2017, Hacking and Malware - Cyber Security Informer

This Service Helps Malware Authors Fix Flaws in their Code

Krebs on Security

MAY 18, 2020

Almost daily now there is news about flaws in commercial software that lead to computers getting hacked and seeded with malware. Here’s a look at one long-lived malware vulnerability testing service that is used and run by some of the Dark Web’s top cybercriminals. is cybercrime forum.

Malware

Malware Cybercrime Ransomware Marketing

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking

Hacking Social Engineering Phishing Scams

Email Provider VFEmail Suffers ‘Catastrophic’ Hack

Krebs on Security

FEBRUARY 12, 2019

Another series of DDoS attacks in 2017 forced VFEmail to find a new hosting provider. I wrote about the company in 2015 after it suffered a debilitating distributed denial-of-service (DDoS) attack after Romero declined to pay a ransom demand from an online extortion group. based ISP Staminus come to mind).

Hacking

Hacking DDOS Backups Accountability

‘Russian’ Wiper Malware: ‘Prelude to war’ in Ukraine

Security Boulevard

JANUARY 17, 2022

Ukraine is again under malware attack. And the tactics look strikingly similar to 2017’s NotPetya hack by the Russian GRU. The post ‘Russian’ Wiper Malware: ‘Prelude to war’ in Ukraine appeared first on Security Boulevard.

Malware

Malware Hacking Social Engineering Engineering

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

The Last Watchdog

MARCH 4, 2019

Related: We’re in the midst of ‘cyber Pearl Harbor’ Peel back the layers of just about any sophisticated, multi-staged network breach and you’ll invariably find memory hacking at the core. That’s Gartner’s estimate of global spending on cybersecurity in 2017 and 2018. Fast forward to 2017. Branching attacks.

Hacking

Hacking Energy and Utilities System Administration Accountability

Actions Target Russian Govt. Botnet, Hydra Dark Market

Krebs on Security

APRIL 7, 2022

The DOJ said it did not seek to disinfect compromised devices; instead, it obtained court orders to remove the Cyclops Blink malware from its “command and control” servers — the hidden machines that allowed the attackers to orchestrate the activities of the botnet. energy facilities. ” HYDRA. ” HYDRA. .

Marketing

Marketing Energy and Utilities Malware Ransomware

Russia-linked APT Turla used a new malware toolset named Crutch

Security Affairs

DECEMBER 2, 2020

Russian-linked cyberespionage group Turla employed a new malware toolset, named Crutch, in targeted attacks aimed at high-profile targets. The Crutch framework was employed in attacks since 2015 to siphon sensitive data and transfer them to Dropbox accounts controlled by the Russian hacking group. SecurityAffairs – hacking, Crutch).

Malware

Malware Accountability Hacking Government

AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

Security Affairs

JUNE 19, 2020

New AcidBox Malware employed in targeted attacks leverages an exploit previously associated with the Russian-linked Turla APT group. Palo Alto Networks researchers analyzed a new malware, dubbed AcidBox, that was employed in targeted attacks and that leverages an exploit previously associated with the Russian-linked Turla APT group.

Malware

Malware InfoSec Advertising Hacking

StripedFly, a complex malware that infected one million devices without being noticed

Security Affairs

OCTOBER 30, 2023

A sophisticated malware tracked as StripedFly remained undetected for five years and infected approximately one million devices. Researchers from Kaspersky discovered a sophisticated malware, dubbed StripedFly, that remained under the radar for five years masquerading as a cryptocurrency miner. “What was the real purpose?

Malware

Malware Cryptocurrency Ransomware Hacking

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Krebs on Security

FEBRUARY 9, 2023

Initially a stealthy trojan horse program delivered via email and used to steal passwords, Trickbot evolved into “a highly modular malware suite that provides the Trickbot Group with the ability to conduct a variety of illegal cyber activities, including ransomware attacks,” the Treasury Department said. The Forbes.ru

Hacking

Hacking Cybercrime Ransomware Government

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Balaban This ransomware was doing the rounds over spam generated by the Gameover ZeuS botnet, which had been originally launched in 2011 as a toolkit for stealing victim’s banking credentials and was repurposed for malware propagation. These included PClock, CryptoLocker 2.0, Crypt0L0cker, and TorrentLocker.

