2009, Information Security and Malware - Cyber Security Informer

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware

Malware VPN Internet Internet

Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever

Security Affairs

FEBRUARY 22, 2025

This threat actor was involved in cyber espionage campaigns and sabotage activities to destroy data and disrupt systems.

Cryptocurrency

Cryptocurrency Hacking Banking Cybersecurity

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Security Affairs

FEBRUARY 17, 2024

Ukrainian national Vyacheslav Igorevich Penchukov has pleaded guilty to his key roles in the Zeus and IcedID malware operations. Vyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected thousands of computers with malicious software.

Malware

Malware Cybercrime Banking Hacking

Lazarus malware delivered to South Korean users via supply chain attacks

Security Affairs

NOVEMBER 16, 2020

According to the experts the nation-state actors leverage stolen security certificates from two separate, legitimate South Korean companies. . The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. ” reads the analysis published by ESET.

Malware

Malware Software Cryptocurrency Financial Services

Dacls RAT, the first Lazarus malware that targets Linux devices

Security Affairs

DECEMBER 17, 2019

The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. Dacls is the first malware linked to the Lazarus group that targets Linux systems. com ‘ was involved in past campaigns of the Lazarus APT. Pierluigi Paganini.

Malware

Malware Advertising Encryption Hacking

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported.

Malware

Malware Phishing Antivirus Hacking

Vyacheslav Igorevich Penchukov was sentenced to prison for his role in Zeus and IcedID operations

Security Affairs

JULY 13, 2024

Ukrainian national Vyacheslav Igorevich Penchukov was sentenced to prison for his role in Zeus and IcedID malware operations. DoJ sentenced the Ukrainian national Vyacheslav Igorevich Penchukov (37) to prison and ordered him to pay millions of dollars in restitution for his role in the Zeus and IcedID malware operations.

Cybercrime

Cybercrime Banking Malware Hacking

North Korea-linked Lazarus APT targets the COVID-19 research

Security Affairs

DECEMBER 25, 2020

The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Cryptocurrency

Cryptocurrency Malware Hacking Phishing

North Korea-linked APT group BeagleBoyz targets banks

Security Affairs

AUGUST 29, 2020

The BeagleBoyz APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Banking

Banking Malware Advertising Hacking

Administrators of bulletproof hosting sentenced to prison in the US

Security Affairs

OCTOBER 21, 2021

The United States Department of Justice sentenced two individuals that were providing bulletproof hosting to various malware operations. The two individuals, Aleksandr Skorodumov (33) of Lithuania, and Pavel Stassi (30) of Estonia, administrated the bulletproof hosting service between 2009 and 2015.

System Administration

System Administration Malware Accountability Marketing

An ongoing Qbot campaign targeted customers of tens of US banks

Security Affairs

JUNE 18, 2020

Researchers uncovered an ongoing campaign delivering the Qbot malware to steal credentials from customers of dozens of US financial institutions. Security researchers at F5 Labs have spotted ongoing attacks using Qbot malware payloads to steal credentials from customers of dozens of US financial institutions. Pierluigi Paganini.

Banking

Banking Malware Advertising Financial Services

North Korea-linked Lazarus APT targets the IT supply chain

Security Affairs

OCTOBER 27, 2021

The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Malware

Malware System Administration Hacking Media

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

Security Affairs

NOVEMBER 15, 2021

IDA Pro is widely used by malware researchers to translate machine-executable code into assembly language source code for purpose of debugging and reverse engineering. . The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. Win64/NukeSped.JS : devguardmap[.]org

Cybersecurity

Cybersecurity Engineering Software Malware

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Security Affairs

FEBRUARY 25, 2021

“Once the malicious document is opened, the malware is dropped and proceeds to the next stage of the deployment process. The ThreatNeedle malware used in this campaign belongs to a malware family known as Manuscrypt, which belongs to the Lazarus group and has previously been seen attacking cryptocurrency businesses.”

