Information Security, Malware and Security Intelligence

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Security Affairs

DECEMBER 26, 2024

In November 2024, the Akamai Security Intelligence Research Team (SIRT) observed increased activity targeting the URI /cgi-bin/cgi_main.cgi , linked to a Mirai-based malware campaign exploiting an unassigned RCE vulnerability in DVR devices, including DigiEver DS-2105 Pro. ” reads the analysis published by Akamai.

Manufacturing

Manufacturing Malware Firmware IoT

North Korea-linked APT Emerald Sleet is using a new tactic

Security Affairs

FEBRUARY 12, 2025

Recently, researchers from AhnLab Security Intelligence Center (ASEC) observed North Koreas Kimsuky APT group conducting spear-phishing attacks to deliver forceCopy info-stealer malware. When opened, they execute PowerShell or Mshta to download malware like PebbleDash and RDP Wrapper, to control the infected systems.

Phishing

Phishing Malware Security Intelligence Hacking

Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577

Security Affairs

MARCH 10, 2025

Cybersecurity and Infrastructure Security Agency (CISA) added the the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. reported Akamai.

DDOS

DDOS Security Intelligence Malware Hacking

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

Security Affairs

JULY 11, 2024

Multiple threat actors exploit a recently disclosed security PHP flaw CVE-2024-4577 to deliver multiple malware families. The botnet shell script downloads an ELF file named “pty3” from a different IP address, likely a sample of Muhstik malware. ” reported Akamai.

Malware

Malware DDOS Internet Internet

Microsoft spotted multiple malspam campaigns using malware-laced ISO and IMG files

Security Affairs

MAY 4, 2020

Microsoft warns of threat actors targeting organizations with malware-laced ISO and IMG files aimed at delivering a remote access trojan. Microsoft advanced machine learning threat detection models detected multiple malspam campaigns distributing malware-laced ISO. Pierluigi Paganini. SecurityAffairs – COVID-19, malspam).

Small Business

Small Business Malware Manufacturing Security Intelligence

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Security Affairs

FEBRUARY 2, 2020

In contrast, past Dudear email campaigns carried the malware as attachment or used malicious URLs. pic.twitter.com/mcRyEBUmQH — Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020. pic.twitter.com/1qnx3NmwiB — Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020.

Malware

Malware Security Intelligence Banking Phishing

Kimsuky APT group used custom RDP Wrapper version and forceCopy stealer

Security Affairs

FEBRUARY 8, 2025

Researchers spotted North Korea’s Kimsuky APT group launching spear-phishing attacks to deliver forceCopy info-stealer malware. Researchers from AhnLab Security Intelligence Center (ASEC) observed North Korea’s Kimsuky APT group conducting spear-phishing attacks to deliver forceCopy info-stealer malware.

Malware

Malware Phishing Security Intelligence Hacking

IT giants warn of ongoing Chromeloader malware campaigns

Security Affairs

SEPTEMBER 20, 2022

VMware and Microsoft are warning of a widespread Chromeloader malware campaign that distributes several malware families. The malware is able to redirect the user’s traffic and hijacking user search queries to popular search engines, including Google, Yahoo, and Bing. SecurityAffairs – hacking, malware).

Malware

Malware Adware Ransomware Security Intelligence

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware

Malware Hacking Government Telecommunications

STRRAT RAT spreads masquerading as ransomware

Security Affairs

MAY 20, 2021

Microsoft warns of a malware campaign that is spreading a RAT dubbed named STRRAT masquerading as ransomware. Microsoft Security Intelligence researchers uncovered a malware campaign that is spreading a remote access trojan (RAT) tracked as STRRAT. The latest version of the Java-based STRRAT malware (1.5)

Ransomware

Ransomware Malware Encryption Security Intelligence

European firm DSIRF behind the attacks with Subzero surveillance malware

Security Affairs

JULY 28, 2022

Microsoft linked a private-sector offensive actor (PSOA) to attacks using multiple zero-day exploits for its Subzero malware. Microsoft states that multiple news reports have linked the company to the Subzero malware toolset used to hack a broad range of devices, phones, computers, and network and internet-connected devices.