Ransomware

Ransomware Hacking Encryption Penetration Testing

TA547 targets German organizations with Rhadamanthys malware

Security Affairs

APRIL 12, 2024

Proofpoint researchers observed a threat actor, tracked as TA547, targeting German organizations with an email campaign delivering the Rhadamanthys malware. The security firm pointed out that this is the first TA547 group to use this malware family. The experts also discovered the attempts of using LLM in malware campaigns.

Malware

Malware Social Engineering Retail Engineering

PurpleFox malware infected at least 2,000 computers in Ukraine

Security Affairs

FEBRUARY 2, 2024

The Computer Emergency Response Team in Ukraine (CERT-UA) reported that a PurpleFox malware campaign had already infected at least 2,000 computers in the country. Experts defined DirtyMoe as a complex malware that has been designed as a modular system. ” reads the alert published by CERT-UA.

Malware

Malware Internet Internet DDOS

Russian APT28 hacker accused of the NATO think tank hack in Germany

Security Affairs

JUNE 20, 2022

The attack took place in April 2017 and the man is accused of conducting the attack for the Russian military intelligence service GRU. German investigators believe that Kozachek is a member of the Russia-linked APT28 group (aka Fancy Bear), which is the same group that hacked the German Bundestag in 2015. ” continues the post.

Hacking

Hacking Accountability Malware Cybersecurity

The source code of the Paradise Ransomware was leaked on XSS hacking forum

Security Affairs

JUNE 15, 2021

The source code for the Paradise Ransomware has been released on a hacking forum allowing threat actors to develop their customized variant. The source code for the Paradise Ransomware has been released on the hacking forum XSS allowing threat actors to develop their own customized ransomware operation. Pierluigi Paganini.

Ransomware

Ransomware Hacking Encryption Malware

Microsoft warns of dreaded data wiping malware campaign

CyberSecurity Insiders

JANUARY 17, 2022

Microsoft has issued an official warning to all IT and not-for-profit organizations, along with some critical government organizations across Ukraine, that their digital infrastructure could be targeted by a dreaded data wiping malware campaign.

Malware

Malware Government Technology Authentication

Phishing attacks use an old Microsoft Office flaw to spread Agent Tesla malware

Security Affairs

DECEMBER 21, 2023

Threat actors are exploiting an old Microsoft Office vulnerability, tracked as CVE-2017-11882, to spread the Agent Tesla malware. Threat actors are exploiting an old Microsoft Office vulnerability, tracked as CVE-2017-11882 (CVSS score: 7.8), as part of phishing campaigns to spread the Agent Tesla malware.

Malware

Malware Phishing Spyware Cyber threats

Alleged FruitFly malware creator ruled incompetent to stand trial

Malwarebytes

JANUARY 16, 2024

On January 4, 2017, Case Western Reserve University (CWRU), located in Cleveland, Ohio, became aware of an infection on more than 100 of its computers. The university was notified by an undisclosed third party, who provided information to help the team find and identify the malware. Who is Phillip Durachinsky?

Malware

Malware Passwords Identity Theft Data collection

French Firms Rocked by Kasbah Hacker?

Krebs on Security

MARCH 2, 2020

A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned. ‘FATAL’ ERROR.

DNS

DNS Penetration Testing Malware Hacking

DarkGate malware campaign abuses Skype and Teams

Security Affairs

OCTOBER 16, 2023

Researchers uncovered an ongoing campaign abusing popular messaging platforms Skype and Teams to distribute the DarkGate malware. The threat actors abused popular messaging platforms such as Skype and Teams to deliver a script used as a loader for a second-stage payload, which was an AutoIT script containing the DarkGate malware.

