Information Security, Malware and Manufacturing

TIDRONE APT targets drone manufacturers in Taiwan

Security Affairs

SEPTEMBER 9, 2024

Trend Micro spotted an allegedly China-linked threat actor, tracked TIDRONE, targeting drone manufacturers in Taiwan. The group, which was previously undocumented, uses enterprise resource planning (ERP) software and remote desktops to deploy advanced malware, including CXCLNT and CLNTEND. ” concludes the report.

Manufacturing

Manufacturing Malware Antivirus Software

Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries

Security Affairs

SEPTEMBER 13, 2024

Researchers uncovered an Android malware, dubbed Vo1d, that has already infected nearly 1.3 Doctor Web researchers uncovered a malware, tracked as Vo1d , that infected nearly 1.3 Unfortunately, often manufacturers sell older OS versions as newer ones. million Android devices in 197 countries.

Malware

Malware Firmware Antivirus Manufacturing

IoT devices at major Manufacturers infected with crypto-miner

Security Affairs

FEBRUARY 8, 2020

Hackers have infected with a piece of malware some IoT devices running Windows 7 designed by three of the world’s largest manufacturers. Security experts from TrapX reported that some IoT devices running Windows 7 have been infected with a piece of malware, is it a supply chain attack? ” continues the report.

Manufacturing

Manufacturing IoT Malware Cryptocurrency

New ATM Malware family emerged in the threat landscape

Security Affairs

MAY 27, 2024

Experts warn of a new ATM malware family that is advertised in the cybercrime underground, it was developed to target Europe. A threat actor is advertising a new ATM malware family that claims to be able of compromised 99% of devices in Europe. “The malware is fully automated, simplifying its deployment and operation.”

Malware

Malware Banking Advertising Cybercrime

RansomEXX ransomware hit computer manufacturer and distributor GIGABYTE

Security Affairs

AUGUST 6, 2021

Taiwanese manufacturer and distributor of computer hardware GIGABYTE was a victim of the RansomEXX ransomware gang. RansomEXX ransomware gang hit the Taiwanese manufacturer and distributor of computer hardware GIGABYTE and claims to have stolen 112GB of data. All affected internal services have resumed operation. Pierluigi Paganini.

Manufacturing

Manufacturing Ransomware Information Security Security Defenses

Compal, the Taiwanese giant laptop manufacturer hit by ransomware

Security Affairs

NOVEMBER 9, 2020

The Taiwanese electronics manufacture Compal suffered a ransomware attack over the weekend, media blames the DoppelPaymer ransomware gang. It is the second-largest contract laptop manufacturer in the world behind Quanta Computer. Acer, Lenovo, Dell, Toshiba, Hewlett-Packard and Fujitsu. It also licenses brands of its clients.

Manufacturing

Manufacturing Computers and Electronics Ransomware Media

SHARED INTEL: From airbags to malware: vehicle cyber safety arises in the age of connected cars

The Last Watchdog

MAY 15, 2023

Funso Richard , Information Security Officer at Ensemble , highlighted the gravity of these threats. These include ransomware targeting backend servers, distributed denial of service (DDoS) attacks, destructive malware, and even weaponizing charging stations to deploy malware.

Malware

Malware Manufacturing IoT Software

LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC

Security Affairs

JULY 1, 2023

The LockBit ransomware gang claims to have hacked Taiwan Semiconductor Manufacturing Company (TSMC). The LockBit ransomware group this week claimed to have hacked the Taiwan Semiconductor Manufacturing Company ( TSMC ) and $70 million ransom. In August 2018, a malware infected systems at several Taiwan Semiconductor Manufacturing Co.

Manufacturing

Manufacturing Ransomware Hacking Security Awareness

BlackByte ransomware group hit Asahi Group Holdings, a precision metal manufacturing and metal solution provider

Security Affairs

OCTOBER 30, 2022

The BlackByte ransomware group claims to have compromised Asahi Group Holdings, a precision metal manufacturing and metal solution provider. The post BlackByte ransomware group hit Asahi Group Holdings, a precision metal manufacturing and metal solution provider appeared first on Security Affairs. Asahi Group Holdings, Ltd.

