2015, Hacking and Malware - Cyber Security Informer

Sendgrid Under Siege from Hacked Accounts

Krebs on Security

AUGUST 28, 2020

Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks. ”

Accountability

Accountability Hacking Authentication Marketing

Malware in Google Apps

Schneier on Security

MAY 5, 2020

Interesting story of malware hidden in Google Apps. Kaspersky went on to find tens of other, similar spyware apps dating back to 2015 that Google had already removed from its Play Store, but which were still visible in archived mirrors of the app repository. This particular campaign is tied to the government of Vietnam.

Malware

Malware Spyware Phishing Government

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware.

Malware

Malware Cybercrime Software Accountability

Email Provider VFEmail Suffers ‘Catastrophic’ Hack

Krebs on Security

FEBRUARY 12, 2019

I wrote about the company in 2015 after it suffered a debilitating distributed denial-of-service (DDoS) attack after Romero declined to pay a ransom demand from an online extortion group. There definitely was something that somebody didn’t want found. Or, I really pissed someone off. That’s always possible.”

Hacking

Hacking DDOS Backups Accountability

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

File encryption 2013 – 2015. Balaban This ransomware was doing the rounds over spam generated by the Gameover ZeuS botnet, which had been originally launched in 2011 as a toolkit for stealing victim’s banking credentials and was repurposed for malware propagation. RaaS rollout 2015 – 2018. Crypt0L0cker, and TorrentLocker.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Orcus RAT Author Charged in Malware Scheme

Krebs on Security

NOVEMBER 13, 2019

In July 2016, KrebsOnSecurity published a story identifying a Toronto man as the author of the Orcus RAT , a software product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. An advertisement for Orcus RAT. Several former customers of his took to Hackforums[.]net

Malware

Malware Advertising Marketing System Administration

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. The proxy lookup page inside the malware-based anonymity service Faceless. Image: spur.us. as a media sharing device on a local network that was somehow exposed to the Internet.

Malware

Malware Passwords Accountability Advertising

Carbanak malware returned in ransomware attacks

Security Affairs

DECEMBER 26, 2023

Researchers at NCC Group reported that in November they observed the return of the infamous banking malware Carbanak in ransomware attacks. The cybersecurity firm NCC Group reported that in November the banking malware Carbanak was observed in ransomware attacks. ” reads the report published by NCC Group.

Malware

Malware Ransomware Banking Healthcare

Actions Target Russian Govt. Botnet, Hydra Dark Market

Krebs on Security

APRIL 7, 2022

The DOJ said it did not seek to disinfect compromised devices; instead, it obtained court orders to remove the Cyclops Blink malware from its “command and control” servers — the hidden machines that allowed the attackers to orchestrate the activities of the botnet. energy facilities. ” HYDRA. ” HYDRA. .

Marketing

Marketing Energy and Utilities Malware Ransomware

GravityRAT malware also targets Android and macOS

Security Affairs

OCTOBER 19, 2020

Researchers from Kaspersky Lab have spotted new variants of the GravityRAT malware that now can be also used to infect Android and macOS devices. GravityRAT is a malware strain known for checking the CPU temperature of Windows computers to avoid being executed in sandboxes and virtual machines. SecurityAffairs – hacking, GravityRAT ).

Malware

Malware Computers and Electronics Spyware Advertising

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Krebs on Security

FEBRUARY 9, 2023

Initially a stealthy trojan horse program delivered via email and used to steal passwords, Trickbot evolved into “a highly modular malware suite that provides the Trickbot Group with the ability to conduct a variety of illegal cyber activities, including ransomware attacks,” the Treasury Department said. The Forbes.ru

Hacking

Hacking Cybercrime Ransomware Government

Understanding Malware-as-a-Service

SecureList

JUNE 15, 2023

Thus, it was inevitable that malware creators would one day begin not only to distribute malicious programs themselves, but also to sell them to less technically proficient attackers, thereby lowering the threshold for entering the cybercriminal community. A MaaS operator is typically a team consisting of several people with distinct roles.

Malware

Malware Ransomware Cybercrime Hacking

New MrbMiner malware infected thousands of MSSQL DBs

Security Affairs

SEPTEMBER 16, 2020

A threat actor is launching brute-force attacks on MSSQL servers in the attempt to access them to install a new crypto-mining malware dubbed MrbMiner. A group of hackers is launching brute-force attacks on MSSQL servers with the intent to compromise them and install crypto-mining malware dubbed MrbMiner. Mining process.”

Malware

Malware Advertising Cryptocurrency Accountability

Romanians arrested for running underground malware services

Security Affairs

NOVEMBER 22, 2020

Two Romanians arrested for running three malware services. Two Romanians have been arrested for running two malware crypter services called CyberSeal and DataProtector, and the CyberScan malware testing service. DataProtector was launched in 2015, while CyberScan was launched in 2019. Pierluigi Paganini.

