Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware. WHO IS MEGATRAFFER?

Malware 301

Malware Cybercrime Software Accountability 301

SecureList

NOVEMBER 1, 2022

We can confirm a Maui ransomware incident in 2022, but we would expand their “first seen” date from the reported May 2021 to April 15, 2021, and the geolocation of the target to Japan and India. At the beginning of 2021, Kaspersky published a private report about the A41APT campaign. Chinese-speaking activity.

Malware 145

Malware Ransomware Spyware Encryption 145

Security Affairs

FEBRUARY 28, 2022

Researchers shared technical details of NSA Equation Group’s Bvp47 backdoor Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp? worth of NFTs from tens of OpenSea users Trickbot operation is now controlled by Conti ransomware.

Ransomware 52

Ransomware Malware Encryption Phishing 52

Security Boulevard

AUGUST 6, 2024

They can simply update the DNS records to point to a new IP address, ensuring continuous communication with their malware. Using HYAS Insight threat intelligence , the HYAS team was able to analyze some dynamic DNS registrations from Q1 and Q2 of 2024 that originated in Turkey.

DNS 69

DNS Malware Social Engineering Engineering 69