Security Affairs

JUNE 30, 2021

for his key role in the distribution of the Gozi virus that infected more than a million computers from 2007 to 2012. The Gozi banking Trojan is not a new threat, it was first spotted by security researchers in 2007. Colombian officials announced the arrest of the Romanian hacker Mihai Ionut Paunescu who is wanted in the U.S.

Banking 121

Banking Malware Hacking Information Security 121

Security Affairs

FEBRUARY 23, 2022

The code of the recently-emerged Entropy ransomware has similarities with the one of the infamous Dridex malware. The recently-emerged Entropy ransomware has code similarities with the popular Dridex malware. The post Sophos linked Entropy ransomware to Dridex malware. appeared first on Security Affairs.

Ransomware 112

Ransomware Malware Cybercrime Banking 112

Security Affairs

NOVEMBER 16, 2020

According to the experts the nation-state actors leverage stolen security certificates from two separate, legitimate South Korean companies. . The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. ” reads the analysis published by ESET.

Malware 109

Malware Software Cryptocurrency Financial Services 109

Security Affairs

DECEMBER 17, 2019

The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. Dacls is the first malware linked to the Lazarus group that targets Linux systems. com ‘ was involved in past campaigns of the Lazarus APT. Pierluigi Paganini.

Malware 106

Malware Advertising Encryption Hacking 106

Security Affairs

OCTOBER 29, 2020

US Cyber Command published technical details on malware implants used by Russia-linked APTs on multiple parliaments, embassies. US Cyber Command shared technical details about malware implants employed by Russian hacking groups in attacks against multiple ministries of foreign affairs, national parliaments, and embassies.

Malware 140

Malware Advertising Hacking Government 140

Security Affairs

JANUARY 8, 2024

Bandook has been active since 2007, it has been continuously developed since then and was employed in several campaigns by different threat actors. Upon extracting the malware from the archive, the malicious code injects its payload into msinfo32.exe. “A large number of commands for C2 communication can be found in this malware.

Malware 133

Malware Phishing Passwords Hacking 133

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported.

Malware 144

Malware Phishing Antivirus Hacking 144

Security Affairs

DECEMBER 25, 2020

The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Cryptocurrency 143

Cryptocurrency Malware Hacking Phishing 143

Security Affairs

AUGUST 29, 2020

The BeagleBoyz APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Banking 143

Banking Malware Advertising Hacking 143

Security Affairs

OCTOBER 21, 2021

The malware drops ransom notes ( macaw_recover.txt ) in each folder, the ransom note includes the link to a unique victim negotiation page. The Evil Corp cybercrime group (aka the Dridex gang Indrik Spider , the Dridex gang, and TA505 ) has been active in cybercrime activities since 2007.

Ransomware 142

Ransomware Cybercrime Banking Encryption 142

Security Affairs

OCTOBER 18, 2022

Winnti (aka APT41 , Axiom, Barium , Blackfly) is a cyberespionage group that has been active since at least 2007. Symantec observed the attackers deploying a custom malware called Spyder Loader on the target networks. exe for the execution of the malware loader. ” reads the analysis published by Symantec.

Malware 130

Malware Encryption Manufacturing Hacking 130

Security Affairs

JANUARY 11, 2021

Security experts from Kaspersky have identified multiple similarities between the Sunburst malware used in the SolarWinds supply chain attack and the Kazuar backdoor that has been employed in cyber espionage campaigns conducted by Russia-linked APT group Turla. ” continues the report.

Malware 136

Malware Hacking Government Information Security 136

Security Affairs

NOVEMBER 29, 2020

. “During this past year, dozens of digitally signed variants of this once commodity malware started to reappear in the threat landscape, reigniting interest in this old malware family.” Experts observed several samples of the malware that were digitally signed with valid certificates issued by Certum.

Energy and Utilities 137

Energy and Utilities Malware Government Healthcare 137

Security Affairs

APRIL 22, 2024

The APT28 group (aka Forest Blizzard , Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Government 142

Government Education Phishing Malware 142

Security Affairs

OCTOBER 27, 2021

The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Malware 126

Malware System Administration Hacking Media 126

Security Affairs

NOVEMBER 15, 2021

IDA Pro is widely used by malware researchers to translate machine-executable code into assembly language source code for purpose of debugging and reverse engineering. . The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. Win64/NukeSped.JS : devguardmap[.]org

Cybersecurity 122

Cybersecurity Engineering Software Malware 122

Security Affairs

FEBRUARY 25, 2021

“Once the malicious document is opened, the malware is dropped and proceeds to the next stage of the deployment process. The ThreatNeedle malware used in this campaign belongs to a malware family known as Manuscrypt, which belongs to the Lazarus group and has previously been seen attacking cryptocurrency businesses.”

Malware 130

Malware Cryptocurrency Password Management Encryption 130

Security Affairs

SEPTEMBER 2, 2019

and Israel get Stuxnet onto the highly secured Natanz plant? For years, experts speculated the involvement of a spy that infiltrated the Iranian plant and installed the malware. That mole physically spread the malware inside the plant using a USB flash drive. The unanswered question is, how did the U.S.

Malware 110

Malware Engineering Advertising Hacking 110

Security Affairs

DECEMBER 6, 2020

Kopter Group is Switzerland-based company that was founded in 2007 that was acquired by Leonardo in April 2020. The helicopter maker Kopter was hit by LockBit ransomware, the attackers compromised its internal network and encrypted the company’s files.

Ransomware 134

Ransomware VPN Encryption Passwords 134

Security Affairs

MAY 22, 2020

The Winnti hacking group continues to target gaming industry, recently it used a new malware named PipeMon and a new method to achieve persistence. Winnti hacking group is using a new malware dubbed PipeMon and a novel method to achieve persistence in attacks aimed at video game companies. ” concludes ESET.