Malware

Malware Cryptocurrency Accountability Cybercrime

Lemon_Duck cryptomining malware evolves to target Linux devices

Security Affairs

AUGUST 28, 2020

A new variant of the infamous Lemon_Duck cryptomining malware has been updated to targets Linux devices. Security researchers from Sophos have spotted a new variant of the Lemon_Duck cryptomining malware that has been updated to compromise Linux machines via SSH brute force attacks. SecurityAffairs – hacking, Lemon_Duck).

Malware

Malware Authentication Passwords Internet

GravityRAT malware also targets Android and macOS

Security Affairs

OCTOBER 19, 2020

Researchers from Kaspersky Lab have spotted new variants of the GravityRAT malware that now can be also used to infect Android and macOS devices. GravityRAT is a malware strain known for checking the CPU temperature of Windows computers to avoid being executed in sandboxes and virtual machines. SecurityAffairs – hacking, GravityRAT ).

Malware

Malware Computers and Electronics Spyware Advertising

China-linked BlackTech APT uses new Flagpro malware in recent attacks

Security Affairs

DECEMBER 29, 2021

China-linked BlackTech cyberespionage group was targeting Japanese companies using new malware tracked as ‘Flagpro’. Researchers from NTT Security reported that China-linked BlackTech cyberespionage group targeted Japanese companies using new malware tracked as ‘Flagpro’. “It means that they are actively developing new malwares.

Malware

Malware Phishing Passwords Media

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

The Last Watchdog

FEBRUARY 3, 2020

Samide and other experts say what’s coming next is very likely to be a series of varied attacks as combatants on all sides leverage footholds gained from ongoing intelligence gathering and malware planting. It’s notable that hacks to gain access to, and maintain control of, industrial control systems are a recurring theme in cyber warfare.

Energy and Utilities

Energy and Utilities Malware Hacking Passwords

TinyNuke banking malware targets French organizations

Security Affairs

DECEMBER 13, 2021

The TinyNuke malware is back and now was used in attacks aimed at French users working in manufacturing, technology, construction, and business services. Proofpoint researchers uncovered a campaign exclusively targeting French entities and organizations with operations in France with the banking malware TinyNuke. Pierluigi Paganini.

Banking

Banking Malware Manufacturing Business Services

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

US and UK cybersecurity agencies issued a joint advisory about the spread of QSnatch Data-Stealing Malware that already infected over 62,000 QNAP NAS devices. The QSnatch malware implements multiple functionalities, such as: . The experts were alerted about the malware in October and immediately launched an investigation.

Malware

Malware Firmware Advertising Manufacturing

New NKAbuse malware abuses NKN decentralized P2P network protocol

Security Affairs

DECEMBER 15, 2023

Experts uncovered a new Go-based multi-platform malware, tracked as NKAbuse, which is the first malware abusing NKN technology. Researchers from Kaspersky’s Global Emergency Response Team ( GERT ) and GReAT uncovered a new multiplatform malware dubbed NKAbuse. ” reads the report published by Kaspersky.

Malware

Malware Architecture Technology DDOS

FoxBlade malware targeted Ukrainian networks hours before Russia’s invasion

Security Affairs

FEBRUARY 28, 2022

Microsoft revealed that Ukrainian entities were targeted with a previous undetected malware, dubbed FoxBlade, several hours before the invasion. Microsoft pointed out that its experts have written signatures to detect the malware within three hours of this discovery. SecurityAffairs – hacking, FoxBlade). Pierluigi Paganini.

Malware

Malware DDOS Government Technology

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware

Malware Hacking Government Telecommunications

Microsoft fixed two zero-day bugs exploited in malware attacks

Security Affairs

APRIL 11, 2024

Microsoft addressed two zero-day vulnerabilities (CVE-2024-29988 and CVE-2024-26234) actively exploited by threat actors to deliver malware Microsoft addressed two zero-day vulnerabilities, tracked as CVE-2024-29988 and CVE-2024-26234, that threat actors are exploiting to deliver malware.

Malware

Malware DNS Software Mobile

Details of the Cloud Hopper Attacks

Schneier on Security

JULY 10, 2019

The hacking campaign, known as "Cloud Hopper," was the subject of a U.S. HPE spun-off its services arm in a merger with Computer Sciences Corporation in 2017 to create DXC. Waves of hacking victims emanate from those six plus HPE and IBM: their clients. It was much bigger than originally reported.

