How was your Easter bank holiday? Did you use it well by, for instance, preventing a globally destructive cyber-attack? No? Try harder, then. Last weekend, a cautious, longstanding and very nearly successful attempt to insert a backdoor into a widely used piece of open-source software was thwarted, effectively by accident. Below is from Ars Technica.[1] Researchers have found a malicious backdoor in a compression tool that made its way into widely used Linux distributions, including those f
backdoor (6)
A Chinese cyber espionage group targeting organizations and individuals in China and Japan has remained under the radar for roughly five years, cybersecurity firm ESET https://www.eset.com reports. Researchers have tracked it as Blackwood and active since at least 2018, the Advanced Persistent Threat (APT) actor has been using Adversary-in-the-Middle (AitM) attacks to deploy a sophisticated implant via the update mechanisms of legitimate software such as Sogou Pinyin, Tencent QQ, and WPS Office
The Iranian threat actor Charming Kitten has been linked to a new wave of attacks targeting different entities in Brazil, Israel, and the UAE using a previously undocumented backdoor named Sponsor. Cybersecurity investigators are tracking the cluster under the name Ballistic Bobcat. Victimology patterns suggest that the group primarily singles out education, government, healthcare organizations, human rights activists, and journalists. At least 34 victims of Sponsor have been detected to date
The Lancefly advanced persistent threat (APT) group is using a custom-written backdoor in attacks targeting organizations in South and Southeast Asia, in activity that has been ongoing for several years. Lancefly may have some links to previously known groups, but these are low confidence, which led researchers at Symantec, by Broadcom Software, to classify this activity under a new group name.
Lancefly’s custom malware, which we have dubbed Merdoor, is a powerful backdoor that appears to have
Espionage comes in many forms, for advanced persistent threat (APT) “UNC3524” as dubbed by security company Mandiant, the objective is to collect emails dealing with corporate development, mergers & acquisitions, and corporate transactions. “UNC3524” was first discovered in December 2019 and has been tracked since then. The group’s corporate targets and interest in M&A plans point to financial motivation, however, the group’s ability to linger in a target environment while collecting emails, s
‘Hired Gun’ Hackers and the PowerPepper Backdoor
Kaspersky Labs announced a new find regarding a new backdoor loaded into Windows RAM, developed by Hackers for Hire (HfH). The backdoor is capable of remotely executing malicious code and stealing confidential information.
The malware is called PowerPepper and is linked to the DeathStalker (DS) cybercriminal group (previously called the Deceptikons). DS members of this group have been targeting law firms and financial institutions in Europe and