Manufacturing

Manufacturing Ransomware Hacking Data breaches

COVID-19 vaccine manufacturer suffers a data breach

Security Affairs

OCTOBER 26, 2020

Indian COVID-19 vaccine manufacturer Dr. Reddy’s Laboratories was hit with a cyber attack that forced it to shut down its plants in Brazil, India, Russia, the U.K., In response to the security breach, the COVID-19 vaccine manufacturer has isolated all data center services. “In and the U.S. Pierluigi Paganini.

Manufacturing

Manufacturing Data breaches Cyber Attacks Advertising

US agricultural machinery manufacturer AGCO suffered a ransomware attack

Security Affairs

MAY 8, 2022

The American agricultural machinery manufacturer AGCO announced that has suffered a ransomware attack that impacted its production facilities. AGCO, one of the most important agricultural machinery manufacturers, announced that a ransomware attack impacted some of its production facilities. To nominate, please visit:?

Manufacturing

Manufacturing Ransomware Hacking Risk

Airplane manufacturer Bombardier has disclosed a security breach, data leaked online

Security Affairs

FEBRUARY 24, 2021

Hackers posted data stolen from manufacturer of business jets Bombardier on Clop ransomware leak site following alleged FTA hack. Bombardier pointed out that manufacturing and customer support operations have not been impacted. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Manufacturing

Manufacturing Ransomware Cybercrime Hacking

New RedLine malware version distributed as fake Omicron stat counter

Security Affairs

JANUARY 12, 2022

Experts warn of a new variant of the RedLine malware that is distributed via emails as fake COVID-19 Omicron stat counter app as a lure. The malicious code can also act as a first-stage malware. SecurityAffairs – hacking, RedLine malware). This variant uses 207[.]32.217.89 as its C2 server through port 14588. 154.167.91

Malware

Malware Manufacturing Cryptocurrency Cybercrime

North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence

Security Affairs

OCTOBER 1, 2024

North Korea-linked APT Kimsuky has been linked to a cyberattack on Diehl Defence, a German manufacturer of advanced military systems. KG is a German weapon manufacturer headquartered in Überlingen. By clicking on a malicious PDF, victims would unknowingly download malware, allowing the hackers to spy on their systems.”

Manufacturing

Manufacturing Hacking Cyber Attacks Malware

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

Security Affairs

DECEMBER 12, 2023

Cisco Talos researchers tracked the campaign as Operation Blacksmith, the nation-state actors are employing at least three new DLang -based malware families. Two of these malware strains are remote access trojans (RATs), respectively tracked as NineRAT and “DLRAT” The former relies on Telegram bots and channels for C2 communications.

Malware

Malware Data collection Manufacturing Healthcare

TinyNuke banking malware targets French organizations

Security Affairs

DECEMBER 13, 2021

The TinyNuke malware is back and now was used in attacks aimed at French users working in manufacturing, technology, construction, and business services. Proofpoint researchers uncovered a campaign exclusively targeting French entities and organizations with operations in France with the banking malware TinyNuke.

Banking

Banking Malware Manufacturing Business Services

BlackCat Ransomware gang stole secret military data from an industrial explosives manufacturer

Security Affairs

JANUARY 26, 2023

The company is a globally recognised industrial explosives manufacturer, it provides complete blasting solutions, including packaged, bulk explosives and initiating systems to meet its customer needs across the globe. .” The BlackCat Ransomware gang added SOLAR INDUSTRIES INDIA to the list of victims published on its Tor leak site.

Manufacturing

Manufacturing Ransomware Engineering Hacking

Winnti Group was planning a devastating supply-chain attack against Asian manufacturer

Security Affairs

OCTOBER 14, 2019

Winnti Group is back with a new modular Win backdoor that was used to infect the servers of a high-profile Asian mobile hardware and software manufacturer. Researchers also discovered that the APT group used an updated version of its ShadowPad malware. The update to the ShadowPad malware shows they are still developing and using it.

Manufacturing

Manufacturing Mobile Malware Software

Experts link Raspberry Robin Malware to Evil Corp cybercrime gang

Security Affairs

SEPTEMBER 2, 2022

Researchers attribute the Raspberry Robin malware to the Russian cybercrime group known as Evil Corp group. IBM Security X-Force researchers discovered similarities between a component used in the Raspberry Robin malware and a Dridex malware loader, which was part of the malicious operations of the cybercrime gang Evil Corp.

