Sunburst backdoor shares features with Russian APT malware

Posted by & filed under Security News.

Kaspersky researchers found that the Sunburst backdoor, the malware deployed during the SolarWinds supply-chain attack, shows feature overlaps with Kazuar, a .NET backdoor tentatively linked to the Russian Turla hacking group. Turla (aka VENOMOUS BEAR and Waterbug) has been coordinating information theft and espionage campaigns as far back as 1996 and is the main suspect behind attacks targeting the Pentagon and NASA, the U.S…. Read more »

APT Hackers Exploit Autodesk 3ds Max Software for Industrial Espionage

Posted by & filed under Ειδοποιήσεις.

It’s one thing for APT groups to conduct cyber espionage to meet their own financial objectives. But it’s an entirely different matter when they are used as “hackers for hire” by competing private companies to make away with confidential information. Bitdefender’s Cyber Threat Intelligence Lab discovered yet another instance of an espionage attack targeting an… Read more »

Transparent Tribe Mounts Ongoing Spy Campaign on Military, Government

Posted by & filed under Ειδοποιήσεις.

The group has added a management console and a USB worming function to its main malware, Crimson RAT. The APT group Transparent Tribe is mounting an ongoing cyber-espionage campaign, researchers said, which is aimed at military and diplomatic targets around the world. The effort features a worm that can propagate from machine to machine while… Read more »

GoldenSpy backdoor installed by tax software gets remotely removed

Posted by & filed under Ειδοποιήσεις.

As soon as security researchers uncovered the activity of GoldenSpy backdoor, the actor behind it fell back and delivered an uninstall tool to remove all traces of the malware. GoldenSpy stayed hidden in software called Intelligent Tax, from Aisino Corporation, that a Chinese bank required its company customers to install for paying local taxes. Double… Read more »

HTTP Status Codes Command This Malware How to Control Hacked Systems

Posted by & filed under Ειδοποιήσεις.

A new version of COMpfun remote access trojan (RAT) has been discovered in the wild that uses HTTP status codes to control compromised systems targeted in a recent campaign against diplomatic entities in Europe. The cyberespionage malware—traced to Turla APT with “medium-to-low level of confidence” based on the history of compromised victims—spread via an initial… Read more »