2007, Hacking and Malware - Cyber Security Informer

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Krebs on Security

AUGUST 29, 2023

government today announced a coordinated crackdown against QakBot , a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. Emerging in 2007 as a banking trojan, QakBot (a.k.a. Qakbot/Qbot was once again the top malware loader observed in the wild in the first six months of 2023.

Hacking

Hacking Malware Ransomware Government

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware. WHO IS MEGATRAFFER?

Malware

Malware Cybercrime Software Accountability

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

Krebs on Security

SEPTEMBER 17, 2020

Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies. The government alleges the men used malware-laced phishing emails and “supply chain” attacks to steal data from companies and their customers. Image: FBI.

Antivirus

Antivirus Hacking Software Government

Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever

Security Affairs

FEBRUARY 22, 2025

The Bybit hack is the largest cryptocurrency heist ever, surpassing previous ones like Ronin Network ($625M), Poly Network ($611M), and BNB Bridge ($566M). Bybit is Solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss. billion to an unidentified address.

Cryptocurrency

Cryptocurrency Hacking Banking Cybersecurity

The Mask APT is back after 10 years of silence

Security Affairs

DECEMBER 18, 2024

The Mask APT has been active since at least 2007, it demonstrated the capability to use complex implants, often delivered through zero-day exploits. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,APT) . ” concludes the report.

Cyber Attacks

Cyber Attacks Hacking Government Malware

APT28 targets key networks in Europe with HeadLace malware

Security Affairs

JUNE 3, 2024

Russia-linked APT28 used the HeadLace malware and credential-harvesting web pages in attacks against networks across Europe. The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide.

Malware

Malware Phishing Surveillance Internet

FBI and NSA joint report details APT28’s Linux malware Drovorub

Security Affairs

AUGUST 13, 2020

The FBI and NSA issue joint alert related to new Linux malware dubbed Drovorub that has been used by the Russia-linked APT28 group. The FBI and NSA have published a joint security alert containing technical details about a new piece of Linux malware, tracked as Drovorub , allegedly employed by Russia-linked the APT28 group.

Malware

Malware Advertising IoT Government

Russia-linked APT Turla used a new malware toolset named Crutch

Security Affairs

DECEMBER 2, 2020

Russian-linked cyberespionage group Turla employed a new malware toolset, named Crutch, in targeted attacks aimed at high-profile targets. The Crutch framework was employed in attacks since 2015 to siphon sensitive data and transfer them to Dropbox accounts controlled by the Russian hacking group. SecurityAffairs – hacking, Crutch).

Malware

Malware Accountability Hacking Government

Russia-Linked Turla APT uses new malware in watering hole attacks

Security Affairs

MARCH 13, 2020

The Russia-linked APT group Turla employed two new pieces of malware in attacks launched over a period of roughly two months in the fall of 2019. The Russia-linked APT group Turla employed two new pieces of malware in attacks launched over a period of roughly two months in the fall of 2019. Kill (uninstall) the malware. .

Malware

Malware Social Engineering Advertising Government

AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

Security Affairs

JUNE 19, 2020

New AcidBox Malware employed in targeted attacks leverages an exploit previously associated with the Russian-linked Turla APT group. Palo Alto Networks researchers analyzed a new malware, dubbed AcidBox, that was employed in targeted attacks and that leverages an exploit previously associated with the Russian-linked Turla APT group.

Malware

Malware Advertising InfoSec Hacking

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Security Affairs

DECEMBER 10, 2020

Russia-link cyberespionage APT28 leverages COVID-19 as phishing lures to deliver the Go version of their Zebrocy (or Zekapab) malware. Russia-linked APT28 is leveraging COVID-19 as phishing lures in a new wave of attacks aimed at distributing the Go version of their Zebrocy (or Zekapab) malware. SecurityAffairs – hacking, Zebrocy).

Malware

Malware Phishing Government Data collection

Russian APT Turla?s COMpfun malware uses HTTP status codes to receive commands

Security Affairs

MAY 15, 2020

Russia-linked cyberespionage group Turla targets diplomatic entities in Europe with a new piece of malware tracked as COMpfun. Security experts from Kaspersky Lab have uncovered a new cyberespionage campaign carried out by Russia-linked APT Turla that employs a new version of the COMpfun malware. SecurityAffairs – Turla, malware).