Malware

Malware Antivirus Cybercrime Software

Is the Abaddon RAT the first malware using Discord as C&C?

Security Affairs

OCTOBER 25, 2020

Researchers from MalwareHunterTeam have spotted a new piece of remote access trojan (RAT) dubbed ‘Abaddon’ that is likely the first malware using the Discord platform as command and control. The Abaddon malware connects to the Discord command and control server to check for new commands to execute. "Abaddon"

Malware

Malware Advertising Ransomware Encryption

Russia-linked APT Turla used a new malware toolset named Crutch

Security Affairs

DECEMBER 2, 2020

Russian-linked cyberespionage group Turla employed a new malware toolset, named Crutch, in targeted attacks aimed at high-profile targets. The Crutch framework was employed in attacks since 2015 to siphon sensitive data and transfer them to Dropbox accounts controlled by the Russian hacking group. ” Pierluigi Paganini.

Malware

Malware Accountability Hacking Government

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

ESET researchers discovered a new piece of malware dubbed CDRThief targets a specific Voice over IP system to steal call data records (CDR). The VoIP platform Linknat VOS2009 and VOS3000 targeted by the malware is used by two China-produced softswitches (software switches). ” reads the analysis published by ESET.

Malware

Malware Encryption Advertising Passwords

Who’s Behind the RevCode WebMonitor RAT?

Krebs on Security

APRIL 22, 2019

The owner of a Swedish company behind a popular remote administration tool (RAT) implicated in thousands of malware attacks shares the same name as a Swedish man who pleaded guilty in 2015 to co-creating the Blackshades RAT , a similar product that was used to infect more than half a million computers with malware, KrebsOnSecurity has learned.

Advertising

Advertising Antivirus Software Malware

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

The Last Watchdog

FEBRUARY 3, 2020

Samide and other experts say what’s coming next is very likely to be a series of varied attacks as combatants on all sides leverage footholds gained from ongoing intelligence gathering and malware planting. It’s notable that hacks to gain access to, and maintain control of, industrial control systems are a recurring theme in cyber warfare.

Energy and Utilities

Energy and Utilities Malware Hacking Passwords

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware

Malware Hacking Government Telecommunications

Breach at Dickey’s BBQ Smokes 3M Cards

Krebs on Security

OCTOBER 15, 2020

Gemini says its data indicated some 156 Dickey’s locations across 30 states likely had payment systems compromised by card-stealing malware, with the highest exposure in California and Arizona. Gemini puts the exposure window between July 2019 and August 2020.

Data breaches

Data breaches Cybercrime Retail Banking

REvil ransomware gang hacked gaming firm Gaming Partners International

Security Affairs

OCTOBER 31, 2020

The REvil ransomware operators made the headlines again, this time the gang claims to have hacked the Gaming Partners International (GPI). “Absolutely all servers and working computers of the company are hacked and encrypted. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Hacking

Hacking Ransomware Advertising Encryption

SHARED INTEL: Malware-ridden counterfeit phones place consumers, companies in harm’s way

The Last Watchdog

AUGUST 20, 2019

And, increasingly, they come riddled with some of the most invasive types of malware. This is putting consumers and companies in harm’s way through yet another attack vector – one which gives professional hacking collectives another means to compromise online accounts and break into company networks.

Malware

Malware Mobile Manufacturing Marketing

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

Security Affairs

DECEMBER 12, 2023

The North Korea-linked APT group Lazarus is behind a new hacking campaign that exploits Log4j vulnerabilities to deploy previously undocumented remote access trojans (RATs). Cisco Talos researchers tracked the campaign as Operation Blacksmith, the nation-state actors are employing at least three new DLang -based malware families.

Malware

Malware Data collection Manufacturing Healthcare

Mexican Politician Removed Over Alleged Ties to Romanian ATM Skimmer Gang

Krebs on Security

FEBRUARY 19, 2021

The scandal is the latest fallout stemming from a three-part investigation into the organized crime group by KrebsOnSecurity in 2015. According to prosecution documents, Marcu and The Shark spotted my reporting shortly after it was published in 2015, and discussed what to do next on a messaging app: The Shark: Krebsonsecurity.com See this.

Banking

Banking Accountability Cybercrime Mobile

Alleged Activision hack, 500,000 Call Of Duty players impacted

Security Affairs

SEPTEMBER 21, 2020

Over 500,000 Activision accounts may have been hacked in a new data breach that the gaming firm suffered on September 20. “All Call of Duty players should be on notice after a major Activision hack has left millions of accounts in limbo.” SecurityAffairs – hacking, data breach). Pierluigi Paganini.