Surveillance

Surveillance Malware Authentication Accountability

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

— Microsoft Security Intelligence (@MsftSecIntel) October 6, 2020. — Microsoft Security Intelligence (@MsftSecIntel) October 6, 2020. Attacks showing up in commodity malware like those used by the threat actor CHIMBORAZO indicate broader exploitation in the near term.” states Microsoft.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Security Affairs

SEPTEMBER 24, 2020

New Zealand’s Computer Emergency Response Team (CERT) also published a security alert warning of spam campaigns spreading the Emotet threat. jp) email addresses that have been infected with the infamous malware and that can be employed in further spam campaigns. Today was only about a dozen replychain and nothing else.

Malware

Malware Passwords Advertising Ransomware

SEO poisoning campaign aims at delivering RAT, Microsoft warns

Security Affairs

JUNE 14, 2021

— Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021. The sites appear as a clone of Google Drive web pages used to serve the SolarMaker malware. pic.twitter.com/cBeTfteyGl — Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021. ” state Microsoft. Pierluigi Paganini.

Antivirus

Antivirus Security Intelligence Malware Insurance

Microsoft warns about ongoing PonyFinal ransomware attacks

Security Affairs

MAY 27, 2020

pic.twitter.com/Q3BMs7fSvx — Microsoft Security Intelligence (@MsftSecIntel) May 27, 2020. Learn how to build organizational security hygiene to prevent human-operated attacks: [link] — Microsoft Security Intelligence (@MsftSecIntel) May 27, 2020.

Ransomware

Ransomware Security Intelligence Encryption Advertising

Corona Mirai botnet spreads via AVTECH CCTV zero-day

Security Affairs

AUGUST 29, 2024

Akamai’s Security Intelligence and Response Team (SIRT) has detected a botnet campaign exploiting multiple previously known vulnerabilities and a newly discovered zero-day, tracked as CVE-2024-7029 (CVSS score: 8.7), in AVTECH CCTV cameras. ” continues the report.

Firmware

Firmware Malware Security Intelligence Authentication

Microsoft warns of attacks delivering FlawedAmmyy RAT directly in memory

Security Affairs

JUNE 24, 2019

pic.twitter.com/PQ2g7rvDQm — Microsoft Security Intelligence (@MsftSecIntel) June 21, 2019. — Microsoft Security Intelligence (@MsftSecIntel) June 21, 2019. The final payload is the remote access Trojan FlawedAmmyy,” reads a Tweet published by Microsoft Security Intelligence. Pierluigi Paganini.

Security Intelligence

Security Intelligence Advertising Malware Banking

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

In the middle-August, the malware was employed in fresh COVID19-themed spam campaign. Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information , resumes, financial documents, or scanned documents.

Government

Government Banking Advertising Malware

Threat actor has been targeting the aviation industry since at least 2018

Security Affairs

SEPTEMBER 18, 2021

The group is suspected to have been running successful malware campaigns for more than five years. The attackers have used off-the-shelf malware since the beginning of their operations and have never developed their own malware. — Microsoft Security Intelligence (@MsftSecIntel) May 11, 2021.

Malware

Malware Phishing DNS Cybercrime

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

Security Affairs

MAY 15, 2022

Microsoft Security Intelligence team Microsoft reported that a new variant of the Sysrv botnet, tracked as Sysrv-K, now includes exploits for vulnerabilities in the Spring Framework and WordPress. — Microsoft Security Intelligence (@MsftSecIntel) May 13, 2022.

Security Intelligence

Security Intelligence Malware Backups Architecture

Russia-linked Nobelium APT targets orgs in the global IT supply chain

Security Affairs

OCTOBER 25, 2021

The NOBELIUM APT ( APT29 , Cozy Bear , and The Dukes) is the threat actor that conducted supply chain attack against SolarWinds, which involved multiple families of implants, including the SUNBURST backdoor , TEARDROP malware , GoldMax malware , Sibot , and GoldFinder backdoors.

