2007, Hacking and Phishing - Cyber Security Informer

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Krebs on Security

AUGUST 29, 2023

Emerging in 2007 as a banking trojan, QakBot (a.k.a. QakBot is most commonly delivered via email phishing lures disguised as something legitimate and time-sensitive, such as invoices or work orders. ” The DOJ said it also recovered more than 6.5

Hacking

Hacking Malware Ransomware Government

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

Krebs on Security

SEPTEMBER 17, 2020

Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies. The government alleges the men used malware-laced phishing emails and “supply chain” attacks to steal data from companies and their customers. Image: FBI.

Antivirus

Antivirus Hacking Software Government

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Security Affairs

JUNE 21, 2023

Russia-linked APT28 group hacked into Roundcube email servers belonging to multiple Ukrainian organizations. The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide.

Hacking

Hacking Government Phishing Malware

APT28 targets key networks in Europe with HeadLace malware

Security Affairs

JUNE 3, 2024

The experts observed the APT deploying Headlace in three distinct phases from April to December 2023, respectively, using phishing, compromised internet services, and living off the land binaries. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Russia)

Malware

Malware Phishing Surveillance Internet

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. SecurityAffairs – APT28, hacking). ” reads the report published by Trend Micro. Pierluigi Paganini.

Phishing

Phishing Accountability Advertising DNS

Long-existing Bandook RAT targets Windows machines

Security Affairs

JANUARY 8, 2024

Reseachers from Fortinet observed a new variant of a remote access trojan dubbed Bandook that has been used in phishing attacks against Windows users. Bandook has been active since 2007, it has been continuously developed since then and was employed in several campaigns by different threat actors. 7z file. .

Malware

Malware Phishing Passwords Hacking

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

The APT28 group (aka Forest Blizzard , Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Government

Government Education Phishing Malware

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Security Affairs

DECEMBER 10, 2020

Russia-link cyberespionage APT28 leverages COVID-19 as phishing lures to deliver the Go version of their Zebrocy (or Zekapab) malware. Russia-linked APT28 is leveraging COVID-19 as phishing lures in a new wave of attacks aimed at distributing the Go version of their Zebrocy (or Zekapab) malware. SecurityAffairs – hacking, Zebrocy).

Malware

Malware Phishing Government Data collection

Google warns of APT28 attack attempts against 14,000 Gmail users

Security Affairs

OCTOBER 8, 2021

Google warned more than 14,000 Gmail users that they have been the target of nation-state spear-phishing campaigns. The researchers pointed out that the warning is related to hacking attempts and that not all the attacks have been successful, also thanks to the defense implemented by Google. SecurityAffairs – hacking, spear-phishing).

Phishing

Phishing Government Hacking Accountability

Financially motivated Earth Lusca threat actors targets organizations worldwide

Security Affairs

JANUARY 18, 2022

Trend Micro researchers spotted an elusive threat actor, called Earth Lusca, that targets organizations worldwide via spear-phishing and watering hole attacks. . The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. SecurityAffairs – hacking, Earth Lusca ).

Cryptocurrency

Cryptocurrency Media Social Engineering Phishing

Reddit Breach Highlights Limits of SMS-Based Authentication

Krebs on Security

AUGUST 1, 2018

Reddit said the exposed data included internal source code as well as email addresses and obfuscated passwords for all Reddit users who registered accounts on the site prior to May 2007. ” Reddit didn’t specify how the SMS code was stolen, although it did say the intruders did not hack Reddit employees’ phones directly. .

Authentication

Authentication Mobile Passwords Accountability

Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020

Security Affairs

OCTOBER 14, 2021

Google revealed to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers since January. Google announced to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers during 2021. SecurityAffairs – hacking, cyber security). Pierluigi Paganini.