Hacking

Hacking Data breaches Accountability Passwords

Russian APT28 hacker accused of the NATO think tank hack in Germany

Security Affairs

JUNE 20, 2022

German investigators believe that Kozachek is a member of the Russia-linked APT28 group (aka Fancy Bear), which is the same group that hacked the German Bundestag in 2015. Kozachek hacked the computed of the NATO think tank in 2017 and installed a keylogger to spy on the organization. SecurityAffairs – hacking, APT28).

Hacking

Hacking Accountability Malware Cybersecurity

FBI arrested a Russian national for recruiting employee of US firm to plant malware

Security Affairs

AUGUST 26, 2020

after attempting to recruit an employee at a targeted company to plant a malware. US authorities arrested the Russian national Egor Igorevich Kriuchkov (27) after attempting to recruit an employee at a targeted company to plant a piece of malware. “He explained the malware attacks the systems in two ways.

Malware

Malware DDOS Advertising Hacking

Thousands of Canadian government accounts hacked, Treasury Board of Canada Secretariat say

Security Affairs

AUGUST 17, 2020

The Treasury Board of Canada Secretariat confirmed that thousands of user accounts for online Canadian government services were recently hacked. According to a press release issued by the Treasury Board of Canada Secretariat, thousands of user accounts for online government services were recently hacked. Pierluigi Paganini.

Government

Government Accountability Hacking Advertising

Steel sheet giant Hoa Sen Group hacked by Maze ransomware operators

Security Affairs

AUGUST 21, 2020

During the ordinary monitoring of Deepweb and Darkweb , researchers at Cyble came across the leak disclosure post published by the Maze ransomware operators that claim the hack of the Hoa Sen Group. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, Maze Ransomware Operators).

Ransomware

Ransomware Hacking Advertising Backups

QQAAZZ crime gang charged for laundering money stolen by malware gangs

Security Affairs

OCTOBER 18, 2020

Multiple members of QQAAZZ multinational cybercriminal gang were charged for providing money-laundering services to high-profile malware operations. According to law enforcement bodies, the gang provides services to multiple malware operations, including Dridex , GozNym , and Trickbot. Pierluigi Paganini.

Malware

Malware Banking Cryptocurrency Cybercrime

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Security Affairs

FEBRUARY 17, 2024

Ukrainian national Vyacheslav Igorevich Penchukov has pleaded guilty to his key roles in the Zeus and IcedID malware operations. Vyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected thousands of computers with malicious software. Since May 2019, Penchukov had a prominent role in the Zeus operation.

Malware

Malware Cybercrime Banking Hacking

Threat actor leaked data for U.S. gun exchange site on hacking forum

Security Affairs

AUGUST 13, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, gun exchange). gun exchange site on hacking forum appeared first on Security Affairs. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. The post Threat actor leaked data for U.S.

Hacking

Hacking Data breaches Cybercrime Passwords

Flaws in ‘Find My Mobile’ exposed Samsung phones to hack

Security Affairs

AUGUST 11, 2020

Below the speech made by the experts last week at DEF CON 28SM hacking virtual conference. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, Samsung Find My Mobile). Testing code that relies on the existence of files in public places should be eliminated.”.

Mobile

Mobile Hacking Advertising Cybersecurity

A look at the 2020–2022 ATM/PoS malware landscape

SecureList

OCTOBER 6, 2022

During the pandemic, lockdowns forced people to stay at home and do their shopping online, which was mirrored in point-of-sale (PoS) and ATM malware activity, as certain regions saw malicious transactions drop significantly. Perpetrators continue to spread already-existing, widely used malware to attack PoS terminals and ATMs.

Malware

Malware Banking Software Cybercrime

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

Experts pointed out that the malware is being actively developed. The malware can quickly adopt one-day vulnerabilities (within days of a published proof of concept).” SecurityAffairs – hacking, EnemyBot). The Enemybot botnet borrows the code from the Gafgyt bot and re-used some codes from the infamous Mirai botnet.

Malware

Malware DDOS IoT Cybercrime

Canada Charges Its “Most Prolific Cybercriminal”

Krebs on Security

DECEMBER 8, 2021

Darkode was taken down in 2015 as part of an FBI investigation sting operation , but screenshots of the community saved by this author show that DCReavers2 was already well known to the Darkode founders when his membership to the forum was accepted in May 2009. ” The U.S. federal prosecution against Skorjanc and McCormick is ongoing.

