CyberWorkx
169 FOLLOWERS
Covers cybersecurity happenings around the world. CyberWorkx is your ultimate destination on security news.
CyberWorkx
1y ago
Yorotrooper is a sophisticated espionage campaign that has been active since at least 2018, targeting organizations in Europe and Turkey. This campaign has been attributed to a threat actor group called APT27, which is believed to be associated with the Chinese government. The goal of Yorotrooper is to collect sensitive information from a range of industries, including government, military, and energy.
APT27’s tactics include using spear-phishing emails to deliver malware and exploiting vulnerabilities in software to gain access to victims’ networks. The malware used in Yorotrooper is highly c ..read more
CyberWorkx
1y ago
Researchers from Cyberreason team had identified the rise in Qakbot infection targeting multiple US organisation. On Successful infection, it depoys black basta ransomware program on the compromised machines in the target network.
The attack is delivered as a malicious link to the end users via spear phishing attack. and used Qakbot for initial attack method to gain control over the network.
The Cybereason Managed Services team observed multiple infections of Black Basta using QakBot beginning on November 14, 2022. These QakBot infections began with a spam/phishing email containing malicious U ..read more
CyberWorkx
1y ago
Researchers from Checkpoint and Phylum had identified a new supply chain attack targetting to compromise python developers by making them download typosquatted python modules which contains malicious code in the intention of compromising the same.
Researchers from Checkmarx has tracked these hacker with the help of two reports combined from Checkpoint and Phylum with threat actor as “WASP”.
During the investigation and tracking attempt the threat actor seems to be employing Steganography and polymorphism techniques to stay under the radar. Apart from that, the threat actor was maintain multipl ..read more
CyberWorkx
1y ago
According to Felipe Duarte and Ido Naor ( researchers at Israeli incident response firm Security Joes) , the unusual attack chain involved the use of stolen credentials to gain unauthorised access to the user network leading to the deployment of Cobalt Strike payloads on compromised assets.
A Russian-speaking ransomware group likely targeted an unnamed entity in the gambling and gaming sector in Europe and Central America by repurposing custom tools developed by other APT groups such as Iran’s MuddyWater.
The intrusion is said to have occurred in February 2022 with the att ..read more
CyberWorkx
2y ago
Trend Micro researchers reported that ,” The botnet’s objective is to develop an infrastructure for additional attacks on high-value targets, given that none of the infected hosts belong to vital organisations or those that have an obvious value on economic, political or military espionage.“
Nearly a month after it was revealed that the malware used WatchGuard firewall appliances as a stepping stone to obtain remote access to infiltrated networks. ASUS routers have been the target of a budding botnet … Read more
The post ASUS Routers Are Targeted By A New Variant Of The Russian Cyclops Blink B ..read more
CyberWorkx
2y ago
According to ESET telemetry, it was detected on a few dozen systems in a small number of businesses. This new malware erases user data and partition information from associated drives.
ESET, a slovak cybersecurity firm, named the third wiper “CaddyWiper,” which it first saw on March 14 at 9:38 a.m. UTC. The virus was compiled at 7:19 a.m. UTC, little over two hours before it was deployed, according to metadata associated with the executable (“caddy.exe”).
CaddyWiper stands out to other … Read more
The post CaddyWiper Is A New Data-Erasing Malware That Targets Ukrainian Networks. appeared first ..read more
CyberWorkx
2y ago
According to Felipe Duarte and Ido Naor ( researchers at Israeli incident response firm Security Joes) , the unusual attack chain involved the use of stolen credentials to gain unauthorised access to the user network leading to the deployment of Cobalt Strike payloads on compromised assets.
A Russian-speaking ransomware group likely targeted an unnamed entity in the gambling and gaming sector in Europe and Central America by repurposing custom tools developed by other APT groups such as Iran’s MuddyWater.
The … Read more
The post Russian Ransomware Gang Rebuilds Other APT Group ..read more
CyberWorkx
2y ago
Since last month, a new form of a Brazilian virus has been affecting Internet users in Portugal (February 2022). An study of the artefacts and IOCs gathered from this campaign ,despite the fact that there are no notable changes in skill and when compared to other well-known trojans such as Maxtrilha, URSA and Javali.
The trojan has been disseminated via phishing templates impersonating Tax services in Portugal.
An HTML file downloads a .lnk file mascaraed of an MSI file that
… Read more
The post The Brazilian Virus, Which Affects Portuguese Users And Has The Same Capabilities As O ..read more
CyberWorkx
2y ago
Cylera Labs’ Pablo Rincón Crespo reported that ,” Research evidence indicates identification of co-evolution between both Shamoon and Kwampirs malware families during the known timeline. The operators of Shamoon and Kwampirs have overlapping source code and techniques, indicating that they are the same group or really close collaborators.
Symantec said in an April 2018 analysis, Orangeworm, first identified in January 2015, has also conducted targeted attacks against organisations in related industries as part of a larger supply-chain attack in order … Read more
The post New Evidence Connects ..read more
CyberWorkx
2y ago
SonarSource researcher Paul Gerste reported that ,” This means that an attack cannot be launched directly against a developer machine from a remote location, and the developer must be duped into loading malformed files.
Multiple security flaws in popular package managers have been disclosed, which could be used to run arbitrary code and access sensitive information, such as source code and access tokens from compromised machines.
Package managers are systems or a collection of tools used to automate the installation, upgrading and configuration … Read more
The post H ..read more