Malware

Malware Advertising Government Hacking

Lazarus APT continues to target cryptocurrency businesses with Mac malware

Security Affairs

MARCH 28, 2019

The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts that investigated on the crew consider it highly sophisticated. The group is considered responsible for the massive WannaCry ransomware attack, a string of SWIFT attacks in 2016, and the Sony Pictures hack.

Cryptocurrency

Cryptocurrency Malware Advertising Antivirus

Symantec shared details of North Korean Lazarus’s FastCash Trojan used to hack banks

Security Affairs

NOVEMBER 10, 2018

Security experts from Symantec have discovered a malware, tracked as FastCash Trojan , that was used by the Lazarus APT Group , in a string of attacks against ATMs. The ATP group has been using this malware at least since 2016 to siphon millions of dollars from ATMs of small and midsize banks in Asia and Africa.

Banking

Banking Hacking Malware Advertising

Colombian authorities arrested hacker behind the Gozi Virus

Security Affairs

JUNE 30, 2021

for his key role in the distribution of the Gozi virus that infected more than a million computers from 2007 to 2012. The Gozi banking Trojan is not a new threat, it was first spotted by security researchers in 2007. SecurityAffairs – hacking, Gozi ). Paunescu was arrested in Romania in 2012, but was able to avoid extradition.

Banking

Banking Malware Hacking Information Security

Canadian Police Raid ‘Orcus RAT’ Author

Krebs on Security

APRIL 2, 2019

Canadian police last week raided the residence of a Toronto software developer behind “ Orcus RAT ,” a product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. An advertisement for Orcus RAT. According to Rezvesz himself, he is no stranger to the Canadian legal system.

Advertising

Advertising Malware Software Marketing

Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp?

Security Affairs

FEBRUARY 23, 2022

The code of the recently-emerged Entropy ransomware has similarities with the one of the infamous Dridex malware. The recently-emerged Entropy ransomware has code similarities with the popular Dridex malware. SecurityAffairs – hacking, Dridex). The post Sophos linked Entropy ransomware to Dridex malware.

Ransomware

Ransomware Malware Cybercrime Banking

US Cyber Command details implants used in attacks on parliaments and embassies

Security Affairs

OCTOBER 29, 2020

US Cyber Command published technical details on malware implants used by Russia-linked APTs on multiple parliaments, embassies. US Cyber Command shared technical details about malware implants employed by Russian hacking groups in attacks against multiple ministries of foreign affairs, national parliaments, and embassies.

Malware

Malware Advertising Hacking Government

Lazarus malware delivered to South Korean users via supply chain attacks

Security Affairs

NOVEMBER 16, 2020

The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Malware

Malware Software Cryptocurrency Financial Services

Russia-linked Turla APT hacked European government organization

Security Affairs

OCTOBER 29, 2020

Russia-linked APT Turla has hacked into the systems of an undisclosed European government organization according to Accenture. According to a report published by Accenture Cyber Threat Intelligence (ACTI), Russia-linked cyber-espionage group Turla has hacked into the systems of an undisclosed European government organization.

Government

Government Hacking Advertising Encryption

Dacls RAT, the first Lazarus malware that targets Linux devices

Security Affairs

DECEMBER 17, 2019

The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. The group is considered responsible for the massive WannaCry ransomware attack, a string of SWIFT attacks in 2016, and the Sony Pictures hack. Pierluigi Paganini.

Malware

Malware Advertising Encryption Hacking

North Korea-linked APT group BeagleBoyz targets banks

Security Affairs

AUGUST 29, 2020

The BeagleBoyz APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Banking

Banking Malware Advertising Hacking

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Security Affairs

JUNE 21, 2023

Russia-linked APT28 group hacked into Roundcube email servers belonging to multiple Ukrainian organizations. The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide.

Hacking

Hacking Government Phishing Malware

Long-existing Bandook RAT targets Windows machines

Security Affairs

JANUARY 8, 2024

Bandook has been active since 2007, it has been continuously developed since then and was employed in several campaigns by different threat actors. Upon extracting the malware from the archive, the malicious code injects its payload into msinfo32.exe. “A large number of commands for C2 communication can be found in this malware.

Malware

Malware Phishing Passwords Hacking

Evil Corp rebrands their ransomware, this time is the Macaw Locker

Security Affairs

OCTOBER 21, 2021

The malware drops ransom notes ( macaw_recover.txt ) in each folder, the ransom note includes the link to a unique victim negotiation page. The Evil Corp cybercrime group (aka the Dridex gang Indrik Spider , the Dridex gang, and TA505 ) has been active in cybercrime activities since 2007. SecurityAffairs – hacking, Macaw Locker).

