Security Affairs

MARCH 13, 2020

The Russia-linked APT group Turla employed two new pieces of malware in attacks launched over a period of roughly two months in the fall of 2019. The Russia-linked APT group Turla employed two new pieces of malware in attacks launched over a period of roughly two months in the fall of 2019. Kill (uninstall) the malware. .

Malware 145

Malware Social Engineering Advertising Government 145

Security Affairs

JUNE 19, 2020

New AcidBox Malware employed in targeted attacks leverages an exploit previously associated with the Russian-linked Turla APT group. Palo Alto Networks researchers analyzed a new malware, dubbed AcidBox, that was employed in targeted attacks and that leverages an exploit previously associated with the Russian-linked Turla APT group.

Malware 144

Malware Advertising InfoSec Hacking 144

Malwarebytes

MARCH 5, 2022

The Formbook malware is an information stealer that is in use by many threat actors. The embedded object downloaded a remote template that exploits CVE-2017-11882 to download and execute the FormBook malware. The post Beware of malware offering “Warm greetings from Saudi Aramco” appeared first on Malwarebytes Labs.

Malware 136

Malware Manufacturing Marketing 136

Krebs on Security

MAY 14, 2024

Kaspersky said it has since seen the exploit used together with QakBot and other malware. Emerging in 2007 as a banking trojan, QakBot (a.k.a. Qbot and Pinkslipbot ) has morphed into an advanced malware strain now used by multiple cybercriminal groups to prepare newly compromised networks for ransomware infestations.

Social Engineering 275

Social Engineering Backups Malware Software 275

Heimadal Security

JUNE 3, 2022

Also known as the Dridex gang or INDRIK SPIDER, the Russian cybercriminal gang Evil Corp has been active since at least 2007 and is known for distributing the Dridex malware. The post LockBit Malware Is Now Used by Evil Corp appeared first on Heimdal Security Blog. What Happened?

Malware 98

Malware Cybercrime Cybersecurity 98

Security Affairs

DECEMBER 2, 2020

Russian-linked cyberespionage group Turla employed a new malware toolset, named Crutch, in targeted attacks aimed at high-profile targets. The post Russia-linked APT Turla used a new malware toolset named Crutch appeared first on Security Affairs. ” Pierluigi Paganini. SecurityAffairs – hacking, Crutch).

Malware 145

Malware Accountability Hacking Government 145

CyberSecurity Insiders

NOVEMBER 29, 2021

IKEA, the furniture giant from Sweden, has disclosed that its servers were hit by a Qakbot malware that could have compromised its staff and partner accounts to a certain extent. QuakBot aka QuackBot malware is actually a malicious software that has the potential to steal banking credentials and is existing since the year 2007.

Malware 105

Malware Retail Banking Ransomware 105

Security Affairs

MAY 15, 2020

Russia-linked cyberespionage group Turla targets diplomatic entities in Europe with a new piece of malware tracked as COMpfun. Security experts from Kaspersky Lab have uncovered a new cyberespionage campaign carried out by Russia-linked APT Turla that employs a new version of the COMpfun malware. SecurityAffairs – Turla, malware).

Malware 140

Malware Advertising Government Hacking 140

Security Affairs

FEBRUARY 22, 2025

This threat actor was involved in cyber espionage campaigns and sabotage activities to destroy data and disrupt systems.

Cryptocurrency 129

Cryptocurrency Hacking Banking Cybersecurity 129

The Hacker News

DECEMBER 16, 2024

The Mask APT is a legendary threat actor that has been performing highly sophisticated attacks since at least 2007," Kaspersky researchers Georgy Kucherin and Marc Rivero said in an analysis published last week. Their targets

Malware 109

Malware 109

The Hacker News

JANUARY 13, 2022

Qakbot, also known as QBot, QuackBot and Pinkslipbot, has been observed in the wild since 2007. Although mainly fashioned as an information-stealing malware, Qakbot has since shifted its goals and acquired new

Banking 136

Banking Encryption Malware Cybersecurity 136

Security Affairs

DECEMBER 10, 2020

Russia-link cyberespionage APT28 leverages COVID-19 as phishing lures to deliver the Go version of their Zebrocy (or Zekapab) malware. Russia-linked APT28 is leveraging COVID-19 as phishing lures in a new wave of attacks aimed at distributing the Go version of their Zebrocy (or Zekapab) malware. ” concludes the report.