Telecommunications

Telecommunications Technology Hacking Malware

A long-running cryptomining campaign conducted by 8220 hackers now targets Linux servers

Security Affairs

JULY 1, 2022

Microsoft Security Intelligence experts are warning of a long-running campaign conducted by a cloud threat actor group, tracked as 8220, that is now targeting Linux servers to install crypto miners. “We observed notable updates to the long-running malware campaign targeting Linux systems by a group known as the 8220 gang.”

Security Intelligence

Security Intelligence Malware Hacking Information Security

Hackers are using Zerologon exploits in attacks in the wild

Security Affairs

SEPTEMBER 24, 2020

— Microsoft Security Intelligence (@MsftSecIntel) September 24, 2020. We strongly recommend customers to immediately apply security updates for CVE-2020-1472. We strongly recommend customers to immediately apply security updates for CVE-2020-1472.

Security Intelligence

Security Intelligence Authentication Advertising Passwords

Microsoft warns of attacks targeting MSSQL servers using the tool sqlps

Security Affairs

MAY 18, 2022

pic.twitter.com/Tro0NfMD0j — Microsoft Security Intelligence (@MsftSecIntel) May 17, 2022. pic.twitter.com/stXJMDMevc — Microsoft Security Intelligence (@MsftSecIntel) May 17, 2022. Then the attackers are able to perform other malicious actions, such as deploying malware.

Security Intelligence

Security Intelligence Hacking Accountability Malware

HTML Smuggling technique used in phishing and malspam campaigns

Security Affairs

NOVEMBER 12, 2021

— Microsoft Security Intelligence (@MsftSecIntel) July 23, 2021. HTML smuggling is a highly evasive technique for malware delivery that leverages legitimate HTML5 and JavaScript features. The malicious payloads are delivered via encoded strings in an HTML attachment or webpage.

Phishing

Phishing Banking Passwords Malware

Microsoft Defender can now protect servers against ProxyLogon attacks

Security Affairs

MARCH 21, 2021

. “Today, we have taken an additional step to further support our customers who are still vulnerable and have not yet implemented the complete security update. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. ” reads the announcement published by Microsoft.

Antivirus

Antivirus Small Business Security Intelligence Hacking

A new Astaroth Trojan Campaign uncovered by Microsoft

Security Affairs

JULY 9, 2019

Microsoft Defender ATP Research Team discovered a fileless malware campaign that was spreading the information stealing Astaroth Trojan. Experts at the Microsoft Defender ATP Research Team discovered a fileless malware campaign that is delivering the information stealing Astaroth Trojan.

Antivirus

Antivirus Malware Advertising Security Intelligence

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Security Affairs

DECEMBER 17, 2023

On December 6, The Akamai Security Intelligence Response Team (SIRT) published the first update to the InfectedSlurs advisory series. The security firm revealed that threat actors were exploiting a vulnerability, tracked as CVE-2023-49897 (CVSS score 8.0) and earlier. ” concludes the report.

Firmware

Firmware Wireless DDOS IoT

Microsoft warns of spam campaign exploiting CVE-2017-11882 flaw

Security Affairs

JUNE 10, 2019

Spam messages are carrying weaponized RTF documents that could infect users with malware without any user interaction, just opening the RTF documents. pic.twitter.com/Ac6dYG9vvw — Microsoft Security Intelligence (@MsftSecIntel) June 7, 2019. — Microsoft Security Intelligence (@MsftSecIntel) June 7, 2019.

Security Intelligence

Security Intelligence Advertising Malware Information Security

New InfectedSlurs Mirai-based botnet exploits two zero-days

Security Affairs

NOVEMBER 22, 2023

In October, Akamai’s Security Intelligence Response Team (SIRT) noticed an anomalous activity to the company’s honeypots targeting a rarely used TCP port. The InfectedSlurs is based on the JenX Mirai malware variant that in 2018 leveraged the Grand Theft Auto videogame community to infect devices.

DDOS

DDOS Wireless Security Intelligence Authentication

Microsoft partnered with other security firms to takedown TrickBot botnet

Security Affairs

OCTOBER 12, 2020

The security firms have collected more than 125,000 TrickBot malware samples and mapped the command and control infrastructure. The TrickBot botnet was considered by security experts one of the biggest botnets. Microsoft took action against the Trickbot botnet, disrupting one of the world’s most persistent malware operations.