Cybercrime

Cybercrime Malware Backups Manufacturing

Grandoreiro banking malware targets Mexico and Spain

Security Affairs

AUGUST 21, 2022

A new Grandoreiro banking malware campaign is targeting organizations in Mexico and Spain, Zscaler reported. Zscaler ThreatLabz researchers observed a Grandoreiro banking malware campaign targeting organizations in the Spanish-speaking nations of Mexico and Spain. ” reads the post published by Zscaler. Pierluigi Paganini.

Banking

Banking Malware Antivirus Phishing

Microsoft experts linked the Raspberry Robin malware to Evil Corp operation

Security Affairs

JULY 29, 2022

Microsoft linked the recently discovered Raspberry Robin Windows malware to the notorious Evil Corp operation. On July 26, 2022, Microsoft researchers discovered that the FakeUpdates malware was being distributed via Raspberry Robin malware. The malware uses TOR exit nodes as a backup C2 infrastructure.

Malware

Malware Backups Manufacturing Accountability

Joker malware infected 538,000 Huawei Android devices

Security Affairs

APRIL 11, 2021

More than 500,000 Huawei users have been infected with the Joker malware after downloading apps from the company’s official Android store. More than 500,000 Huawei users were infected with the Joker malware after they have downloaded tainted apps from the company’s official Android store. ” reads the post published by Dr. Web.

Malware

Malware Spyware Mobile Antivirus

TrickGate, a packer used by malware to evade detection since 2016

Security Affairs

JANUARY 31, 2023

TrickGate is a shellcode-based packer offered as a service to malware authors to avoid detection, CheckPoint researchers reported. TrickGate is a shellcode-based packer offered as a service, which is used at least since July 2016, to hide malware from defense programs. ” concludes the report.

Malware

Malware Antivirus Manufacturing Healthcare

xHelper, the Unkillable Android malware that re-Installs after factory reset

Security Affairs

APRIL 7, 2020

xHelper , a new strain of Android malware is able to re-install itself on infected devices even after victims delete it or force a factory reset. xHelper , a new strain of Android malware is able to re-install itself on infected devices even after victims delete it or force a factory reset. and Russia. ” continues the report.

Malware

Malware Firmware Manufacturing Advertising

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

“We found samples of the Raspberry Robin malware spreading in telecommunications and government office systems beginning September.” “The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake payload once it detects sandboxing and security analytics tools.”

Government

Government Malware Telecommunications Cybercrime

Microsoft spotted multiple malspam campaigns using malware-laced ISO and IMG files

Security Affairs

MAY 4, 2020

Microsoft warns of threat actors targeting organizations with malware-laced ISO and IMG files aimed at delivering a remote access trojan. Microsoft advanced machine learning threat detection models detected multiple malspam campaigns distributing malware-laced ISO. The ISO file contains a malicious SCR file, which is Remcos.”

Small Business

Small Business Malware Manufacturing Security Intelligence

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

US and UK cybersecurity agencies issued a joint advisory about the spread of QSnatch Data-Stealing Malware that already infected over 62,000 QNAP NAS devices. The malicious code specifically targets QNAP NAS devices manufactured by Taiwanese company QNAP, it already infected over 62,000 QNAP NAS devices.

Malware

Malware Firmware Advertising Manufacturing

Pre-Installed malware spotted on other Android phones sold in US

Security Affairs

JULY 9, 2020

Researchers from Malwarebytes have found yet another phone with pre-installed malware via the Lifeline Assistance program sold in the United States. Researchers at Malwarebytes have found malware pre-installed on smartphones sold in the United States, this is the second time as documented in a report published in January.

Malware

Malware Wireless Mobile Advertising

Texas oilfield supplier Newpark Resources suffered a ransomware attack

Security Affairs

NOVEMBER 8, 2024

. “The incident has caused disruptions and limitation of access to certain of the Company’s information systems and business applications supporting aspects of the Company’s operations and corporate functions, including financial and operating reporting systems.” The company will update disclosures if circumstances change.

