2011, Hacking and Malware - Cyber Security Informer

XDSpy APT remained undetected since at least 2011

Security Affairs

OCTOBER 2, 2020

Researchers from ESET uncovered the activity of a new APT group, tracked as XDSpy, that has been active since at least 2011. XDSpy is the name used by ESET researchers to track a nation-state actor that has been active since at least 2011. ” reads the abstract from the talk. ” concludes the report.

Malware

Malware Advertising Government Phishing

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. This story explores the history and identity behind Cryptor[.]biz WHO RUNS CRYPTOR[.]BIZ?

Malware

Malware Antivirus Cybercrime Hacking

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. The proxy lookup page inside the malware-based anonymity service Faceless. Image: spur.us. as a media sharing device on a local network that was somehow exposed to the Internet.

Malware

Malware Passwords Accountability Advertising

The Link Between AWM Proxy & the Glupteba Botnet

Krebs on Security

JUNE 28, 2022

On December 7, 2021, Google announced it was suing two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. AWMproxy, the storefront for renting access to infected PCs, circa 2011.

Passwords

Passwords Malware Internet Internet

Why is ‘Juice Jacking’ Suddenly Back in the News?

Krebs on Security

APRIL 14, 2023

KrebsOnSecurity received a nice bump in traffic this week thanks to tweets from the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC) about “ juice jacking ,” a term first coined here in 2011 to describe a potential threat of data theft when one plugs their mobile device into a public charging kiosk.

Mobile

Mobile Software Backups Technology

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Balaban This ransomware was doing the rounds over spam generated by the Gameover ZeuS botnet, which had been originally launched in 2011 as a toolkit for stealing victim’s banking credentials and was repurposed for malware propagation. These included PClock, CryptoLocker 2.0, Crypt0L0cker, and TorrentLocker.

Ransomware

Ransomware Hacking Encryption Penetration Testing

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Security Affairs

NOVEMBER 10, 2024

US CFPB warns employees to avoid work-related mobile calls and texts following China-linked Salt Typhoon hack over security concerns. The hacking campaign, called Salt Typhoon by investigators, hasn’t previously been publicly disclosed and is the latest in a series of incursions that U.S. and its allies for hacking activities in July.

Hacking

Hacking Internet Internet Government

PyMICROPSIA Windows malware includes checks for Linux and macOS

Security Affairs

DECEMBER 15, 2020

Experts from Palo Alto Networks’s Unit 42 discovered a new Windows info-stealing malware, named PyMICROPSIA, that might be used soon to also target Linux and macOS systems. AridViper is an Arabic speaking APT group that is active in the Middle East since at least 2011. SecurityAffairs – hacking, Arid Viper).

Malware

Malware Hacking Information Security

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware

Malware Hacking Government Telecommunications

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

Security Affairs

APRIL 21, 2022

ALAC was developed in 2004 and Apple open-sourced it in 2011, since then many third-party vendors used it. “The impact of an RCE vulnerability can range from malware execution to an attacker gaining control over a user’s multimedia data, including streaming from a compromised machine’s camera.” To nominate, please visit:?

Hacking

Hacking Media Malware Cybersecurity

CIA Hacking unit APT-C-39 hit China since 2008

Security Affairs

MARCH 4, 2020

Chinese security firm Qihoo 360 revealed that the US CIA has hacked Chinese organizations in various sectors for the last 11 years. Chinese security firm Qihoo 360 is accusing that the US Central Intelligence Agency (CIA) of having hacked Chinese organizations for the last 11 years. SecurityAffairs – hacking, CIA).

Hacking

Hacking Government Advertising Engineering

The Belgacom hack was the work of the UK GCHQ intelligence agency

Security Affairs

OCTOBER 28, 2018

Belgian newspaper reported that investigators had found proof that the Belgacom hack was the work of the UK GCHQ intelligence agency. Back to September 2013, Belgacom (now Proximus), the largest telecommunications company in Belgium and primarily state-owned, announced its IT infrastructure had suffered a malware-based attack.