Phishing

Phishing Hacking Government Malware

Hackers Sell Access to Bait-and-Switch Empire

Krebs on Security

MARCH 4, 2019

In an ironic twist, the marketing empire that owns the hacked online properties appears to be run by a Canadian man who’s been sued for fraud by the U.S. I also pinged several customer support email addresses tied to the data-broker Web sites that were hacked. at the victim in this hacking case.

Marketing

Marketing Passwords Hacking Advertising

QBOT – A HTML Smuggling technique to target victims

Quick Heal Antivirus

NOVEMBER 11, 2022

QBot, also known as Qakbot, QuackBot, and Pinkslipbot, is a Banking Trojan that was first observed in 2007. The post QBOT – A HTML Smuggling technique to target victims appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

Banking

Banking Phishing Cybercrime Ransomware

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported.

Malware

Malware Phishing Antivirus Hacking

North Korea-linked Lazarus APT targets the COVID-19 research

Security Affairs

DECEMBER 25, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. SecurityAffairs – hacking, North Korea). Both backdoors allow the operators to take full control over the infected systems.

Cryptocurrency

Cryptocurrency Malware Hacking Phishing

FBI and NSA joint report details APT28’s Linux malware Drovorub

Security Affairs

AUGUST 13, 2020

” The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks. Pierluigi Paganini.

Malware

Malware Advertising IoT Government

North Korean Lazarus APT stole credit card data from US and EU stores

Security Affairs

JULY 6, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. SecurityAffairs – hacking, Lazarus APT). ” concludes the researchers. Pierluigi Paganini.

Retail

Retail Advertising Malware Hacking

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

Security Affairs

OCTOBER 27, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. ” reads the report.

Government

Government Accountability Phishing Hacking

Top 8 Cybersecurity Podcasts of 2021

eSecurity Planet

APRIL 23, 2021

Since 2017, host Jack Rhysider has investigated some of the most noteworthy stories related to the darkside of the internet, specifically hacking, data breaches, and cybercrime. Through interviews and research, Ran connects the dots between the early days of cybercrime and today’s stories of data hacks and breaches.

Cybersecurity

Cybersecurity InfoSec Cybercrime Hacking

Microsoft disrupted APT28 attacks on Ukraine through a court order

Security Affairs

APRIL 8, 2022

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks. SecurityAffairs – hacking, APT28).

Government

Government Media Malware Hacking

Russian APT groups target European governments ahead of May Elections

Security Affairs

MARCH 22, 2019

The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. FireEye revealed that the two Russia-linked APT groups carried out spear-phishing attacks to trick victims into revealing government information and credentials.

Government

Government Advertising Media Phishing

Critical flaws in NextGen Gallery WordPress plugin still impact over 500K installs

Security Affairs

FEBRUARY 9, 2021

The developers behind the NextGen Gallery plugin have fixed two critical Cross-site request forgery (CSRF) vulnerabilities, their exploitation could lead to a site takeover, malicious redirects, spam injection, phishing, and other malicious activities. SecurityAffairs – hacking, WordPress). The plugin receives over 1.5

Social Engineering

Social Engineering Firewall Engineering Phishing

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Security Affairs

DECEMBER 1, 2020

In recent attacks, the kill chain starts with spear-phishing emails that were specially crafted for one specific recipient per target organization, a circumstance that suggests a deep knowledge of the targets that results from a prior reconnaissance. . SecurityAffairs – hacking, BISMUTH). ” continues the report.

Cryptocurrency

Cryptocurrency Antivirus Manufacturing Government

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Security Affairs

FEBRUARY 25, 2021

The attack chain starts with COVID19-themed spear-phishing messages that contain either a malicious Word attachment or a link to one hosted on company servers. . The group is considered responsible for the massive WannaCry ransomware attack, a string of SWIFT attacks in 2016, and the Sony Pictures hack. Pierluigi Paganini.

Malware

Malware Cryptocurrency Password Management Encryption

APT28 group return to covert intelligence gathering ops in Europe and South America.