Identity Theft

Identity Theft Mobile Hacking Technology

Crooks abuse website contact forms to deliver IcedID malware

Security Affairs

APRIL 10, 2021

Microsoft researchers spotted a malware campaign abusing contact forms on legitimate websites to deliver the IcedID malware. Security experts from Microsoft have uncovered a malware campaign abusing contact forms on legitimate websites to deliver the IcedID malware. SecurityAffairs – hacking, IcedID malware).

Malware

Malware Banking Marketing Authentication

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Security Affairs

SEPTEMBER 29, 2022

A new multifunctional Go-based malware dubbed Chaos is targeting both Windows and Linux systems, experts warn. Researchers from Black Lotus Labs at Lumen Technologies, recently uncovered a multifunctional Go-based malware that was developed to target devices based on multiple architectures, including Windows and Linux.

Malware

Malware DDOS Architecture Financial Services

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

Experts pointed out that the malware is being actively developed. The malware can quickly adopt one-day vulnerabilities (within days of a published proof of concept).” SecurityAffairs – hacking, EnemyBot). The Enemybot botnet borrows the code from the Gafgyt bot and re-used some codes from the infamous Mirai botnet.

Malware

Malware DDOS IoT Cybercrime

Cyberium malware-hosting domain employed in multiple Mirai variants campaigns

Security Affairs

JUNE 15, 2021

The botnet was linked to a new malware hosting domain that has been serving Mirai variants for several different botnets over the past year. This payload contains the logic to change the execution path to a temporary location, wget a file from a malware hosting page, provide execution permissions, and execute it.”

Malware

Malware Internet Internet DDOS

A look at the 2020–2022 ATM/PoS malware landscape

SecureList

OCTOBER 6, 2022

During the pandemic, lockdowns forced people to stay at home and do their shopping online, which was mirrored in point-of-sale (PoS) and ATM malware activity, as certain regions saw malicious transactions drop significantly. Perpetrators continue to spread already-existing, widely used malware to attack PoS terminals and ATMs.

Malware

Malware Banking Software Cybercrime

IcedID Malware Adapts and Expands Threat with Updated BackConnect Module

The Hacker News

JULY 28, 2023

The threat actors linked to the malware loader known as IcedID have made updates to the BackConnect (BC) module that's used for post-compromise activity on hacked systems, new findings from Team Cymru reveal.

Malware

Malware Banking Hacking

US and UK link new Cyclops Blink malware to Russian state hackers?

Security Affairs

FEBRUARY 23, 2022

UK and US cybersecurity agencies linked Cyclops Blink malware to Russia’s Sandworm APT. US and UK cybersecurity and law enforcement agencies published a joint security advisory about a new malware, dubbed Cyclops Blink, that has been linked to the Russian-backed Sandworm APT group. SecurityAffairs – hacking, CISA).

Malware

Malware Firmware Architecture Firewall

UK Ad Campaign Seeks to Deter Cybercrime

Krebs on Security

MAY 28, 2020

The ad campaign follows a similar initiative launched in late 2017 that academics say measurably dampened demand for such services by explaining that their use to harm others is illegal and can land potential customers in jail. For example, search in Google for the terms “booter” or “stresser” from a U.K.

Cybercrime

Cybercrime DDOS Advertising Hacking

Courts Hand Down Hard Jail Time for DDoS

Krebs on Security

JANUARY 14, 2019

Also last week, a 30-year-old in the United Kingdom was sentenced to 32 months in jail for using an army of hacked devices to crash large portions of Liberia’s Internet access in 2016. Daniel Kaye. Photo: National Crime Agency. Daniel Kaye , an Israel-U.K. Daniel Kaye , an Israel-U.K. to face charges there.