Malware 121

Malware Phishing Government Data collection 121

The Hacker News

OCTOBER 18, 2022

Active since at least 2007, Winnti (aka APT41, Barium, Bronze Atlas, and Wicked Panda) is the name designated to a prolific cyber threat group that carries out Chinese state-sponsored espionage activity, predominantly

Cyber threats 117

Cyber threats Malware Government 117

Krebs on Security

JUNE 7, 2021

In the process of doing so, I encountered a small snag: The FSB’s website said in order to communicate with them securely, I needed to download and install an encryption and virtual private networking (VPN) appliance that is flagged by at least 20 antivirus products as malware. biz, circa 2007. Image: Wikipedia.

Antivirus 333

Antivirus VPN Encryption Malware 333

Security Affairs

MARCH 28, 2019

The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts that investigated on the crew consider it highly sophisticated. At the time, North Korea-linked Lazarus APT group leveraged for the first time on a MacOS variant of the Fallchill malware.

Cryptocurrency 111

Cryptocurrency Malware Advertising Antivirus 111

Security Affairs

JUNE 30, 2021

for his key role in the distribution of the Gozi virus that infected more than a million computers from 2007 to 2012. The Gozi banking Trojan is not a new threat, it was first spotted by security researchers in 2007. Colombian officials announced the arrest of the Romanian hacker Mihai Ionut Paunescu who is wanted in the U.S.

Banking 120

Banking Malware Hacking Information Security 120

Heimadal Security

JUNE 7, 2022

QBot is a banking virus active since 2007 that steals user data and banking credentials. The malware contains novel distribution methods, C2 tactics, and anti-analysis characteristics. QBot (QuakBot) is a Windows malware that steals bank credentials, and Windows domain credentials, and delivers further […].

Ransomware 111

Ransomware Banking Malware Cybersecurity 111

Security Affairs

FEBRUARY 23, 2022

The code of the recently-emerged Entropy ransomware has similarities with the one of the infamous Dridex malware. The recently-emerged Entropy ransomware has code similarities with the popular Dridex malware. The post Sophos linked Entropy ransomware to Dridex malware. ” reads a report published by Sophos. .

Ransomware 112

Ransomware Malware Cybercrime Banking 112

Security Affairs

NOVEMBER 16, 2020

The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Malware 108

Malware Software Cryptocurrency Financial Services 108

Security Boulevard

JUNE 21, 2022

Qakbot malware (also known as: QakBot, Quakbot, Pinkslipbot) is a prevalent information-stealing malware that was discovered in 2007. The post Qakbot appeared first on Cyborg Security. The post Qakbot appeared first on Security Boulevard.

Malware 98

Malware 98

Security Affairs

DECEMBER 17, 2019

The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. Dacls is the first malware linked to the Lazarus group that targets Linux systems. com ‘ was involved in past campaigns of the Lazarus APT. Pierluigi Paganini.

Malware 106

Malware Advertising Encryption Hacking 106

Security Affairs

OCTOBER 29, 2020

US Cyber Command published technical details on malware implants used by Russia-linked APTs on multiple parliaments, embassies. US Cyber Command shared technical details about malware implants employed by Russian hacking groups in attacks against multiple ministries of foreign affairs, national parliaments, and embassies.

Malware 139

Malware Advertising Hacking Government 139

Security Affairs

JANUARY 8, 2024

Bandook has been active since 2007, it has been continuously developed since then and was employed in several campaigns by different threat actors. Upon extracting the malware from the archive, the malicious code injects its payload into msinfo32.exe. “A large number of commands for C2 communication can be found in this malware.