Security Affairs

OCTOBER 7, 2018

The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The Earworm group carried out spear-phishing campaigns aimed at delivering the Trojan.Zekapab downloader and the Backdoor.Zekapab. Securi ty Affairs – APT28, hacking). Pierluigi Paganini.

Government

Government Advertising Hacking Malware

A new Fancy Bear backdoor used to target political targets

Security Affairs

SEPTEMBER 24, 2019

The Fancy Bear APT group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. ” The threat actors used phishing messages containing a malicious attachment that launches a long chain of downloaders , ending with a backdoor. SecurityAffairs – APT, hacking).

Advertising

Advertising Phishing Malware Hacking

How cybercrime is impacting SMBs in 2023

SecureList

JUNE 26, 2023

TOP 10 threats for SMBs, January-May 2022 ( download ) TOP 10 threats for SMBs, January-May 2023 ( download ) Cybercriminals attempt to deliver this and other malware and unwanted software to employees’ devices by using any means necessary, such as vulnerability exploitation, phishing e-mails and fake text messages.

Cybercrime

Cybercrime Phishing Banking Malware

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Security Affairs

DECEMBER 5, 2023

Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, APT28) The group was involved also in the string of attacks that targeted 2016 Presidential election.

Accountability

Accountability Government Phishing Passwords

North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection

Security Affairs

APRIL 20, 2021

BMP) image files in a recent spear-phishing campaign targeting entities in South Korea. . Experts from Malwarebytes have uncovered a spear-phishing attack conducted by a North Korea-linked Lazarus APT group that obfuscated a malicious code within a bitmap (.BMP) SecurityAffairs – hacking, Lazarus APT). BMP) image file.

Phishing

Phishing Hacking Cryptocurrency Malware

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Security Affairs

DECEMBER 7, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Government

Government Telecommunications Accountability Phishing

Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide

Security Affairs

OCTOBER 3, 2018

The US-CERT has released a joint technical alert from the DHS, the FBI, and the Treasury warning about a new ATM cash-out scheme, dubbed “ FASTCash ,” being used by the prolific North Korean APT hacking group known as Hidden Cobra (aka Lazarus Group and Guardians of Peace).

Banking

Banking Retail Advertising Malware

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

CERT-UA warns of a spear-phishing campaign conducted by APT28 group targeting Ukrainian government bodies with fake ‘Windows Update’ guides. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. The group was involved also in the string of attacks that targeted 2016 Presidential election.

System Administration

System Administration Government Phishing Malware

North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks

Security Affairs

JANUARY 27, 2022

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. SecurityAffairs – hacking, Lazarus APT). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Malware

Malware Hacking Phishing Ransomware

Lazarus malware delivered to South Korean users via supply chain attacks

Security Affairs

NOVEMBER 16, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. In August, F-Secure Labs experts observed a spear-phishing campaign targeting an organization in the cryptocurrency industry.

Malware

Malware Software Cryptocurrency Financial Services

Mandiant identifies 3 hacktivist groups working in support of Russia

Security Affairs

SEPTEMBER 27, 2022

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks. SecurityAffairs – hacking, Russia).

DDOS

DDOS Cyber threats Phishing Hacking

Domestic Kitten has been conducting surveillance targeting over 1,000 individuals

Security Affairs

FEBRUARY 8, 2021

The attack chain leverage multiple vectors Telegram channels, SMS messages containing a link to the malware, phishing messages, and watering hole attacks involving Iranian websites. SecurityAffairs – hacking, Domestic Kitten). The group used the Tonnerre and Foudre (Thunder & Lightning) tools to spy on Windows-based PCs. .

Surveillance

Surveillance Mobile Malware Cyber Attacks

China-linked APT41 group spotted using open-source red teaming tool GC2

Security Affairs

APRIL 17, 2023

The APT41 group, aka Winnti , Axiom, Barium , Blackfly, HOODOO) is a China-linked cyberespionage group that has been active since at least 2007. The attack took place in October 2022, threat actors sent phishing emails that contained links to a password-protected file hosted in Drive.

