The North Korea-linked threat actor known as Lazarus Group used its time-tested fabricated job lures to deliver a new Remote Access Trojan (RAT) called Kaolin RAT as part of attacks targeting specific individuals in the Asia region in summer 2023. The malware could, aside from standard RAT functionality, change the last write timestamp of a selected file and load any received DLL binary from [command-and-control] server. The RAT acts as a pathway to deliver the FudModule rootkit, which has be
All Articles (2241)
Sort by
A well-known Russian advanced persistent threat (APT) group has been using a custom tool to exploit a bug that been around for several years in the Windows Print Spooler service to elevate privileges and steal credentials in numerous intelligence-gathering attacks around the globe. It also appears to be paving the way for further attacks. Fancy Bear (aka APT28, Forest Blizzard, Pawn Storm, Sofacy Group, and Strontium) is linked to the Russian General Staff Main Intelligence Directorate. It has
The maritime transportation system, the lifeblood of global trade, is undergoing a digital revolution. Automation and artificial intelligence (AI) are transforming how ships operate and cargo moves. However, this increased reliance on technology creates a double-edged sword: while AI offers powerful tools for cybersecurity, it also presents new vulnerabilities to exploit. The growing threat of adversarial AI (AAI) in maritime cyber security and how the industry can navigate these challenging w
Many game makers allow users to alter a game's appearance or behavior to increase its enjoyment and replay value. Players can often also download packages created by others. However, this is also a chance for attackers to distribute their malware. The below report examines a batch stealer distributed via a crafted Minecraft source pack.
The zEus stealer malware has been added to a source pack shared on YouTube. The name—zEus—is from a previous variant of this malware. The variant (d9d394cc2a74
The US Federal Communications Commission (FCC) recently levied fines totaling nearly $200 million against the four major carriers, including AT&T, Sprint, T-Mobile, and Verizon, for illegally sharing access to customers’ location information without consent. The fines mark the culmination of a more than four-year investigation into the actions of the major carriers. In February 2020, the FCC notified all four wireless providers that their practices of sharing access to customer location data
LockbitSupp, the pseudonymous leader of the LockBit ransomware group, was identified as a Russian national called Dmitry Khoroshev on 7 May as the United States, United Kingdom and Australia imposed financial sanctions against him.
A 26-count indictment has been unsealed in the US charging Khoroshev, with developing and operating the LockBit ransomware service. He is accused of growing LockBit “into a massive criminal organization that has, at times, ranked as the most prolific and destructive
Last month, FortiGuard Labs observed a new botnet targeting a D-Link vulnerability from close to a decade ago, CVE-2015-2051. This vulnerability allows remote attackers to execute arbitrary commands via a GetDeviceSettings action on the HNAP interface. As a result, an attacker can create a crafted HTTP request with a malicious command embedded in the header.
FortiGuard’s IPS signature captured attempts to exploit the CVE-2015-2051 vulnerability to propagate a new botnet that we have named “Gold
The US Department of Justice (DOJ) on 24 April 2024 announced the arrest of two co-founders of a cryptocurrency mixer called Samourai. It seized the service for allegedly facilitating over $2 billion in illegal transactions and laundering more than $100 million in criminal proceeds. Keonne Rodriguez, 35, and William Lonergan Hill, 65, have been charged with conspiracy to commit money laundering and conspiracy to operate an unlicensed money-transmitting business from 2015 through February 2024.
DEV#POPPER is a social engineering campaign that has been tracked recently by the Securonix Threat Research team. Social engineering is a topic we have covered many times, but ultimately what it boils down to is that social engineering attacks are generally geared towards tricking victims into compromising themselves. With that in mind, the primary target for the DEV#POPPER campaign appears to be software developers who are looking for work.
Job interviews can be an effective cover for socia
A newly identified Android Trojan can steal user information and allow attackers to take control of infected devices. Named Brokewell, the trojan includes all the capabilities of mobile banking malware while also providing attackers with remote access to devices. Brokewell is being distributed via fake application updates, such as newer Chrome browser iterations and updates for an Austrian digital authentication application.