DDOS

DDOS Internet Internet Spyware

A new fileless variant of Remcos RAT observed in the wild

Security Affairs

NOVEMBER 11, 2024

Fortinet researchers discovered a new phishing campaign spreading a variant of the commercial malware Remcos RAT. Upon opening the file, the RCE vulnerability CVE-2017-0199 is exploited. Once the CVE-2017-0199 is exploited, it downloads an HTA file and executes it on the recipient’s device.

Phishing

Phishing Malware Banking Encryption

ShadowPad malware on Industrial Control Systems of Asia

CyberSecurity Insiders

JUNE 28, 2022

The anti-malware firm is linking the attackers to a Chinese group of Threat Actors and confirmed that the threat actors have interests in targeting SMBs from Asian countries as often such companies do not have enough resources to tackle such attacks.

Malware

Malware Telecommunications Surveillance Cyber threats

CIA elite hacking unit was not able to protect its tools and cyber weapons

Security Affairs

JUNE 17, 2020

A CIA elite hacking unit that developed cyber-weapons failed in protecting its operations, states an internal report on the Vault 7 data leak. In March, Joshua Schulte , a former CIA software engineer that was accused of stealing the agency’s hacking tools and leaking them to WikiLeaks, was convicted of only minor charges.

Hacking

Hacking Engineering Data breaches Advertising

Experts Warn of Hacking Group Targeting Aviation and Defense Sectors

The Hacker News

FEBRUARY 15, 2022

Entities in the aviation, aerospace, transportation, manufacturing, and defense industries have been targeted by a persistent threat group since at least 2017 as part of a string of spear-phishing campaigns mounted to deliver a variety of remote access trojans (RATs) on compromised systems.

Manufacturing

Manufacturing Hacking Phishing Malware

This Service Helps Malware Authors Fix Flaws in their Code

When Low-Tech Hacks Cause High-Impact Breaches

Trending Sources

Email Provider VFEmail Suffers ‘Catastrophic’ Hack

‘Russian’ Wiper Malware: ‘Prelude to war’ in Ukraine

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

Actions Target Russian Govt. Botnet, Hydra Dark Market

Russia-linked APT Turla used a new malware toolset named Crutch

AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

StripedFly, a complex malware that infected one million devices without being noticed

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

TA547 targets German organizations with Rhadamanthys malware

PurpleFox malware infected at least 2,000 computers in Ukraine

Russian APT28 hacker accused of the NATO think tank hack in Germany

The source code of the Paradise Ransomware was leaked on XSS hacking forum

Microsoft warns of dreaded data wiping malware campaign

Phishing attacks use an old Microsoft Office flaw to spread Agent Tesla malware

Alleged FruitFly malware creator ruled incompetent to stand trial

French Firms Rocked by Kasbah Hacker?

DarkGate malware campaign abuses Skype and Teams

Lemon_Duck cryptomining malware evolves to target Linux devices

GravityRAT malware also targets Android and macOS

China-linked BlackTech APT uses new Flagpro malware in recent attacks

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

TinyNuke banking malware targets French organizations

QSnatch malware infected over 62,000 QNAP NAS Devices

New NKAbuse malware abuses NKN decentralized P2P network protocol

FoxBlade malware targeted Ukrainian networks hours before Russia’s invasion

Purple Lambert, a new malware of CIA-linked Lambert APT group

Microsoft fixed two zero-day bugs exploited in malware attacks

Details of the Cloud Hopper Attacks

Crooks abuse website contact forms to deliver IcedID malware

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

EnemyBot malware adds new exploits to target CMS servers and Android devices

Cyberium malware-hosting domain employed in multiple Mirai variants campaigns

A look at the 2020–2022 ATM/PoS malware landscape

IcedID Malware Adapts and Expands Threat with Updated BackConnect Module

US and UK link new Cyclops Blink malware to Russian state hackers?

UK Ad Campaign Seeks to Deter Cybercrime

Courts Hand Down Hard Jail Time for DDoS

A new fileless variant of Remcos RAT observed in the wild

ShadowPad malware on Industrial Control Systems of Asia

CIA elite hacking unit was not able to protect its tools and cyber weapons

Experts Warn of Hacking Group Targeting Aviation and Defense Sectors

Stay Connected