Ransomware

Ransomware Manufacturing Malware Cybersecurity

Malware found pre-installed in cheap push-button mobile phones sold in Russia

Security Affairs

SEPTEMBER 6, 2021

Security researcher ValdikSS found malware preinstalled in four low-budget push-button mobile phones available for sale on Russian e-stores. A Russian security researcher that goes online with the name of ValdikSS has found malware preinstalled in four low-budget push-button mobile phones available for sale on Russian e-stores.

Mobile

Mobile Malware Firmware Manufacturing

How to implant a malware in hidden area of SSDs with Flex Capacity feature

Security Affairs

DECEMBER 31, 2021

Researchers devised a series of attacks against SSDs that could allow to implant malware in a location that is not monitored by security solutions. Korean researchers devised a series of attacks against solid-state drives (SSDs) that could allow to implant malware in specific memory locations bypassing security solutions.

Malware

Malware Firmware Manufacturing Media

Japanese tech firm Oomiya hit by LockBit 3.0. Multiple supply chains potentially impacted

Security Affairs

OCTOBER 17, 2022

Oomiya is focused on designing and manufacturing microelectronics and facility system equipment. The business of Omiya Kasei is divided into four major areas, manufacturing and designing chemical and industrial products, designing electronic materials, pharmaceutical development, and factory manufacturing.

Manufacturing

Manufacturing Ransomware Healthcare Marketing

QNAP urges users to update Malware Remover after QSnatch joint alert

Security Affairs

AUGUST 2, 2020

The Taiwanese vendor QNAP urges its users to update the Malware Remover app following the alert on the QSnatch malware. The Taiwanese company QNAP is urging its users to update the Malware Remover app to prevent NAS devices from being infected by the QSnatch malware. Webshell functionality for remote access.

Malware

Malware Advertising Passwords Manufacturing

Android mobile devices from top vendors in China have pre-installed malware

Security Affairs

FEBRUARY 9, 2023

Researchers reported that the top-of-the-line Android mobile devices sold in China are shipped with malware. Chinese manufacturers have yet to comment on the research. In China, phone numbers are registered under a citizen ID, which means that was possible to link the device to the real identity of the owners.

Mobile

Mobile Malware Surveillance Spyware

StrelaStealer targeted over 100 organizations across the EU and US

Security Affairs

MARCH 25, 2024

The threat actors sent out spam emails with attachments that eventually launched the StrelaStealer malware. The malware StrelaStealer is an email credential stealer that DCSO_CyTec first documented in November 2022. “StrelaStealer malware is an active email credential stealer that is always evolving.

Malware

Malware Encryption Manufacturing Phishing

North Korea-linked hackers target construction and machinery sectors with watering hole and supply chain attacks

Security Affairs

AUGUST 6, 2024

South Korea’s National Cyber Security Center (NCSC) reported that North Korea-linked hackers hijacked VPN software updates to deploy malware. In January 2024, the Kimsuky APT group was spotted distributing malware through the website of a construction industry association in South Korea. ” reads the advisory.

VPN

VPN Malware Software Hacking

Security Affairs newsletter Round 377

Security Affairs

AUGUST 7, 2022

Every week the best security articles from Security Affairs free for you in your email box. Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports Slack resets passwords for about 0.5% If you want to also receive for free the newsletter with the international press subscribe here.

Spyware

Spyware Manufacturing Small Business Surveillance

Trend Micro observed notable malware activity associated with the Momentum Botnet

Security Affairs

DECEMBER 18, 2019

Security experts recently found notable malware activity affecting devices running Linux that is associated with the Momentum Botnet. Malware researchers from Trend Micro recently observed notable malware activity affecting devices running Linux that is associated with the Momentum Botnet. ” concludes the analysis.

Malware

Malware DDOS Advertising DNS

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

“We found samples of the Raspberry Robin malware spreading in telecommunications and government office systems beginning September.” “The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake payload once it detects sandboxing and security analytics tools.”

Government

Government Malware Telecommunications Cybercrime

BianLian group exploits JetBrains TeamCity bugs in ransomware attacks

Security Affairs

MARCH 11, 2024

The BianLian ransomware emerged in August 2022, the malware was employed in attacks against organizations in various industries, including manufacturing, media and entertainment, and healthcare. GuidePoint Security analyzed the PowerShell script and noticed the use of the function ‘cookies’ with specific parameters.

