Chinese security firm Qihoo 360 Netlab said it partnered with tech giant Baidu to disrupt a malware botnet infecting over hundreds of thousands of systems.
The botnet was traced back to a group it calls ShuangQiang (also called Double Gun), which has been behind several attacks since 2017 aimed at compromising Windows computers with MBR and VBR bootkits, and installing malicious drivers for financial gain and hijack web traffic to e-commerce sites.
Read more »
Cybersecurity researchers shed light on an Iranian cyber espionage campaign directed against critical infrastructures in Kuwait and Saudi Arabia.
Bitdefender said the intelligence-gathering operations were conducted by Chafer APT (also known as APT39 or Remix Kitten), a threat actor known for its attacks on telecommunication and travel industries in the Middle East to collect personal information that serves the country’s geopolitical interests.
“Victims of the analyzed campaigns fit into the pattern preferred by this actor, such as air transport and government sectors in the Middle East,” the researchers said in a report (PDF), adding at least one of the attacks went undiscovered for more than a year and a half since 2018.
“The campaigns were based on several tools, including ‘living off the land’ tools, which makes attribution difficult, as well as different hacking tools and a custom-built backdoor.”
Read more »
ESET security researchers have discovered a new version of the ComRAT backdoor controlled using the Gmail web interface and used by the state-backed Russian hacker group Turla for harvesting and stealing in attacks against governmental institutions.
Using Gmail for command-and-control purposes fits right in with other exploits of the Russian-speaking Turla group (also tracked as Waterbug, Snake, or VENOMOUS BEAR) seeing that they are known for using unorthodox methods of achieving their cyber-espionage goals.
In the past, they’ve developed backdoor trojans with their own APIs designed to reverse communication flows, used comments on Britney Spears Instagram photos to control malware, sent PDF email attachments with commands to control servers infected with their Outlook backdoor, and hijacked the infrastructure and malware of Iranian-sponsored OilRig to use in their own campaigns.
Read more »
Οι εκστρατείες Phishing εξακολουθούν να χρησιμοποιούν την πανδημία COVID-19 ώστε να ενθαρρύνουν πιθανά θύματα να ακολουθήσουν κακόβουλους συνδέσμους. Σκοπός τους, η υποκλοπή των διαπιστευτηρίων του χρήστη (username/password) επιτρέποντάς τους να αποκτήσουν πρόσβαση σε λογαριασμούς και δίκτυα που ανήκουν σε άτομα ή/και επιχειρήσεις.
Φαίνεται ότι, οι κακόβουλοι χρήστες έχουν επικεντρωθεί στην προσπάθεια απόσπασης εμπιστευτικών πληροφοριών σχετικά με τον ιό COVID-19, όπως π.χ. λεπτομέρειες σχετικά με τον τρόπο αντίδρασης διαφόρων κυβερνήσεων όσον αφορά την πανδημία ή όσον αφορά την έρευνα για το εμβόλιο και τις θεραπείες.
Σημειωτέων ότι, το Phishing μέσω SMS (αλλιώς Smishing) παραμένει απειλή, γι’ αυτό και προτείνετε η προσοχή σε ότι παραλαμβάνετε στις προσωπικές ή υπηρεσιακές σας συσκευές.
Phishing campaigns continue to use COVID-19 as a theme to find potential victims. Their main goal is to steal user credentials and gain access to accounts and networks owned by individuals and/or businesses.
It seems that malicious actors have their focus on trying to extract confidential information related to COVID-19 virus, information like, how various governments react to the pandemic and their research on a vaccine and possible treatments.
Phishing via SMS (aka Smishing) remains a threat, it is recommended to be careful on how you treat items you receive on your personal or work devices.
Maze ransomware operators have published credit card data stolen from the Bank of Costa Rica (BCR). They threaten to leak similar files every week.
The hackers are doing this in support of their claim to have breached BCR in the past and the bank’s denial of these intrusions.
Valid numbers inside
In a post on their “leak” site this week, Maze operators shared a 2GB spreadsheet with payment card numbers from customers of Banco de Costa Rica.
The attackers say that they released the data because they are not looking to make any profit off it. Instead, they want to draw attention to the bank’s security lapses when it comes to protecting sensitive information. Read more »