Malware 132

Malware Phishing Passwords Hacking 132

Security Affairs

DECEMBER 25, 2020

The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Cryptocurrency 142

Cryptocurrency Malware Hacking Phishing 142

Security Affairs

APRIL 22, 2020

The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. ” The malware sample employed in the attack resembled a Winnti dropper previously analyzed by ESET researcher that was submitted to a public online malware scanning service.

DNS 144

DNS Malware Advertising Software 144

Quick Heal Antivirus

NOVEMBER 11, 2022

QBot, also known as Qakbot, QuackBot, and Pinkslipbot, is a Banking Trojan that was first observed in 2007. The post QBOT – A HTML Smuggling technique to target victims appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

Banking 111

Banking Phishing Cybercrime Ransomware 111

Security Affairs

AUGUST 29, 2020

The BeagleBoyz APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Banking 143

Banking Malware Advertising Hacking 143

Security Affairs

OCTOBER 21, 2021

The malware drops ransom notes ( macaw_recover.txt ) in each folder, the ransom note includes the link to a unique victim negotiation page. The Evil Corp cybercrime group (aka the Dridex gang Indrik Spider , the Dridex gang, and TA505 ) has been active in cybercrime activities since 2007.

Ransomware 141

Ransomware Cybercrime Banking Encryption 141

Security Affairs

OCTOBER 18, 2022

Winnti (aka APT41 , Axiom, Barium , Blackfly) is a cyberespionage group that has been active since at least 2007. Symantec observed the attackers deploying a custom malware called Spyder Loader on the target networks. exe for the execution of the malware loader. ” reads the analysis published by Symantec.

Malware 129

Malware Encryption Manufacturing Hacking 129

Security Affairs

JANUARY 11, 2021

Security experts from Kaspersky have identified multiple similarities between the Sunburst malware used in the SolarWinds supply chain attack and the Kazuar backdoor that has been employed in cyber espionage campaigns conducted by Russia-linked APT group Turla. ” continues the report.

Malware 135

Malware Hacking Government Information Security 135

Security Affairs

NOVEMBER 28, 2021

North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported. The activity of the Zinc APT group, aka Lazarus , surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Malware 143

Malware Phishing Antivirus Hacking 143

Security Affairs

MARCH 9, 2020

A couple of weeks ago, the popular security researcher Kevin Beaumont reported mass scanning for the CVE-2020-0688 (Microsoft Exchange 2007+ RCE vulnerability). That was quick, since 2 hours ago seeing likely mass scanning for CVE-2020-0688 (Microsoft Exchange 2007+ RCE vulnerability).

Authentication 145

Authentication Advertising Hacking Malware 145

Security Affairs

NOVEMBER 29, 2020

. “During this past year, dozens of digitally signed variants of this once commodity malware started to reappear in the threat landscape, reigniting interest in this old malware family.” Experts observed several samples of the malware that were digitally signed with valid certificates issued by Certum.

Energy and Utilities 136

Energy and Utilities Malware Government Healthcare 136

Security Affairs

APRIL 22, 2024

The APT28 group (aka Forest Blizzard , Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Government 142

Government Education Phishing Malware 142

Security Affairs

OCTOBER 27, 2021

The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Malware 125

Malware System Administration Hacking Media 125

Security Affairs

NOVEMBER 15, 2021

IDA Pro is widely used by malware researchers to translate machine-executable code into assembly language source code for purpose of debugging and reverse engineering. . The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. Win64/NukeSped.JS : devguardmap[.]org

Cybersecurity 121

Cybersecurity Engineering Software Malware 121

Security Affairs

SEPTEMBER 2, 2019

For years, experts speculated the involvement of a spy that infiltrated the Iranian plant and installed the malware. That mole physically spread the malware inside the plant using a USB flash drive. By May 2007, Iran had 1,700 centrifuges installed at Natanz, while the Dutch mole was inside Natanz in the summer of the same year.

Malware 110

Malware Engineering Advertising Hacking 110