit called ONNX. Nadia’s criminal operation was launched back in 2017. “Many cybercriminals and online threat actors have purchased these kits and used them in widespread phishing campaigns to bypass additional security measures and compromise Microsoft customer accounts,” said Steven Masada…
November 22, 2024Ravi LakshmananArtificial Intelligence / Malware Cybersecurity researchers discovered two malicious packages uploaded to the Python Package Index (PyPI) repository that mimicked popular artificial intelligence (AI) models such as OpenAI ChatGPT and Anthropic Claude to deliver an information stealer called JarkaStealer. Packages, no gptplus and claudeai-engwere uploaded by a user named “Xeraline” in November 2023, attracting 1748 and 1826 downloads respectively. Both libraries are no longer available for download from PyPI. “The malicious packages were uploaded to the repository by the same author and essentially differed from each other only in name and description,” – Kaspersky said in the…
November 21, 2024Ravi LakshmananCyber espionage / malware A Chinese Advanced Persistent Threat (APT) actor known as Gelsemium A new Linux backdoor called WolfsBane has been spotted being used in cyberattacks likely targeting East and Southeast Asia. That’s it findings from cybersecurity firm ESET based on multiple Linux samples uploaded to the VirusTotal platform from Taiwan, the Philippines, and Singapore in March 2023. WolfsBane was rated as a Linux version of the threat Gelsevirin backdoor, a Windows malware that was first introduced back in 2014. The company also discovered another previously undocumented implant called FireWood, which is linked to another malware…
November 21, 2024Ravi LakshmananVulnerability / Cyber attack As many as 2,000 Palo Alto Networks devices is evaluated was compromised as part of a campaign to exploit recently discovered security flaws that were widely exploited in the wild. According to statistics In association with the Shadowserver Foundation, the majority of infections were reported in the US (554) and India (461), followed by Thailand (80), Mexico (48), Indonesia (43), Turkey (41), the United Kingdom (39), Peru ( 36) and South Africa (35). Earlier this week Censys revealed that it identified 13,324 open next-generation firewall (NGFW) management interfaces, of which 34% are in…