Hacking

Hacking Spyware Telecommunications Malware

Inside the Massive Naz.API Credential Stuffing List

Troy Hunt

JANUARY 17, 2024

It's usually something to the effect of "hey, have you seen the Spotify breach", to which I politely reply with a link to my old No, Spotify Wasn't Hacked blog post (it's just the output of a small set of credentials successfully tested against their service), and we all move on.

Passwords

Passwords Password Management Hacking Accountability

US DoJ indicts four members of China-linked APT40 cyberespionage group

Security Affairs

JULY 19, 2021

US DoJ indicted four members of the China-linked cyberespionage group known as APT40 for hacking various entities between 2011 and 2018. Three of the defendants are said to be officers in a provincial arm of the MSS and one was an employee of a front company that was used to obfuscate the government’s role in the hacking campaigns.

Hacking

Hacking Technology Government Malware

Mariposa Botnet Author, Darkcode Crime Forum Admin Arrested in Germany

Krebs on Security

OCTOBER 1, 2019

In December 2013, a Slovenian court sentenced Škorjanc to four years and ten months in prison for creating the malware that powered the ‘ Mariposa ‘ botnet. Very soon after its inception, Mariposa was estimated to have infected more than 1 million hacked computers — making it one of the largest botnets ever created.

Cybercrime

Cybercrime Malware Antivirus Banking

YTStealer info-stealing malware targets YouTube content creators

Security Affairs

JUNE 29, 2022

Researchers detailed a new information-stealing malware, dubbed YTStealer, that targets YouTube content creators. Intezer cybersecurity researchers have detailed a new information-stealing malware, dubbed YTStealer, that was developed to steal authentication cookies from YouTube content creators. solutions.

Malware

Malware Authentication Software Accountability

Russia-linked threat actors targets critical infrastructure, US authorities warn

Security Affairs

JANUARY 12, 2022

The alert remarks that Russian nation-state actors have demonstrated sophisticated tradecraft and cyber capabilities by compromising third-party infrastructure, compromising third-party software, or developing custom malware. Some of the hacking campaigns that were publicly attributed to Russian state-sponsored APT actors by U.S.

Malware

Malware Cyber threats Government Hacking

DePriMon downloader uses a never seen installation technique

Security Affairs

NOVEMBER 21, 2019

The new DePriMon downloader was used by the Lambert APT group, aka Longhorn, to deploy malware. According to a report published by Symantec in 2017, Longhorn is a North American hacking group that has been active since at least 2011. Then the DePriMon malware uses Schannel for the communication. Pierluigi Paganini.

Malware

Malware Telecommunications Advertising Encryption

From Cybercrime Saul Goodman to the Russian GRU

Krebs on Security

FEBRUARY 7, 2024

In 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. The forum’s member roster includes a Who’s Who of top Russian cybercriminals, and it featured sub-forums for a wide range of cybercrime specialities, including malware, spam, coding and identity theft. One representation of the leaked Mazafaka database.

Cybercrime

Cybercrime Accountability Identity Theft Hacking

Security Affairs newsletter Round 284

Security Affairs

OCTOBER 4, 2020

SecurityAffairs – hacking, newsletter). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Ransomware

Ransomware Advertising Firmware Insurance

Windows Defender identified Chromium, Electron apps as Hive Ransomware

Security Affairs

SEPTEMBER 5, 2022

Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus to identify Chromium, Electron, as malware. Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus software to identify the app based on the Chromium browser engine or the Electron JavaScript framework as malware.

Ransomware

Ransomware Antivirus Malware Software

Google disrupts the Glupteba botnet

Security Affairs

DECEMBER 7, 2021

The blockchain-enabled botnet has been active since at least 2011, researchers estimate that the Glupteba botnet is currently composed of more than 1 million Windows PCs around the world. Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes. Pierluigi Paganini.