Malware

Malware Cryptocurrency Password Management Encryption

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Security Affairs

MAY 9, 2020

North Korea-linked Lazarus APT already used at least two macOS malware in previous attacks, now researchers from Malwarebytes have identified a new Mac variant of the Linux-based Dacls RAT. The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Malware

Malware Advertising Encryption Hacking

Symantec uncovered the link between China-Linked Thrip and Billbug groups

Security Affairs

SEPTEMBER 9, 2019

The Thrip group used both custom malware and legitimate tools to hit its targets that continue to include defense contractors, telecoms companies, and satellite operators. Security experts at Symantec speculate that Thrip is a sub-group of Billbug. This malware appears to be an evolution of an older Billbug tool known as Evora.”

Government

Government Advertising Telecommunications Malware

Microsoft: North Korea-linked Zinc APT targets security experts

Security Affairs

JANUARY 29, 2021

Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to ZINC, a DPRK-affiliated and state-sponsored group, based on observed tradecraft, infrastructure, malware patterns, and account affiliations.” Not all visitors to the site were infected. . ” concludes Microsoft.

Malware

Malware Antivirus Hacking Accountability

China-linked APT10 leverages ZeroLogon exploits in recent attacks

Security Affairs

NOVEMBER 18, 2020

The group, also known as Cicada, Stone Panda , and Cloud Hopper , has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide. ” Pierluigi Paganini.

Manufacturing

Manufacturing Hacking Engineering Malware

PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web

Security Affairs

OCTOBER 23, 2023

billion Aadhaars issued by the UIDAI since this ID service launched in 2009, this system represents one of the largest biometric ID programs on the planet, according to a report published by think tank Brookings Institution. With roughly 1.4

Identity Theft

Identity Theft Banking Data breaches Malware

Orchard botnet uses Bitcoin Transaction info to generate DGA domains

Security Affairs

AUGUST 8, 2022

“It’s worth pointing out that the wallet address is the miner reward receiving address of the Bitcoin Genesis Block , which occurred on January 3, 2009, and is believed to be held by Nakamoto.” The bot allows operators to deploy additional malware onto the infected machine and execute commands received from the C2 server.

Accountability

Accountability Cryptocurrency Malware Hacking

APT10 is back with two new loaders and new versions of known payloads

Security Affairs

MAY 27, 2019

The APT10 group has added two new malware loaders to its arsenal and used in attacks aimed at government and private organizations in Southeast Asia. The recent attacks were uncovered by experts at enSilo, they also noticed that the APT group used modified versions of known malware. ” reads the analysis published by enSilo.

Advertising

Advertising Malware Government Hacking

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

Security Affairs

JULY 6, 2021

According to Group-IB’s Threat Intelligence team, the suspect, dubbed Dr HeX by Group-IB based on one of the nicknames that he used, has been active since at least 2009 and is responsible for a number of cybercrimes, including phishing, defacing, malware development, fraud, and carding that resulted in thousands of unsuspecting victims.

Cybercrime

Cybercrime Phishing Banking Telecommunications

North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks

Security Affairs

JANUARY 27, 2022

North Korea-linked Lazarus APT group uses Windows Update client to deliver malware on Windows systems. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. The use of Github as a C2 aims at evading detection.

Malware

Malware Hacking Phishing Ransomware

US officials charge two Chinese men for laundering cryptocurrency for North Korea

Security Affairs

MARCH 3, 2020

” The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. The researchers spotted more macOS malware similar to the one that was involved in Operation AppleJeus.

Cryptocurrency

Cryptocurrency Banking Hacking Accountability

Operation In(ter)reception targets Military and Aerospace employees in Europe and the Middle East

Security Affairs

JUNE 17, 2020

. “A collaborative investigation with two of the affected European companies allowed us to gain insight into the operation and uncover previously undocumented malware.” The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Advertising

Advertising Malware Passwords Accountability

Belgium telecom operators Proximus and Orange drop Huawei

Security Affairs

OCTOBER 10, 2020

Orange Belgium is using Huawei equipment since 2007 for its mobile network in Belgium and Luxembourg, while the collaboration between Proximus and the Shenzhen-based company started in 2009 for the progressive upgrading of its network.

