Nov 18, 2023NewsroomCyber Attack / USB Worm Russian cyber espionage actors affiliated with the Federal Security Service (FSB) have been observed using a USB propagating worm called LitterDrifter in attacks targeting Ukrainian entities. Check Point, which detailed Gamaredon's (aka Aqua Blizzard, Iron Tilden, Primitive Bear, Shuckworm, and Winterflounder) latest tactics, … [Read more...] about Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks
Targeted
Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals
Sep 25, 2023THNCyber Attack / Phishing Ukrainian military entities are the target of a phishing campaign that leverages drone manuals as lures to deliver a Go-based open-source post-exploitation toolkit called Merlin. "Since drones or Unmanned Aerial Vehicles (UAVs) have been an integral tool used by the Ukrainian military, malware-laced lure files themed as UAVs service … [Read more...] about Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals
European Bank Customers Targeted in SpyNote Android Trojan Campaign
Aug 01, 2023THNMobile Security / Malware Various European customers of different banks are being targeted by an Android banking trojan called SpyNote as part of an aggressive campaign detected in June and July 2023. "The spyware is distributed through email phishing or smishing campaigns and the fraudulent activities are executed with a combination of remote access trojan … [Read more...] about European Bank Customers Targeted in SpyNote Android Trojan Campaign
Tick APT Targeted High-Value Customers of East Asian Data-Loss Prevention Company
Mar 15, 2023Ravie LakshmananCyber Attack / Data Safety A cyberespionage actor known as Tick has been attributed with high confidence to a compromise of an East Asian data-loss prevention (DLP) company that caters to government and military entities. "The attackers compromised the DLP company's internal update servers to deliver malware inside the software developer's network, … [Read more...] about Tick APT Targeted High-Value Customers of East Asian Data-Loss Prevention Company
Fortinet FortiOS Flaw Exploited in Targeted Cyberattacks on Government Entities
Mar 14, 2023Ravie LakshmananNetwork Security / Cyber Attack Government entities and large organizations have been targeted by an unknown threat actor by exploiting a security flaw in Fortinet FortiOS software to result in data loss and OS and file corruption. "The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or … [Read more...] about Fortinet FortiOS Flaw Exploited in Targeted Cyberattacks on Government Entities
Threat Actors Adopt Havoc Framework for Post-Exploitation in Targeted Attacks
Feb 22, 2023Ravie LakshmananExploitation Framework / Cyber Threat An open source command-and-control (C2) framework known as Havoc is being adopted by threat actors as an alternative to other well-known legitimate toolkits like Cobalt Strike, Sliver, and Brute Ratel. Cybersecurity firm Zscaler said it observed a new campaign in the beginning of January 2023 targeting an … [Read more...] about Threat Actors Adopt Havoc Framework for Post-Exploitation in Targeted Attacks
Massive Ad Fraud Scheme Targeted Over 11 Million Devices with 1,700 Spoofed Apps
Jan 23, 2023Ravie LakshmananMobile Security / Malvertising Researchers have shut down an "expansive" ad fraud scheme that spoofed more than 1,700 applications from 120 publishers and impacted roughly 11 million devices. "VASTFLUX was a malvertising attack that injected malicious JavaScript code into digital ad creatives, allowing the fraudsters to stack numerous invisible … [Read more...] about Massive Ad Fraud Scheme Targeted Over 11 Million Devices with 1,700 Spoofed Apps
Researchers Uncover 29 Malicious PyPI Packages Targeted Developers with W4SP Stealer
Cybersecurity researchers have uncovered 29 packages in Python Package Index (PyPI), the official third-party software repository for the Python programming language, that aim to infect developers' machines with a malware called W4SP Stealer. "The main attack seems to have started around October 12, 2022, slowly picking up steam to a concentrated effort around October 22," … [Read more...] about Researchers Uncover 29 Malicious PyPI Packages Targeted Developers with W4SP Stealer
New Linux Malware Framework Lets Attackers Install Rootkit on Targeted Systems
A never-before-seen Linux malware has been dubbed a "Swiss Army Knife" for its modular architecture and its capability to install rootkits. This previously undetected Linux threat, called Lightning Framework by Intezer, is equipped with a plethora of features, making it one of the most intricate frameworks developed for targeting Linux systems. "The framework has both passive … [Read more...] about New Linux Malware Framework Lets Attackers Install Rootkit on Targeted Systems
ZuoRAT Malware Hijacking Home-Office Routers to Spy on Targeted Networks
A never-before-seen remote access trojan dubbed ZuoRAT has been singling out small office/home office (SOHO) routers as part of a sophisticated campaign targeting North American and European networks. The malware "grants the actor the ability to pivot into the local network and gain access to additional systems on the LAN by hijacking network communications to maintain an … [Read more...] about ZuoRAT Malware Hijacking Home-Office Routers to Spy on Targeted Networks