Ransomware

Ransomware Malware Manufacturing Healthcare

SYS01 stealer targets critical government infrastructure

Security Affairs

MARCH 7, 2023

Researchers discovered a new info stealer dubbed SYS01 stealer targeting critical government infrastructure and manufacturing firms. The last stage malware is the PHP-based SYS01stealer malware which is able to steal browser cookies and abuse authenticated Facebook sessions to steal information from the victim’s Facebook account.

Government

Government Manufacturing Malware Social Engineering

North Korea-linked APT37 exploited IE zero-day in a recent attack

Security Affairs

OCTOBER 19, 2024

APT37 exploited this flaw to trick victims into downloading malware on their desktops with the toast ad program installed. The hackers targeted organizations in the chemicals, manufacturing, electronics, aerospace, healthcare, and automotive sectors. dll), allowing type confusion to occur.

Internet

Internet Internet Engineering Malware

Microsoft: Raspberry Robin worm already infected hundreds of networks

Security Affairs

JULY 3, 2022

Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The malware uses TOR exit nodes as a backup C2 infrastructure. SecurityAffairs – hacking, malware). Initial access is typically through infected removable drives, often USB devices.

Manufacturing

Manufacturing Malware Backups Technology

Evolving Email Threats and How to Protect Against Them

IT Security Guru

OCTOBER 24, 2024

Email security relies on timely, accurate information. Security solutions need information to detect and prevent threats, organizations need information to inform their security strategies, and users need information to identify, avoid, and report potential risks.

Energy and Utilities

Energy and Utilities Scams Manufacturing Malware

TIDRONE APT targets drone manufacturers in Taiwan

Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries

Trending Sources

IoT devices at major Manufacturers infected with crypto-miner

New ATM Malware family emerged in the threat landscape

RansomEXX ransomware hit computer manufacturer and distributor GIGABYTE

Compal, the Taiwanese giant laptop manufacturer hit by ransomware

SHARED INTEL: From airbags to malware: vehicle cyber safety arises in the age of connected cars

LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC

BlackByte ransomware group hit Asahi Group Holdings, a precision metal manufacturing and metal solution provider

COVID-19 vaccine manufacturer suffers a data breach

US agricultural machinery manufacturer AGCO suffered a ransomware attack

Airplane manufacturer Bombardier has disclosed a security breach, data leaked online

New RedLine malware version distributed as fake Omicron stat counter

North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

TinyNuke banking malware targets French organizations

BlackCat Ransomware gang stole secret military data from an industrial explosives manufacturer

Winnti Group was planning a devastating supply-chain attack against Asian manufacturer

Experts link Raspberry Robin Malware to Evil Corp cybercrime gang

Grandoreiro banking malware targets Mexico and Spain

Microsoft experts linked the Raspberry Robin malware to Evil Corp operation

Joker malware infected 538,000 Huawei Android devices

TrickGate, a packer used by malware to evade detection since 2016

xHelper, the Unkillable Android malware that re-Installs after factory reset

Raspberry Robin malware used in attacks against Telecom and Governments

Microsoft spotted multiple malspam campaigns using malware-laced ISO and IMG files

QSnatch malware infected over 62,000 QNAP NAS Devices

Pre-Installed malware spotted on other Android phones sold in US

Texas oilfield supplier Newpark Resources suffered a ransomware attack

Malware found pre-installed in cheap push-button mobile phones sold in Russia

How to implant a malware in hidden area of SSDs with Flex Capacity feature

Japanese tech firm Oomiya hit by LockBit 3.0. Multiple supply chains potentially impacted

QNAP urges users to update Malware Remover after QSnatch joint alert

Android mobile devices from top vendors in China have pre-installed malware

StrelaStealer targeted over 100 organizations across the EU and US

North Korea-linked hackers target construction and machinery sectors with watering hole and supply chain attacks

Security Affairs newsletter Round 377

Trend Micro observed notable malware activity associated with the Momentum Botnet

Raspberry Robin malware used in attacks against Telecom and Governments

BianLian group exploits JetBrains TeamCity bugs in ransomware attacks

SYS01 stealer targets critical government infrastructure

North Korea-linked APT37 exploited IE zero-day in a recent attack

Microsoft: Raspberry Robin worm already infected hundreds of networks

Evolving Email Threats and How to Protect Against Them

Stay Connected