A New Malware Has Been Identified Which Steals Credentials From Various Organisation.
CyberWorkx
by oxytivetech
1y ago
Yorotrooper is a sophisticated espionage campaign that has been active since at least 2018, targeting organizations in Europe and Turkey. This campaign has been attributed to a threat actor group called APT27, which is believed to be associated with the Chinese government. The goal of Yorotrooper is to collect sensitive information from a range of industries, including government, military, and energy. APT27’s tactics include using spear-phishing emails to deliver malware and exploiting vulnerabilities in software to gain access to victims’ networks. The malware used in Yorotrooper is highly c ..read more
Visit website
Qakbot Malware Campaign Used To Deploy BlackBasta Ransomware.
CyberWorkx
by oxytivetech
1y ago
Researchers from Cyberreason team had identified the rise in Qakbot infection targeting multiple US organisation. On Successful infection, it depoys black basta ransomware program on the compromised machines in the target network. The attack is delivered as a malicious link to the end users via spear phishing attack. and used Qakbot for initial attack method to gain control over the network. The Cybereason Managed Services team observed multiple infections of Black Basta using QakBot beginning on November 14, 2022. These QakBot infections began with a spam/phishing email containing malicious U ..read more
Visit website
PYTHON DEVELOPERS UNDER ATTACK.
CyberWorkx
by oxytivetech
1y ago
Researchers from Checkpoint and Phylum had identified a new supply chain attack targetting to compromise python developers by making them download typosquatted python modules which contains malicious code in the intention of compromising the same. Researchers from Checkmarx has tracked these hacker with the help of two reports combined from Checkpoint and Phylum with threat actor as “WASP”. During the investigation and tracking attempt the threat actor seems to be employing Steganography and polymorphism techniques to stay under the radar. Apart from that, the threat actor was maintain multipl ..read more
Visit website
Russian Ransomware Gang Rebuilds Other APT Groups Custom Hacking Tools.
CyberWorkx
by shamili0508
1y ago
According to Felipe Duarte and Ido Naor ( researchers at Israeli incident response firm Security Joes) , the unusual attack chain involved the use of stolen credentials to gain unauthorised access to the user  network leading to the deployment of Cobalt Strike payloads on compromised assets. A Russian-speaking ransomware group likely targeted an unnamed entity in the gambling and gaming sector in Europe and Central America by repurposing custom tools developed by other APT groups such as Iran’s MuddyWater. The intrusion is said to have occurred in February 2022 with the att ..read more
Visit website
ASUS Routers Are Targeted By A New Variant Of The Russian Cyclops Blink Botnet.
CyberWorkx
by shamili0508
2y ago
Trend Micro researchers reported that ,” The botnet’s objective is to develop an infrastructure for additional attacks on high-value targets, given that none of the infected hosts belong to vital organisations or those that have an obvious value on economic, political or military espionage.“ Nearly a month after it was revealed that the malware used WatchGuard firewall appliances as a stepping stone to obtain remote access to infiltrated networks. ASUS routers have been the target of a budding botnet … Read more The post ASUS Routers Are Targeted By A New Variant Of The Russian Cyclops Blink B ..read more
Visit website
CaddyWiper Is A New Data-Erasing Malware That Targets Ukrainian Networks.
CyberWorkx
by shamili0508
2y ago
According to ESET telemetry, it was detected on a few dozen systems in a small number of businesses. This new malware erases user data and partition information from associated drives. ESET, a slovak cybersecurity firm, named the third wiper “CaddyWiper,” which it first saw on March 14 at 9:38 a.m. UTC. The virus was compiled at 7:19 a.m. UTC, little over two hours before it was deployed, according to metadata associated with the executable (“caddy.exe”). CaddyWiper stands out to other … Read more The post CaddyWiper Is A New Data-Erasing Malware That Targets Ukrainian Networks. appeared first ..read more
Visit website
Russian Ransomware Gang Rebuilds Other APT Groups Custom Hacking Tools.
CyberWorkx
by shamili0508
2y ago
According to Felipe Duarte and Ido Naor ( researchers at Israeli incident response firm Security Joes) , the unusual attack chain involved the use of stolen credentials to gain unauthorised access to the user  network leading to the deployment of Cobalt Strike payloads on compromised assets. A Russian-speaking ransomware group likely targeted an unnamed entity in the gambling and gaming sector in Europe and Central America by repurposing custom tools developed by other APT groups such as Iran’s MuddyWater. The … Read more The post Russian Ransomware Gang Rebuilds Other APT Group ..read more
Visit website
The Brazilian Virus, Which Affects Portuguese Users And Has The Same Capabilities As Other Latin American Threats.
CyberWorkx
by shamili0508
2y ago
Since last month, a new form of a Brazilian virus has been affecting Internet users in Portugal (February 2022). An study of the artefacts and IOCs gathered from this campaign ,despite the fact that there are no notable changes in skill and  when compared to other well-known trojans such as Maxtrilha, URSA and Javali. The trojan has been disseminated via phishing templates impersonating Tax services in Portugal. An HTML file downloads a .lnk file mascaraed of an MSI file that … Read more The post The Brazilian Virus, Which Affects Portuguese Users And Has The Same Capabilities As O ..read more
Visit website
New Evidence Connects Kwampirs Malware to Shamoon APT Hackers.
CyberWorkx
by shamili0508
2y ago
Cylera Labs’ Pablo Rincón Crespo reported that ,” Research evidence indicates identification of co-evolution between both Shamoon and Kwampirs malware families during the known timeline. The operators of Shamoon and Kwampirs have overlapping source code and techniques, indicating that they are the same group or really close collaborators. Symantec said in an April 2018 analysis, Orangeworm, first identified in January 2015, has also conducted targeted attacks against organisations in related industries as part of a larger supply-chain attack in order … Read more The post New Evidence Connects ..read more
Visit website
Hackers Are Misusing Several Security Flaws on Popular Software Package Managers.
CyberWorkx
by shamili0508
2y ago
SonarSource researcher Paul Gerste reported that ,” This means that an attack cannot be launched directly against a developer machine from a remote location, and the developer must be duped into loading malformed files.  Multiple security flaws in popular package managers have been disclosed, which could be used to run arbitrary code and access sensitive information, such as source code and access tokens  from compromised machines. Package managers are systems or a collection of tools used to automate the installation, upgrading and configuration … Read more The post H ..read more
Visit website

Follow CyberWorkx on FeedSpot

Continue with Google
Continue with Apple
OR