A newly discovered malware has been put to use in the wild at least since March 2021 to backdoor Microsoft Exchange servers belonging to a wide range of entities worldwide, with infections lingering in 20 organizations as of June 2022. Dubbed SessionManager, the malicious tool masquerades as a module for Internet Information Services (IIS), a […]
Entities located in Afghanistan, Malaysia, and Pakistan are in the crosshairs of an attack campaign that targets unpatched Microsoft Exchange Servers as an initial access vector to deploy the ShadowPad malware. Russian cybersecurity firm Kaspersky, which first detected the activity in mid-October 2021, attributed it to a previously unknown Chinese-speaking threat actor. Targets include organizations […]
In order to conceal malicious processes, a new Linux rootkit malware dubbed, ‘Syslogk’ has been hacking computers by using specially crafted “magic packets” and specially crafted exploits to wake up a hidden backdoor that is hidden on the machine. The new malware was discovered by researchers at the antivirus firm Avast. Based on an open-source […]
A highly sophisticated threat actor has been observed targeting Android and iOS users in an attempt to spread backdoored apps filled with malicious code designed to drain users’ funds. Digital advertising security company Confiant has uncovered and reported on this previously unreported campaign, which it has dubbed SeaFlower. This malicious campaign is replicated from websites […]
Information security specialists reported a notable increase in activity related to the Hello XD ransomware, which has been updated to add much stronger encryption than in its previous versions. This malware variant was first identified in late 2021, apparently developed from the leaked code of the Babuk ransomware and linked to multiple double extortion campaigns. […]
A technically sophisticated threat actor known as SeaFlower has been targeting Android and iOS users as part of an extensive campaign that mimics official cryptocurrency wallet websites intending to distribute backdoored apps that drain victims’ funds. Said to be first discovered in March 2022, the cluster of activity “hint[s] to a strong relationship with a […]
Windows and Linux systems are being targeted by a ransomware variant called HelloXD, with the infections also involving the deployment of a backdoor to facilitate persistent remote access to infected hosts. “Unlike other ransomware groups, this ransomware family doesn’t have an active leak site; instead it prefers to direct the impacted victim to negotiations through […]
In its most recent security release, GitLab announced the launching of GitLab Community Edition (CE) and GitLab Enterprise Edition (EE) versions 15.01, 14.9.4, and 14.9.5. These updates contain important security fixes, so users of previous deployments are encouraged to address them as soon as possible to prevent malicious activity. According to the report, GitLab fixed […]
Researchers report that ctx Python, one of the most popular packages of the Python programming language, would have been compromised by threat actors for the injection of a backdoor impossible to detect for users. As reported just a few hours ago, the package received an update version identified as v0.2.6, which attracted attention because ctx […]
The North Korea-backed Lazarus Group has been observed leveraging the Log4Shell vulnerability in VMware Horizon servers to deploy the NukeSped (aka Manuscrypt) implant against targets located in its southern counterpart. “The attacker used the Log4j vulnerability on VMware Horizon products that were not applied with the security patch,” AhnLab Security Emergency Response Center (ASEC) said […]
A spear-phishing campaign targeting Jordan’s foreign ministry has been observed dropping a new stealthy backdoor dubbed Saitama. Researchers from Malwarebytes and Fortinet FortiGuard Labs attributed the campaign to an Iranian cyber espionage threat actor tracked under the moniker APT34, citing resemblances to past campaigns staged by the group. “Like many of these attacks, the email […]
Cybersecurity researchers have shed light on an actively maintained remote access trojan called DCRat (aka DarkCrystal RAT) that’s offered on sale for “dirt cheap” prices, making it accessible to professional cybercriminal groups and novice actors alike. “Unlike the well-funded, massive Russian threat groups crafting custom malware […], this remote access Trojan (RAT) appears to be […]
A Microsoft security report details the finding of a set of vulnerabilities that would allow threat actors to escalate privileges on Linux systems in order to inject ransomware, backdoors, and other severe threats. The flaws were identified as Nimbuspwn and their exploitation would trigger access to root privileges on compromised systems. Nimbuspwn refers to the […]
A state-backed threat actor with ties to the Democratic People’s Republic of Korea (DRPK) has been attributed to a spear-phishing campaign targeting journalists covering the country with the ultimate goal of deploying a backdoor on infected Windows systems. The intrusions, said to be the work of Ricochet Chollima, resulted in the deployment of a novel […]
An Iranian-linked threat actor known as Rocket Kitten has been observed actively exploiting a recently patched VMware vulnerability to gain initial access and deploy the Core Impact penetration testing tool on vulnerable systems. Tracked as CVE-2022-22954 (CVSS score: 9.8), the critical issue concerns a case of remote code execution (RCE) vulnerability affecting VMware Workspace ONE […]
Even as the TrickBot infrastructure closed shop, the operators of the malware are continuing to refine and retool their arsenal to carry out attacks that culminated in the deployment of Conti ransomware. IBM Security X-Force, which discovered the revamped version of the criminal gang’s AnchorDNS backdoor, dubbed the new, upgraded variant AnchorMail. AnchorMail “uses an […]
Cybersecurity researchers have taken the wraps off a previously undocumented and stealthy custom malware called SockDetour that targeted U.S.-based defense contractors with the goal of being used as a secondary implant on compromised Windows hosts. “SockDetour is a backdoor that is designed to remain stealthily on compromised Windows servers so that it can serve as […]
A recent report points to the detection of Bvp47, a backdoor for Linux systems developed by Equation Group, a group of threat actors allegedly linked to the U.S. National Security Agency (NSA). Although it was included in the VirusTotal database in 2013, this backdoor is still active and has remained hidden in countless deployments. The […]
Vulnerable internet-facing Microsoft SQL (MS SQL) Servers are being targeted by threat actors as part of a new campaign to deploy the Cobalt Strike adversary simulation tool on compromised hosts. “Attacks that target MS SQL servers include attacks to the environment where its vulnerability has not been patched, brute forcing, and dictionary attack against poorly […]
An advanced persistent threat (APT) group with ties to Iran has refreshed its malware toolset to include a new backdoor dubbed Marlin as part of a long-running espionage campaign that started in April 2018. Slovak cybersecurity company ESET attributed the attacks — codenamed “Out to Sea” — to a threat actor called OilRig (aka APT34), […]
Systems hosting content pertaining to the National Games of China were successfully breached last year by an unnamed Chinese-language-speaking hacking group. Cybersecurity firm Avast, which dissected the intrusion, said that the attackers gained access to a web server 12 days prior to the start of the event on September 3 to drop multiple reverse web […]