Backups

Backups Advertising Accountability Malware

Silent Night Zeus botnet available for sale in underground forums

Security Affairs

MAY 23, 2020

The source code of the Zeus Trojan is available in the cybercrime underground since 2011 allowing crooks to develop their own release since. Experts found multiple variants in the wild, many of them belonging to the Terdot Zbot/Zloader malware family. The malware is able to infect all operating systems. Pierluigi Paganini.

Banking

Banking Advertising Malware Data collection

Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

Security Affairs

APRIL 27, 2023

Iran-linked APT group Charming Kitten employed a new malware dubbed BellaCiao in attacks against victims in the U.S., The Charming Kitten used a new custom malware, dubbed BellaCiao, that is tailored to suit individual targets and is very sophisticated. Europe, the Middle East and India. Israel, Iraq, and Saudi Arabia.

Malware

Malware DNS Media Architecture

US man sentenced to 4 years in prison for his role in Infraud scheme

Security Affairs

MAY 29, 2022

The transnational cybercrime ring was engaged in the mass acquisition and sale of fraud-related goods and services, including stolen identities, compromised credit card data, and computer malware. SecurityAffairs – hacking, cybercrime). The fraudulent activities conducted by the gang cost victims more than $568 million dollars. .

Cybercrime

Cybercrime Hacking Malware Cybersecurity

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

Security Affairs

MAY 15, 2020

The Tropic Trooper APT that has been active at least since 2011, it was first spotted in 2015 by security experts at Trend Micro when it targeted government ministries and heavy industries in Taiwan and the military in the Philippines. ” reads the analysis published by Trend Micro. ” continues the report.

Government

Government Malware Advertising Architecture

Iran-linked Phosphorous APT hacked emails of security conference attendees

Security Affairs

OCTOBER 29, 2020

Iran-linked APT group Phosphorus successfully hacked into the email accounts of multiple high-profile individuals and security conference attendees. Microsoft has been tracking the threat actors at least since 2013, but experts believe that the cyberespionage group has been active since at least 2011. Saudi Arabia, and Iraq.

Hacking

Hacking Security Intelligence Advertising Accountability

Inside ‘Evil Corp,’ a $100M Cybercrime Menace

Krebs on Security

DECEMBER 16, 2019

The feds allege Aqua led an elite cybercrime ring with at least 16 others who used advanced, custom-made strains of malware known as “ JabberZeus ” and “ Bugat ” (a.k.a. Your payroll accounts have been hacked, and you’re about to lose a great deal of money. Here’s where it got interesting.

Cybercrime

Cybercrime Banking Small Business Accountability

The analysis of the code reuse revealed many links between North Korea malware

Security Affairs

AUGUST 10, 2018

Security researchers at Intezer and McAfee have conducted a joint investigation that allowed them to collect evidence that links malware families attributed to North Korean APT groups such as the notorious Lazarus Group and Group 123. Each node represents a malware family or a hacking tool (“ Brambul ,” “ Fallchill ,” etc.)

Malware

Malware Hacking Advertising Accountability

Will cryptocurrency mining soon saturate AWS, Microsoft Azure and Google Cloud?

The Last Watchdog

JUNE 20, 2018

Bilogorskiy: Before 2013 a lot of malware was focused on spam, DDoS and monetizing through malicious advertising and ad fraud. In 2011, total cryptocurrency value was about $10 billion. Bilogorskiy: One other kind of attack that we’ve seen is where companies get hacked and those computers have mining malware put on them.

Cryptocurrency

Cryptocurrency Ransomware Passwords Malware

US indicted 4 Russian government employees for attacks on critical infrastructure

Security Affairs

MARCH 25, 2022

“In total, these hacking campaigns targeted thousands of computers, at hundreds of companies and organizations, in approximately 135 countries.” The group also attempted to hack the systems of a US company operating critical infrastructure in the United States. SecurityAffairs – hacking, Russian government employees).