Mobile

Mobile Manufacturing Internet Internet

Billions of FBS Records Exposed in Online Trading Broker Data Leak

Security Affairs

MARCH 24, 2021

User information on online trading platforms should be well secured to prevent similar data leaks. Founded in 2009, FBS is an international online forex broker with more than 400,000 partners and 16 million traders spanning over 190 countries. Scams, Phishing and Malware. Who is FBS.

Passwords

Passwords Accountability Media Identity Theft

The man behind Cardplanet credit card market sentenced to 9 years in prison

Security Affairs

JUNE 27, 2020

The man operated the Cardplanet site between at least early 2009 through at least August 2013. In 2019, Burkov was accused of running the online criminal marketplace, Cardplanet, according to the investigators, the site helped crooks to organize more than $20 million in credit card fraud.

Marketing

Marketing Cybercrime Advertising Insurance

The US Treasury placed sanctions on North Korea linked APT Groups

Security Affairs

SEPTEMBER 13, 2019

.” The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts that investigated on the crew consider it highly sophisticated.

Cyber Attacks

Cyber Attacks Hacking Cryptocurrency Banking

US and UK sanctioned seven Russian members of Trickbot gang

Security Affairs

FEBRUARY 9, 2023

-based financial institutions that occurred in 2009 and 2010, predating his involvement in Dyre or the Trickbot Group. Valentin Karyagin has been involved in the development of ransomware and other malware projects. Maksim Mikhailov has been involved in development activity for the Trickbot Group.

Banking

Banking Ransomware Cybercrime Malware

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

The Last Watchdog

AUGUST 15, 2019

Beazley also reported that SMBs, which tend to spend less on information security, were at a higher risk of being hit by ransomware than larger firms, and that the healthcare sector was hardest hit by ransomware attacks, followed by financial institutions and professional services. million – the equivalent of 3,000 Bitcoin at the time.

Ransomware

Ransomware Internet Internet Hacking

Cyber Security Roundup for May 2021

Security Boulevard

MAY 3, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, April 2021. The UK Security Service MI5 said 10,000 staff from every UK government department and from important UK industries have been lured by fake LinkedIn profiles.

Ransomware

Ransomware Passwords Scams Government

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

Security Affairs

JUNE 27, 2019

The group has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide. . ” continues the report.

Identity Theft

Identity Theft Hacking Advertising System Administration

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

CDHE provides free access to the identify theft monitoring Experian IdentityWorks SM for 24 months.

Education

Education Data breaches Ransomware Hacking

The role of a secret Dutch mole in the US-Israeli Stuxnet attack on Iran

Security Affairs

SEPTEMBER 2, 2019

and Israel get Stuxnet onto the highly secured Natanz plant? For years, experts speculated the involvement of a spy that infiltrated the Iranian plant and installed the malware. That mole physically spread the malware inside the plant using a USB flash drive. The unanswered question is, how did the U.S.

Malware

Malware Engineering Advertising Hacking

North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection

Security Affairs

APRIL 20, 2021

The malicious code within the bitmap image file was used by threat actors to drop a remote access trojan (RAT) on the victims’ systems that allow them to steal sensitive information. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Phishing

Phishing Hacking Cryptocurrency Malware

Experts attribute NukeSped RAT to North Korea-Linked hackers

Security Affairs

OCTOBER 24, 2019

Experts at Fortinet analyzed NukeSped malware samples that share multiple similarities with malware associated with North Korea-linked APTs. Fortinet has analyzed the NukeSped RAT that is believed to be a malware in the arsenal of the Lazarus North-Korea linked APT group.

Malware

Malware Encryption Advertising Internet

EU has imposed sanctions on foreign actors for the first time ever

Security Affairs

JULY 31, 2020

The group has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide.

Cyber Attacks

Cyber Attacks Hacking Advertising Government

SimJacker attack allows hacking any phone with just an SMS

Security Affairs

SEPTEMBER 12, 2019

According to the researchers, almost any mobile phone model is vulnerable to the SimJacker attack because it leverages a component on SIM cards and its specifications are the same since 2009. ” states the post.