Cybercrime

Cybercrime Ransomware Accountability Advertising

A Google Drive weakness could allow attackers to serve malware

Security Affairs

AUGUST 23, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, Google Drive). The post A Google Drive weakness could allow attackers to serve malware appeared first on Security Affairs. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Malware

Malware Phishing Advertising Antivirus

North Korea-linked APT group BeagleBoyz targets banks

Security Affairs

AUGUST 29, 2020

The BeagleBoyz APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. “North Korea’s intelligence apparatus controls a hacking team dedicated to robbing banks through remote internet access. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Banking

Banking Malware Advertising Hacking

HP Device Manager flaws expose Windows systems to hack

Security Affairs

OCTOBER 4, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, HP). The post HP Device Manager flaws expose Windows systems to hack appeared first on Security Affairs. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Hacking

Hacking Accountability Passwords InfoSec

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

A China-linked threat actor used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea. Researchers from Kaspersky have spotted a UEFI malware that was involved in attacks on organizations with an interest in North Korea. SecurityAffairs – hacking, UEFI).

Firmware

Firmware Spyware Surveillance Hacking

Chinese Tropic Trooper APT spreads a hacking tool laced with a backdoor

Security Affairs

JUNE 23, 2022

China-linked APT group Tropic Trooper has been spotted previously undocumented malware written in Nim language. SecurityAffairs – hacking, Tropic Trooper). The post Chinese Tropic Trooper APT spreads a hacking tool laced with a backdoor appeared first on Security Affairs. Pierluigi Paganini.

Hacking

Hacking Wireless Encryption Passwords

Who’s Behind the GandCrab Ransomware?

Krebs on Security

JULY 8, 2019

But GandCrab far eclipsed the success of competing ransomware affiliate programs largely because its authors worked assiduously to update the malware so that it could evade antivirus and other security defenses. It remains unclear how many individuals were active in the core GandCrab malware development team. of GandCrab.

Ransomware

Ransomware Accountability Cybercrime Passwords

Threat actors hacked hundreds of servers by exploiting Zimbra CVE-2022-41352 bug

Security Affairs

OCTOBER 16, 2022

On receiving the e-mail, Zimbra submits it to Amavis for spam and malware inspection. It invokes cpio and CVE-2015-1197 is triggered. SecurityAffairs – hacking, Zimbra). The post Threat actors hacked hundreds of servers by exploiting Zimbra CVE-2022-41352 bug appeared first on Security Affairs. Pierluigi Paganini.

Hacking

Hacking Antivirus Telecommunications Engineering

Sendgrid Under Siege from Hacked Accounts

Malware in Google Apps

Trending Sources

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Email Provider VFEmail Suffers ‘Catastrophic’ Hack

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Orcus RAT Author Charged in Malware Scheme

Giving a Face to the Malware Proxy Service ‘Faceless’

Carbanak malware returned in ransomware attacks

Actions Target Russian Govt. Botnet, Hydra Dark Market

GravityRAT malware also targets Android and macOS

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Understanding Malware-as-a-Service

New MrbMiner malware infected thousands of MSSQL DBs

Romanians arrested for running underground malware services

Is the Abaddon RAT the first malware using Discord as C&C?

Russia-linked APT Turla used a new malware toolset named Crutch

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Who’s Behind the RevCode WebMonitor RAT?

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

Purple Lambert, a new malware of CIA-linked Lambert APT group

Breach at Dickey’s BBQ Smokes 3M Cards

REvil ransomware gang hacked gaming firm Gaming Partners International

SHARED INTEL: Malware-ridden counterfeit phones place consumers, companies in harm’s way

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

Mexican Politician Removed Over Alleged Ties to Romanian ATM Skimmer Gang

Alleged Activision hack, 500,000 Call Of Duty players impacted

Russian APT28 hacker accused of the NATO think tank hack in Germany

FBI arrested a Russian national for recruiting employee of US firm to plant malware

Thousands of Canadian government accounts hacked, Treasury Board of Canada Secretariat say

Steel sheet giant Hoa Sen Group hacked by Maze ransomware operators

QQAAZZ crime gang charged for laundering money stolen by malware gangs

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Threat actor leaked data for U.S. gun exchange site on hacking forum

Flaws in ‘Find My Mobile’ exposed Samsung phones to hack

A look at the 2020–2022 ATM/PoS malware landscape

EnemyBot malware adds new exploits to target CMS servers and Android devices

Canada Charges Its “Most Prolific Cybercriminal”

A Google Drive weakness could allow attackers to serve malware

North Korea-linked APT group BeagleBoyz targets banks

HP Device Manager flaws expose Windows systems to hack

Second-ever UEFI rootkit used in North Korea-themed attacks

Chinese Tropic Trooper APT spreads a hacking tool laced with a backdoor

Who’s Behind the GandCrab Ransomware?

Threat actors hacked hundreds of servers by exploiting Zimbra CVE-2022-41352 bug

Stay Connected