Government

Government Energy and Utilities Malware Hacking

Happy 10th Birthday, Security Affairs

Security Affairs

NOVEMBER 15, 2021

I launched Security Affairs for passion in 2011 and millions of readers walked with me. SecurityAffairs – hacking, Security Affairs). Ten years together! I’m very excited. Over the past decade, I have recovered tens of thousand stories focusing mainly on cybercrime, information warfare, hacktivism and computer security.

Cybercrime

Cybercrime Hacking Cybersecurity Data breaches

Unknown FinSpy Mac and Linux versions found in Egypt

Security Affairs

SEPTEMBER 27, 2020

Since 2011 it was employed in attacks aimed at Human Rights Defenders (HRDs) in many countries, including Bahrain, Ethiopia, UAE, and more. The new versions of FinSpy spyware were used by a new unknown hacking group, Amnesty International speculates the involvement of a nation-state actor that employed them since September 2019.

Spyware

Spyware Surveillance Advertising Mobile

US Treasury FinCEN linked $5.2 billion in BTC transactions to ransomware payments

Security Affairs

OCTOBER 16, 2021

FinCEN analyzed a data set composed of 2,184 SARs filed between 1 January 2011 and 30 June 2021 and identified 177 CVC (convertible virtual currency) wallets addresses that were used in ransomware operations associated with the above ransomware variants. SecurityAffairs – hacking, FinCEN). Pierluigi Paganini.

Ransomware

Ransomware Cryptocurrency Hacking Cybercrime

Alexander Vinnik, the popular cyber criminal goes on trial in Paris

Security Affairs

OCTOBER 19, 2020

Alexander Vinnik allegedly headed the Bitcoin exchange BTC-e, he is charged with different hacking crimes in Russia, France, and the United States. The authorities reported that since 2011, 7 million Bitcoin went into the BTC-e exchange and 5.5 SecurityAffairs – hacking, cybercrime). million withdrawn. Pierluigi Paganini.

Advertising

Advertising Hacking Cybercrime Cryptocurrency

Law enforcement operation dismantled 911 S5 botnet

Security Affairs

MAY 30, 2024

Since 2011, Wang and his co-conspirators had been distributing malware through malicious VPN applications, including MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN, and ShineVPN. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, 911 S5 botnet)

VPN

VPN Cryptocurrency Malware Software

Breach Exposes Users of Microleaves Proxy Service

Krebs on Security

JULY 28, 2022

In a 2011 post on Hackforums, Acidut said they were building a botnet using an “exploit kit,” a set of browser exploits made to be stitched into hacked websites and foist malware on visitors. 1, 2021: 15-Year-Old Malware Proxy Network VIP72 Goes Dark. ” A teaser from Irish Tech News. “Online[.]io

Advertising

Advertising Software Computers and Electronics Internet

German authorities raid the offices of the FinFisher surveillance firm

Security Affairs

OCTOBER 14, 2020

Since 2011 it was employed in attacks aimed at Human Rights Defenders (HRDs) in many countries, including Bahrain, Ethiopia, UAE, and more. The new versions of FinSpy spyware were used by a new unknown hacking group, Amnesty International speculates the involvement of a nation-state actor that employed them since September 2019.

Surveillance

Surveillance Spyware Software Advertising

Command injection flaw in PHP Composer allowed supply-chain attacks

Security Affairs

APRIL 29, 2021

According to the researchers who discovered the issue, the flaw was introduced in November 2011. SecurityAffairs – hacking, PHP Composer). “This problem alone does not yet allow command execution, as the values are appropriately escaped. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Hacking

Hacking Software Information Security Malware

Hunting the ICEFOG APT group after years of silence

Security Affairs

JUNE 8, 2019

This week, Chi-en (Ashley) Shen presented at the CONFidence cybersecurity conference held in Poland her analysis on new samples of malware associated with the ICEFOG group. ICEFOG-M is the latest variant, it is a fileless malware that supports the same features of the ICEFOG-P but leverages HTTPs for communications. Pierluigi Paganini.