Malware

Malware Banking Advertising Financial Services

Updated Kmsdx botnet targets IoT devices

Security Affairs

AUGUST 28, 2023

The Akamai Security Intelligence Response Team (SIRT) discovered a new version of the KmsdBot botnet that employed an updated Kmsdx binary targeting Internet of Things (IoT) devices. The malware was employed in cryptocurrency mining campaigns and to launch denial-of-service (DDoS) attacks.

IoT

IoT DDOS Architecture Internet

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Security Affairs

JANUARY 11, 2022

link] — Microsoft Security Intelligence (@MsftSecIntel) January 11, 2022. — Microsoft Security Intelligence (@MsftSecIntel) January 11, 2022. According to Microsoft the ransomware operators compromised the exposed systems to deploy the NightSky ransomware. trendmrcio[.]com, rogerscorp[.]org, sophosantivirus[.]ga,

Ransomware

Ransomware Hacking Internet Internet

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Security Affairs

DECEMBER 1, 2020

Learn how the group tried to stay under the radar using threats perceived to be less alarming: [link] — Microsoft Security Intelligence (@MsftSecIntel) November 30, 2020. New blog: The threat actor BISMUTH, which has been running increasingly complex targeted attacks, deployed coin miners in campaigns from July to August 2020.

Cryptocurrency

Cryptocurrency Antivirus Manufacturing Government

Researchers warn of a surge in cyber attacks against Microsoft Exchange

Security Affairs

MARCH 12, 2021

Microsoft researchers also spotted a ransomware gangs that is exploiting ProxyLogon flaws to spread a piece of malware tracked as DearCry. — Microsoft Security Intelligence (@MsftSecIntel) March 12, 2021. Microsoft protects against this threat known as Ransom:Win32/DoejoCrypt.A, and also as DearCry.

Cyber Attacks

Cyber Attacks Cybercrime Authentication Hacking

Iran-linked APT groups continue to evolve

Security Affairs

NOVEMBER 17, 2021

Over the past year, Microsoft Threat Intelligence Center (MSTIC) has observed an evolution of the tools, techniques, and procedures employed by Iranian nation-state actors. Learn more from this blog summarizing these trends, as presented at #CyberWarCon : [link] — Microsoft Security Intelligence (@MsftSecIntel) November 16, 2021.

VPN

VPN Accountability Social Engineering Media

New Echobot Botnet targets Oracle, VMware Apps and includes 26 Exploits

Security Affairs

JUNE 16, 2019

The popular expert Larry Cashdollar, from Akamai’s Security Intelligence Response Team (SIRT), spotted a new version of the Echobot botnet that counts 26 different exploits. ” Botnet operators continue to implement new methods to make their malware more aggressive and to infect the larger number of systems as possible. .”

IoT

IoT Advertising Malware Wireless

Australian Govt agency ACSC warns of Emotet and BlueKeep attacks

Security Affairs

NOVEMBER 11, 2019

“The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), with its state and territory partners, is continuing to respond to the widespread malware campaign known as Emotet while responding to reports that hackers are exploiting the BlueKeep vulnerability to mine cryptocurrency.” ” Noble added.

Small Business

Small Business Malware Cryptocurrency Advertising

RevengeRAT and AysncRAT target aerospace and travel sectors

SC Magazine

MAY 14, 2021

Microsoft Security Intelligence earlier this week tweeted out that it has been tracking a campaign of remote access trojans (RATs) targeting the aerospace and travel industries with spear-phishing emails that distribute an actively developed loader, which then delivers RevengeRAT or AysncRAT. Photo by Joe Raedle/Getty Images).

Phishing

Phishing Scams Security Awareness Security Intelligence

Microsoft blocked Polonium attacks against Israeli organizations

Security Affairs

JUNE 3, 2022

Threat actors were observed abusing OneDrive, for this reason, the IT giant has suspended more than 20 malicious OneDrive applications created by POLONIUM actors, notified affected organizations, and deployed a series of security intelligence updates that will quarantine malicious tools developed by the attackers.