Hacking

Hacking Mobile Spyware Manufacturing

China-linked APT10 Target Taiwan’s financial trading industry

Security Affairs

FEBRUARY 22, 2022

The group (also known as Cicada, Stone Panda , MenuPass group, Bronze Riverside, and Cloud Hopper ) has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide.

Technology

Technology Hacking Passwords Software

Tank, the leader of the Zeus cybercrime gang, was arrested by the Swiss police

Security Affairs

NOVEMBER 17, 2022

Krebs reported that Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham, noted in 2014 that Tank told co-conspirators in a JabberZeus chat on July 22, 2009 that his daughter, Miloslava, was and told him Miloslava birth weight.

Cybercrime

Cybercrime Banking Identity Theft Hacking

The Platinum APT group adds the Titanium backdoor to its arsenal

Security Affairs

NOVEMBER 9, 2019

Security experts at Kaspersky Lab have spotted a new backdoor, tracked as Titanium, that was used by the Platinum APT group in attacks in the wild, the malicious code implements sophisticated evasion techniques. “The malware hides at every step by mimicking common software (protection related, sound software , DVD video creation tools).”

Encryption

Encryption Passwords Malware Software

Platinum APT and leverages steganography to hide C2 communications

Security Affairs

JUNE 6, 2019

According to Microsoft, the Platinum has been active since at least 2009, it was responsible for spear phishing attacks on ISPs, government organizations, intelligence agencies, and defense institutes. The APT group was discovered by Microsoft in 2016, it targeted organizations in South and Southeast.

Encryption

Encryption Advertising Government Cyber Attacks

Telehealth: A New Frontier in Medicine—and Security

SecureList

FEBRUARY 1, 2022

Number of data leaks from medical organizations, 2009–2020. Let’s see if there are any informational security issues with these wearables. Therefore, it is critical that those who work in this area are aware of the security dangers. The HIPAA Journal , which is focused on leaks in the U.S. Source: HIPAA Journal.

Phishing

Phishing Healthcare IoT Authentication

Who and What is Behind the Malware Proxy Service SocksEscort?

Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever

Trending Sources

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Lazarus malware delivered to South Korean users via supply chain attacks

Dacls RAT, the first Lazarus malware that targets Linux devices

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Vyacheslav Igorevich Penchukov was sentenced to prison for his role in Zeus and IcedID operations

North Korea-linked Lazarus APT targets the COVID-19 research

North Korea-linked APT group BeagleBoyz targets banks

Administrators of bulletproof hosting sentenced to prison in the US

An ongoing Qbot campaign targeted customers of tens of US banks

North Korea-linked Lazarus APT targets the IT supply chain

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Symantec uncovered the link between China-Linked Thrip and Billbug groups

Microsoft: North Korea-linked Zinc APT targets security experts

China-linked APT10 leverages ZeroLogon exploits in recent attacks

PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web

Orchard botnet uses Bitcoin Transaction info to generate DGA domains

APT10 is back with two new loaders and new versions of known payloads

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks

US officials charge two Chinese men for laundering cryptocurrency for North Korea

Operation In(ter)reception targets Military and Aerospace employees in Europe and the Middle East

Belgium telecom operators Proximus and Orange drop Huawei

Billions of FBS Records Exposed in Online Trading Broker Data Leak

The man behind Cardplanet credit card market sentenced to 9 years in prison

The US Treasury placed sanctions on North Korea linked APT Groups

US and UK sanctioned seven Russian members of Trickbot gang

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

Cyber Security Roundup for May 2021

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

The role of a secret Dutch mole in the US-Israeli Stuxnet attack on Iran

North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection

Experts attribute NukeSped RAT to North Korea-Linked hackers

EU has imposed sanctions on foreign actors for the first time ever

SimJacker attack allows hacking any phone with just an SMS

China-linked APT10 Target Taiwan’s financial trading industry

Tank, the leader of the Zeus cybercrime gang, was arrested by the Swiss police

The Platinum APT group adds the Titanium backdoor to its arsenal

Platinum APT and leverages steganography to hide C2 communications

Telehealth: A New Frontier in Medicine—and Security

Stay Connected