A formerly unknown Chinese-speaking threat actor has been linked to a long-standing evasive operation aimed at South East Asian targets as far back as July 2020 to deploy a kernel-mode rootkit on compromised Windows systems. Attacks mounted by the hacking group, dubbed GhostEmperor by Kaspersky, are also said to have used a "sophisticated multi-stage malware framework" that … [Read more...] about Chinese Hackers Used a New Rootkit to Spy on Targeted Windows 10 Users
Targeted
Russian Turla APT Group Deploying New Backdoor on Targeted Systems
State-sponsored hackers affiliated with Russia are behind a new series of intrusions using a previously undocumented implant to compromise systems in the U.S., Germany, and Afghanistan. Cisco Talos attributed the attacks to the Turla advanced persistent threat (APT) group, coining the malware "TinyTurla" for its limited functionality and efficient coding style that allows it to … [Read more...] about Russian Turla APT Group Deploying New Backdoor on Targeted Systems
Hackers Exploit Microsoft Browser Bug to Deploy VBA Malware on Targeted PCs
An unidentified threat actor has been exploiting a now-patched zero-day flaw in Internet Explorer browser to deliver a fully-featured VBA-based remote access trojan (RAT) capable of accessing files stored in compromised Windows systems, and downloading and executing malicious payloads as part of an "unusual" campaign. The backdoor is distributed via a decoy document named … [Read more...] about Hackers Exploit Microsoft Browser Bug to Deploy VBA Malware on Targeted PCs
Pakistan-linked hackers targeted Indian power company with ReverseRat
A threat actor with suspected ties to Pakistan has been striking government and energy organizations in the South and Central Asia regions to deploy a remote access trojan on compromised Windows systems, according to new research. "Most of the organizations that exhibited signs of compromise were in India, and a small number were in Afghanistan," Lumen's Black Lotus Labs said … [Read more...] about Pakistan-linked hackers targeted Indian power company with ReverseRat
A New Software Supply‑Chain Attack Targeted Millions With Spyware
Cybersecurity researchers today disclosed a new supply chain attack compromising the update mechanism of NoxPlayer, a free Android emulator for PCs and Macs. Dubbed "Operation NightScout" by Slovak cybersecurity firm ESET, the highly-targeted surveillance campaign involved distributing three different malware families via tailored malicious updates to selected victims based in … [Read more...] about A New Software Supply‑Chain Attack Targeted Millions With Spyware
Hezbollah Hacker Group Targeted Telecoms, Hosting, ISPs Worldwide
A "persistent attacker group" with alleged ties to Hezbollah has retooled its malware arsenal with a new version of a remote access Trojan (RAT) to break into companies worldwide and extract valuable information. In a new report published by the ClearSky research team on Thursday, the Israeli cybersecurity firm said it identified at least 250 public-facing web servers since … [Read more...] about Hezbollah Hacker Group Targeted Telecoms, Hosting, ISPs Worldwide
Targeted Phishing Attacks Strike High-Ranking Company Executives
An evolving phishing campaign observed at least since May 2020 has been found to target high-ranking company executives across manufacturing, real estate, finance, government, and technological sectors with the goal of obtaining sensitive information. The campaign hinges on a social engineering trick that involves sending emails to potential victims containing fake Office 365 … [Read more...] about Targeted Phishing Attacks Strike High-Ranking Company Executives
Browsers Bugs Exploited to Install 2 New Backdoors on Targeted Computers
Cybersecurity researchers have disclosed details about a new watering hole attack targeting the Korean diaspora that exploits vulnerabilities in web browsers such as Google Chrome and Internet Explorer to deploy malware for espionage purposes. Dubbed "Operation Earth Kitsune" by Trend Micro, the campaign involves the use of SLUB (for SLack and githUB) malware and two new … [Read more...] about Browsers Bugs Exploited to Install 2 New Backdoors on Targeted Computers
Cisco Issues Warning Over IOS XR Zero-Day Flaw Being Targeted in the Wild
Cisco has warned of an active zero-day vulnerability in its router software that's being exploited in the wild and could allow a remote, authenticated attacker to carry out memory exhaustion attacks on an affected device. "An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device," Cisco said in an advisory posted over the weekend."A … [Read more...] about Cisco Issues Warning Over IOS XR Zero-Day Flaw Being Targeted in the Wild