Malware

Malware Government Advertising Banking

Iran-linked APT group Charming Kitten targets journalists, political and human rights activists

Security Affairs

FEBRUARY 7, 2020

Microsoft has been tracking the threat actors at least since 2013, but experts believe that the cyberespionage group has been active since at least 2011 targeting journalists and activists in the Middle East, as well as organizations in the United States, and entities in the U.K., Israel, Iraq, and Saudi Arabia. ” continues the report.”In

Phishing

Phishing Advertising Malware Media

Google obtained a temporary court order against CryptBot distributors

Security Affairs

APRIL 28, 2023

to disrupt the operations of the CryptBot malware, which experts estimate infected approximately 670,000 computers this past year. Google targeted the distributors of the malware who are paid to spread and deliver the malicious code and infect a larger number of systems as possible. ” reads the announcement published by Google.

Malware

Malware Cybercrime Cryptocurrency Media

Glupteba botnet is back after Google disrupted it in December 2021

Security Affairs

DECEMBER 19, 2022

The blockchain-enabled botnet has been active since at least 2011, researchers estimated that the Glupteba botnet was composed of more than 1 million Windows PCs around the world as of December 2021. Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes. Pierluigi Paganini.

DNS

DNS Antivirus Cryptocurrency Software

Patch Tuesday, November 2019 Edition

Krebs on Security

NOVEMBER 12, 2019

More than a dozen of the flaws tackled in this month’s release are rated “critical,” meaning they involve weaknesses that could be exploited to install malware without any action on the part of the user, except for perhaps browsing to a hacked or malicious Web site or opening a booby-trapped file attachment.

Backups

Backups Internet Internet Media

XDSpy APT remained undetected since at least 2011

Why Malware Crypting Services Deserve More Scrutiny

Trending Sources

Giving a Face to the Malware Proxy Service ‘Faceless’

The Link Between AWM Proxy & the Glupteba Botnet

Why is ‘Juice Jacking’ Suddenly Back in the News?

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

PyMICROPSIA Windows malware includes checks for Linux and macOS

Purple Lambert, a new malware of CIA-linked Lambert APT group

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

CIA Hacking unit APT-C-39 hit China since 2008

The Belgacom hack was the work of the UK GCHQ intelligence agency

Inside the Massive Naz.API Credential Stuffing List

US DoJ indicts four members of China-linked APT40 cyberespionage group

Mariposa Botnet Author, Darkcode Crime Forum Admin Arrested in Germany

YTStealer info-stealing malware targets YouTube content creators

Russia-linked threat actors targets critical infrastructure, US authorities warn

DePriMon downloader uses a never seen installation technique

From Cybercrime Saul Goodman to the Russian GRU

Security Affairs newsletter Round 284

Windows Defender identified Chromium, Electron apps as Hive Ransomware

Google disrupts the Glupteba botnet

Silent Night Zeus botnet available for sale in underground forums

Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

US man sentenced to 4 years in prison for his role in Infraud scheme

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

Iran-linked Phosphorous APT hacked emails of security conference attendees

Inside ‘Evil Corp,’ a $100M Cybercrime Menace

The analysis of the code reuse revealed many links between North Korea malware

Will cryptocurrency mining soon saturate AWS, Microsoft Azure and Google Cloud?

US indicted 4 Russian government employees for attacks on critical infrastructure

Happy 10th Birthday, Security Affairs

Unknown FinSpy Mac and Linux versions found in Egypt

US Treasury FinCEN linked $5.2 billion in BTC transactions to ransomware payments

Alexander Vinnik, the popular cyber criminal goes on trial in Paris

Law enforcement operation dismantled 911 S5 botnet

Breach Exposes Users of Microleaves Proxy Service

German authorities raid the offices of the FinFisher surveillance firm

Command injection flaw in PHP Composer allowed supply-chain attacks

Hunting the ICEFOG APT group after years of silence

Iran-linked APT group Charming Kitten targets journalists, political and human rights activists

Google obtained a temporary court order against CryptBot distributors

Glupteba botnet is back after Google disrupted it in December 2021

Patch Tuesday, November 2019 Edition

Stay Connected