The malware overlays fake windows over the targeted mobile applications
Spanish police have arrested more than 100 people who stole €850,000 (more than $900,000 USD) through WhatsApp by pretending to be their victims’ family members in urgent need of help.
According to a statement by the Guardia Civil, one of Spain's police forces, the suspects, men and women aged between 20 and 60, were arrested from February to April in seven Spanish provinces. All were charged with fraud, money laundering, and being part of a criminal organization.
To trick their victims, the sc
A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments. Cisco Talos, which named the activity ArcaneDoor, attributed it as the handiwork of a previously undocumented sophisticated state-sponsored actor it tracks under the name UAT4356 (aka Storm-1849 by Microsoft). "UAT4356 deployed two backdoors as components of this campaign, 'Line Runner' and 'Line Dancer,' which were used collectiv
An elite team of Iranian state-sponsored hackers successfully infiltrated hundreds of thousands of employee accounts at US companies and government agencies, according to the Feds, as part of a multiyear cyber espionage campaign aimed at stealing military secrets.
The US Departments of Treasury and State are among those compromised in the elaborate campaign, which lasted from 2016 to 2021 according to a US Justice Department indictment unsealed this week. Various defense contractors with high-l
The Federal Bureau of Investigation (FBI), the U.S. Department of State, and the National Security Agency (NSA) are jointly issuing this advisory to highlight attempts by Democratic People’s Republic of Korea (DPRK, a.k.a. North Korea) Kimsuky cyber actors to exploit improperly configured DNS Domain-based Message Authentication, Reporting and Conformance (DMARC) record policies to conceal social engineering attempts. Without properly configured DMARC policies, malicious cyber actors are able to
Security teams are facing "the perfect storm" these days, with four seemingly major contributing factors at play:
- AI and generative AI
- Geopolitical dynamics
- Changing regulatory compliance requirements
- Continuing growth in ransomware.
They all lead to a very complex threat scenario that requires significant effort from cybersecurity professionals to protect their enterprises. At the heart of these next-gen cyber defenses lies the core concept of Identity, and unfortunately, what identity entai
European Police Chiefs said that the complementary partnership between law enforcement agencies and the technology industry is at risk due to End-to-End Encryption (E2EE). They called on the industry and governments to take urgent action to ensure public safety across social media platforms. "Privacy measures currently being rolled out, such as End-to-End Encryption, will stop tech companies from seeing any offending that occurs on their platforms," Europol said. "It will also stop law enforce
Cybersecurity is vital to the maritime industry, and yet vulnerabilities are increasingly being exploited by criminals. Below are two examples of recent cyberattacks against Gard, as well as our key recommendations to prevent losses.
Successful cyber-attacks can have serious consequences, such as operational disruptions, data leakage and financial losses. It is therefore important to raise awareness and improve security measures among maritime stakeholders, including crew members, operators, an
Russia, on 24 April 2024, vetoed a UN resolution sponsored by the United States and Japan calling on all nations to prevent a dangerous nuclear arms race in outer space, calling it “a dirty spectacle” that cherry-picks weapons of mass destruction from all other weapons that should also be banned. The vote in the 15-member Security Council was 13 in favor, Russia opposed it, and China abstained. The resolution would have called on all countries not to develop or deploy nuclear arms or other wea
KageNoHitobito ransomware samples became available in late March 2024. As with most ransomware, this ransomware encrypts files on victims' machines and demands a ransom to decrypt them through dropped ransom notes. Although the group uses TOR to communicate with its victims, a data leak site is unavailable as it does not claim to have stolen any victims' information.
Infection Vector/Victimology - Information on the infection vector used by the KageNoHitobito ransomware threat actor is unavaila
One of the most used Phishing-as-a-Service (PhaaS) platforms, LabHost, has been closed by an international group of law enforcement authorities coordinated by Europol. London's Metropolitan Police have been working with Europol on an operation to infiltrate and close down a website used by more than 2,000 criminals to defraud victims worldwide in their latest joint operation to tackle large-scale online fraud. Now, 37 suspects have been arrested as part of the international operation led by Eu