Malware 134

Malware Hacking Advertising Architecture 134

Security Affairs

MAY 9, 2020

North Korea-linked Lazarus APT already used at least two macOS malware in previous attacks, now researchers from Malwarebytes have identified a new Mac variant of the Linux-based Dacls RAT. The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Malware 127

Malware Advertising Encryption Hacking 127

Security Affairs

MARCH 20, 2020

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. “This report aims to shed light on some of Pawn Storm’s attacks that did not use malware in the initial stages.

Phishing 145

Phishing Accountability Advertising DNS 145

Security Affairs

JANUARY 29, 2021

Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to ZINC, a DPRK-affiliated and state-sponsored group, based on observed tradecraft, infrastructure, malware patterns, and account affiliations.” Not all visitors to the site were infected. . ” concludes Microsoft.

Malware 137

Malware Antivirus Hacking Accountability 137

Security Affairs

JANUARY 15, 2021

The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. Investigating the attack, the experts discover a number of new malware samples used by the attackers, including various droppers, loaders, and injectors.

Malware 107

Malware Technology Software Information Security 107

Security Affairs

OCTOBER 21, 2019

Security experts have a new malware, dubbed skip-2.0 Security experts at ESET have discovered a new malware, dubbed skip-2.0, The Winnti group was first spotted by Kaspersky in 2013, according to the researchers the gang has been active since 2007. The skip-2.0 by its authors and part of the Winnti Group’s arsenal.”

Malware 71

Malware Passwords Advertising DNS 71

Security Affairs

OCTOBER 27, 2021

The Evil Corp cybercrime group (aka the Dridex gang Indrik Spider , the Dridex gang, and TA505 ) has been active in cybercrime activities since 2007. Evil Corp has recently launched a new ransomware called Macaw Locker to evade US sanctions that prevent victims from making ransom payments.

Ransomware 139

Ransomware Banking Cybercrime Hacking 139

Security Affairs

OCTOBER 24, 2020

Researchers from the NCC Group’s report and later Symantec confirmed that malware was developed by the Russian cybercrime crew known as Evil Corp , which was behind the Dridex Trojan , and multiple ransomware like Locky , Bart, Jaff , and BitPaymer. This group has been active since at least 2007, in December 2019, the U.S.

Ransomware 123

Ransomware Telecommunications Banking Advertising 123

Security Affairs

JUNE 30, 2024

According to the media outlet, Chinese state-sponsored hackers used the Winnti trojan malware to infect the systems of the Company. The Winnti group was first spotted by Kaspersky in 2013, according to the researchers, the nation-state actor has been active since at least 2007.

Accountability 140

Accountability Hacking Architecture Malware 140

Security Affairs

NOVEMBER 3, 2020

In some cases, the man manually chacked the stolen information. “As reflected in court documents, from 2007 through 2019, Brovko worked closely with other cybercriminals to monetize vast troves of data that had been stolen by “botnets,” or networks of infected computers. ” reads the press release published by the DoJ.

Accountability 121

Accountability Banking Advertising Data collection 121

Security Affairs

FEBRUARY 8, 2021

The researchers documented a malware, tracked as ‘FurBall,’ that was employed since the beginning of the operation. The attack chain leverage multiple vectors Telegram channels, SMS messages containing a link to the malware, phishing messages, and watering hole attacks involving Iranian websites. ” concludes the report.

Surveillance 114

Surveillance Mobile Malware Cyber Attacks 114

Security Affairs

APRIL 8, 2022

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks. ” concludes Microsoft.

Government 136

Government Media Malware Hacking 136

Security Affairs

OCTOBER 21, 2022

A new variant of the popular Ursnif malware is used as a backdoor to deliver next-stage payloads and steal sensitive data. Mandiant researchers warn of a significant shift from Ursnif ‘s original purpose, the malware initially used in banking frauds is now used to deliver next-stage payloads and steal sensitive data.

Banking 98

Banking Malware Hacking Ransomware 98

Security Affairs

AUGUST 6, 2023

At the time of this writing, no ransomware group has claimed responsibility for the security breach. .” Once the investigation will be completed, CDHE will notify impacted by mail or email. CDHE provides free access to the identify theft monitoring Experian IdentityWorks SM for 24 months.

Education 98

Education Data breaches Ransomware Hacking 98

Security Affairs

MAY 26, 2020

Cybersecurity researchers discovered a new version of the ComRAT backdoor, also known as Agent.BTZ , which is a malware that was employed in past campaigns attributed to the Turla APT group. “Version four of ComRAT is a totally revamped malware family released in 2017,” ESET concludes.

Advertising 136

Advertising Malware Encryption Authentication 136

Security Affairs

DECEMBER 1, 2020

. “While this actor’s operational goals remained the same—establish continuous monitoring and espionage, exfiltrating useful information as is it surfaced—their deployment of coin miners in their recent campaigns provided another way for the attackers to monetize compromised networks.” ” continues the report.

Cryptocurrency 136

Cryptocurrency Antivirus Manufacturing Government 136

Security Affairs

JANUARY 18, 2022

The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. ” The threat actors were observed deploying Cobalt Strike in the infected networks, along with a set of additional malware and web shells.

Cryptocurrency 136

Cryptocurrency Media Social Engineering Phishing 136

Security Affairs

JANUARY 11, 2021

then they marketed the stocks in a deceptive and misleading manner to customers of the targeted companies whose information were previously stolen by TYURIN. From 2007 to 2015 TYURIN also conducted cyberattacks against multiple foreign companies. “In addition to the U.S.

Hacking 124

Hacking Marketing Identity Theft Banking 124