Ransomware

Ransomware Cybercrime Banking Encryption

North Korea-linked Lazarus APT targets the COVID-19 research

Security Affairs

DECEMBER 25, 2020

The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Cryptocurrency

Cryptocurrency Malware Hacking Phishing

Nation-state actors are exploiting CVE-2020-0688 Microsoft Exchange server flaw

Security Affairs

MARCH 9, 2020

Multiple state-sponsored hacking groups are attempting to exploit a vulnerability recently addressed in Microsoft Exchange email servers. A couple of weeks ago, the popular security researcher Kevin Beaumont reported mass scanning for the CVE-2020-0688 (Microsoft Exchange 2007+ RCE vulnerability). Pierluigi Paganini.

Authentication

Authentication Advertising Hacking Malware

Grief ransomware gang hit US National Rifle Association (NRA)

Security Affairs

OCTOBER 27, 2021

Grief ransomware operators announced to have hacked US National Rifle Association (NRA) and threaten to leak the stolen data. The NRA was added to the list of compromised organizations on the leak site of the group, that gang also published a set of documents as proof of the hack. SecurityAffairs – hacking, NRA).

Ransomware

Ransomware Banking Cybercrime Hacking

China-linked Winnti APT targets South Korean Gaming firm

Security Affairs

APRIL 22, 2020

The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. ” The malware sample employed in the attack resembled a Winnti dropper previously analyzed by ESET researcher that was submitted to a public online malware scanning service. Pierluigi Paganini.

DNS

DNS Malware Advertising Software

North Korea-linked Lazarus APT targets the IT supply chain

Security Affairs

OCTOBER 27, 2021

The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Malware

Malware System Administration Hacking Media

Connecting the dots between SolarWinds and Russia-linked Turla APT

Security Affairs

JANUARY 11, 2021

Security experts from Kaspersky have identified multiple similarities between the Sunburst malware used in the SolarWinds supply chain attack and the Kazuar backdoor that has been employed in cyber espionage campaigns conducted by Russia-linked APT group Turla. SecurityAffairs – hacking, Turla). ” continues the report.

Malware

Malware Hacking Government Information Security

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported. The activity of the Zinc APT group, aka Lazarus , surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Malware

Malware Phishing Antivirus Hacking

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

Security Affairs

NOVEMBER 15, 2021

IDA Pro is widely used by malware researchers to translate machine-executable code into assembly language source code for purpose of debugging and reverse engineering. . The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. Win64/NukeSped.JS : devguardmap[.]org

Cybersecurity

Cybersecurity Engineering Software Malware

From Cybercrime Saul Goodman to the Russian GRU

Krebs on Security

FEBRUARY 7, 2024

In 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. The forum’s member roster includes a Who’s Who of top Russian cybercriminals, and it featured sub-forums for a wide range of cybercrime specialities, including malware, spam, coding and identity theft. One representation of the leaked Mazafaka database.

Cybercrime

Cybercrime Accountability Identity Theft Hacking

Winnti uses a new PipeMon backdoor in attacks aimed at the gaming industry

Security Affairs

MAY 22, 2020

The Winnti hacking group continues to target gaming industry, recently it used a new malware named PipeMon and a new method to achieve persistence. Winnti hacking group is using a new malware dubbed PipeMon and a novel method to achieve persistence in attacks aimed at video game companies. ” concludes ESET.

Malware

Malware Hacking Advertising Architecture

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

The APT28 group (aka Forest Blizzard , Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Government

Government Education Phishing Malware

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

Winnti (aka APT41 , Axiom, Barium , Blackfly) is a cyberespionage group that has been active since at least 2007. Symantec observed the attackers deploying a custom malware called Spyder Loader on the target networks. exe for the execution of the malware loader. SecurityAffairs – hacking, APT41). Pierluigi Paganini.

Malware

Malware Encryption Manufacturing Hacking

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Security Affairs

DECEMBER 6, 2020

Kopter Group is Switzerland-based company that was founded in 2007 that was acquired by Leonardo in April 2020. SecurityAffairs – hacking, ransomware). The helicopter maker Kopter was hit by LockBit ransomware, the attackers compromised its internal network and encrypted the company’s files. ” reported ZDNet.