Media

Media Accountability Malware Government

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Malware

Malware Firmware Government Education

Russia-linked Sofacy APT developed a new ‘Go’ variant of Zebrocy tool

Security Affairs

DECEMBER 19, 2018

The Sofacy APT group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Attackers carried out a spear-phishing attack using messages with an LNK attachment that would run a series of PowerShell scripts to extract a payload.

Malware

Malware Advertising Data collection Phishing

The Life and Death of Passwords: Improving Security With Passwords and People

Duo's Security Blog

MARCH 28, 2023

Most of the attackers that you’ve seen usually start nowadays with a phishing attack. Company - “Oh, easily with one bad hack, you could get $30,000,000 or $20,000,000.” I’ve fallen for a phish. We need to get past this point where we think, “Oh, no one should ever fall for a phish.” See the video at the blog post.

Passwords

Passwords Social Engineering Phishing Technology

Is APT27 Abusing COVID-19 To Attack People ?!

Security Affairs

MARCH 19, 2020

Today, many reports are describing how infamous attackers are abusing such an emergency time to lure people by sending thematic email campaigns or by using thematic IM within Malware or Phishing links. It hijacks method on an old office 2007 component (Office Data Provider for – MSOSTYLE.exe). Stage 4 is decoded and run by Stage 3.

Computers and Electronics

Computers and Electronics Penetration Testing Malware Cyber Attacks

Threat Trends: Firewall

Cisco Security

OCTOBER 19, 2021

Phishing [ T1566 ]. CVE-2007-1036. Like ShellShock, the exploit for this vulnerability is present in many automated hacking tools. Techniques seen. (in in order of frequency). Initial Access. Exploit Public-Facing Application. Drive-by Compromise [ T1189 ]. Valid Accounts [ T1178 ]. Native API [ T1106 ]. CVE-2018-10562.

Firewall

Firewall Authentication DNS Accountability

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Security Affairs

MARCH 2, 2019

In February 2019, SI-LAB captured multiple samples of phishing campaigns using an Office Excel document carrying a malicious Excel 4.0 This threat has been closely observed by researchers from Proofpoint that discovered the RAT used since the beginning of 2016 in targeted phishing campaigns as well as massive, multi-million message campaigns.

Malware

Malware Antivirus Technology Phishing

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

Trending Sources

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

APT28 targets key networks in Europe with HeadLace malware

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Long-existing Bandook RAT targets Windows machines

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Google warns of APT28 attack attempts against 14,000 Gmail users

Financially motivated Earth Lusca threat actors targets organizations worldwide

Reddit Breach Highlights Limits of SMS-Based Authentication

Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020

Hackers Sell Access to Bait-and-Switch Empire

QBOT – A HTML Smuggling technique to target victims

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

North Korea-linked Lazarus APT targets the COVID-19 research

FBI and NSA joint report details APT28’s Linux malware Drovorub

North Korean Lazarus APT stole credit card data from US and EU stores

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

Top 8 Cybersecurity Podcasts of 2021

Microsoft disrupted APT28 attacks on Ukraine through a court order

Russian APT groups target European governments ahead of May Elections

Critical flaws in NextGen Gallery WordPress plugin still impact over 500K installs

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

APT28 group return to covert intelligence gathering ops in Europe and South America.

A new Fancy Bear backdoor used to target political targets

How cybercrime is impacting SMBs in 2023

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks

Lazarus malware delivered to South Korean users via supply chain attacks

Mandiant identifies 3 hacktivist groups working in support of Russia

Domestic Kitten has been conducting surveillance targeting over 1,000 individuals

China-linked APT41 group spotted using open-source red teaming tool GC2

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Russia-linked Sofacy APT developed a new ‘Go’ variant of Zebrocy tool

The Life and Death of Passwords: Improving Security With Passwords and People

Is APT27 Abusing COVID-19 To Attack People ?!

Threat Trends: Firewall

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Stay Connected