Security Intelligence

Security Intelligence Hacking Antivirus Authentication

Coronavirus-themed attacks May 17 ? May 23, 2020

Security Affairs

MAY 24, 2020

Experts from the Microsoft Security Intelligence team provided some details on a new “massive campaign” using COVID-19 themed emails. Recent research shows that the oil industry — already experiencing difficulties due to COVID-19 — must remain abreast of threats to stay safe from hackers.

Advertising

Advertising Security Intelligence Hacking Information Security

Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine

Security Affairs

NOVEMBER 11, 2022

Get TTPs and protection info: [link] — Microsoft Security Intelligence (@MsftSecIntel) October 14, 2022. In April, Sandworm targeted energy facilities in Ukraine with a new strain of the Industroyer ICS malware (INDUSTROYER2) and a new version of the CaddyWiper wiper.

Ransomware

Ransomware Telecommunications DNS Hacking

Mysterious Prestige ransomware targets organizations in Ukraine and Poland

Security Affairs

OCTOBER 16, 2022

Get TTPs and protection info: [link] — Microsoft Security Intelligence (@MsftSecIntel) October 14, 2022. Microsoft has identified a new ransomware strain "Prestige" in limited targeted attacks in Ukraine and Poland. Several notable features differentiate this ransomware from other campaigns and payloads tracked by MSTIC.

Ransomware

Ransomware Encryption Backups Security Intelligence

The number of exploits in the Echobot botnet reached 59

Security Affairs

AUGUST 7, 2019

At the time of its discovery, operators added 8 new exploits, but a few weeks later the popular expert Larry Cashdollar from Akamai’s Security Intelligence Response Team (SIRT) discovered a variant that included a total of 26 exploits. SecurityAffairs – Echobot variant, malware). Nothing interesting so far. Pierluigi Paganini.

Wireless

Wireless IoT Advertising Surveillance

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

North Korea-linked APT Emerald Sleet is using a new tactic

Trending Sources

Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

Microsoft spotted multiple malspam campaigns using malware-laced ISO and IMG files

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Kimsuky APT group used custom RDP Wrapper version and forceCopy stealer

IT giants warn of ongoing Chromeloader malware campaigns

Purple Lambert, a new malware of CIA-linked Lambert APT group

STRRAT RAT spreads masquerading as ransomware

European firm DSIRF behind the attacks with Subzero surveillance malware

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

SEO poisoning campaign aims at delivering RAT, Microsoft warns

Microsoft warns about ongoing PonyFinal ransomware attacks

Corona Mirai botnet spreads via AVTECH CCTV zero-day

Microsoft warns of attacks delivering FlawedAmmyy RAT directly in memory

CISA alert warns of Emotet attacks on US govt entities

Threat actor has been targeting the aviation industry since at least 2018

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

Russia-linked Nobelium APT targets orgs in the global IT supply chain

A long-running cryptomining campaign conducted by 8220 hackers now targets Linux servers

Hackers are using Zerologon exploits in attacks in the wild

Microsoft warns of attacks targeting MSSQL servers using the tool sqlps

HTML Smuggling technique used in phishing and malspam campaigns

Microsoft Defender can now protect servers against ProxyLogon attacks

A new Astaroth Trojan Campaign uncovered by Microsoft

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Microsoft warns of spam campaign exploiting CVE-2017-11882 flaw

New InfectedSlurs Mirai-based botnet exploits two zero-days

Microsoft partnered with other security firms to takedown TrickBot botnet

Updated Kmsdx botnet targets IoT devices

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Researchers warn of a surge in cyber attacks against Microsoft Exchange

Iran-linked APT groups continue to evolve

New Echobot Botnet targets Oracle, VMware Apps and includes 26 Exploits

Australian Govt agency ACSC warns of Emotet and BlueKeep attacks

RevengeRAT and AysncRAT target aerospace and travel sectors

Microsoft blocked Polonium attacks against Israeli organizations

Coronavirus-themed attacks May 17 ? May 23, 2020

Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine

Mysterious Prestige ransomware targets organizations in Ukraine and Poland

The number of exploits in the Echobot botnet reached 59

Stay Connected