Ransomware

Ransomware VPN Encryption Passwords

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Security Affairs

FEBRUARY 25, 2021

“Once the malicious document is opened, the malware is dropped and proceeds to the next stage of the deployment process. The ThreatNeedle malware used in this campaign belongs to a malware family known as Manuscrypt, which belongs to the Lazarus group and has previously been seen attacking cryptocurrency businesses.”

Malware

Malware Cryptocurrency Password Management Encryption

Russian hacker Andrei Tyurin sentenced to 12 years in prison

Security Affairs

JANUARY 11, 2021

court on Thursday sentenced the Russian hacker Andrei Tyurin to 12 years in prison for his role in an international hacking campaign. The man was arrested in Georgia at the request of US authorities, he was charged with multiple conspiracy counts, including wire fraud, aggravated identity theft and four counts of computer hacking.

Hacking

Hacking Marketing Identity Theft Banking

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. “This report aims to shed light on some of Pawn Storm’s attacks that did not use malware in the initial stages.

Phishing

Phishing Accountability Advertising DNS

Operators behind Dark Caracal are still alive and operational

Security Affairs

NOVEMBER 29, 2020

. “During this past year, dozens of digitally signed variants of this once commodity malware started to reappear in the threat landscape, reigniting interest in this old malware family.” Experts observed several samples of the malware that were digitally signed with valid certificates issued by Certum.

Energy and Utilities

Energy and Utilities Malware Government Healthcare

Boyne Resorts ski and golf resort operator hit with WastedLocker ransomware

Security Affairs

OCTOBER 24, 2020

Researchers from the NCC Group’s report and later Symantec confirmed that malware was developed by the Russian cybercrime crew known as Evil Corp , which was behind the Dridex Trojan , and multiple ransomware like Locky , Bart, Jaff , and BitPaymer. This group has been active since at least 2007, in December 2019, the U.S.

Ransomware

Ransomware Telecommunications Banking Advertising

North Korean Lazarus APT stole credit card data from US and EU stores

Security Affairs

JULY 6, 2020

The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts that investigated on the crew consider it highly sophisticated. SecurityAffairs – hacking, Lazarus APT). Researchers provided details for each of the campaigns they have analyzed. Pierluigi Paganini.

Retail

Retail Advertising Malware Hacking

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Trending Sources

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever

The Mask APT is back after 10 years of silence

APT28 targets key networks in Europe with HeadLace malware

FBI and NSA joint report details APT28’s Linux malware Drovorub

Russia-linked APT Turla used a new malware toolset named Crutch

Russia-Linked Turla APT uses new malware in watering hole attacks

AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Russian APT Turla?s COMpfun malware uses HTTP status codes to receive commands

Lazarus APT continues to target cryptocurrency businesses with Mac malware

Symantec shared details of North Korean Lazarus’s FastCash Trojan used to hack banks

Colombian authorities arrested hacker behind the Gozi Virus

Canadian Police Raid ‘Orcus RAT’ Author

Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp?

US Cyber Command details implants used in attacks on parliaments and embassies

Lazarus malware delivered to South Korean users via supply chain attacks

Russia-linked Turla APT hacked European government organization

Dacls RAT, the first Lazarus malware that targets Linux devices

North Korea-linked APT group BeagleBoyz targets banks

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Long-existing Bandook RAT targets Windows machines

Evil Corp rebrands their ransomware, this time is the Macaw Locker

North Korea-linked Lazarus APT targets the COVID-19 research

Nation-state actors are exploiting CVE-2020-0688 Microsoft Exchange server flaw

Grief ransomware gang hit US National Rifle Association (NRA)

China-linked Winnti APT targets South Korean Gaming firm

North Korea-linked Lazarus APT targets the IT supply chain

Connecting the dots between SolarWinds and Russia-linked Turla APT

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

From Cybercrime Saul Goodman to the Russian GRU

Winnti uses a new PipeMon backdoor in attacks aimed at the gaming industry

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

China-linked APT41 group targets Hong Kong with Spyder Loader

LockBit Ransomware operators hit Swiss helicopter maker Kopter

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Russian hacker Andrei Tyurin sentenced to 12 years in prison

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Operators behind Dark Caracal are still alive and operational

Boyne Resorts ski and golf resort operator hit with WastedLocker ransomware

North Korean Lazarus APT stole credit card data from US and EU stores

Stay Connected