A Chinese advanced persistent threat (APT) group has been targeting Taiwanese financial institutions as part of a “persistent campaign” that lasted for at least 18 months. The intrusions, whose primary intent was espionage, resulted in the deployment of a backdoor called xPack, granting the adversary extensive control over compromised machines, Broadcom-owned Symantec said in a […]
An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason. The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the […]
A previously undocumented cyber-espionage malware aimed at Apple’s macOS operating system leveraged a Safari web browser exploit as part of a watering hole attack targeting politically active, pro-democracy individuals in Hong Kong. Slovak cybersecurity firm ESET attributed the intrusion to an actor with “strong technical capabilities,” calling out the campaign’s overlaps to that of a […]
An Iranian state-sponsored actor has been observed scanning and attempting to abuse the Log4Shell flaw in publicly-exposed Java applications to deploy a hitherto undocumented PowerShell-based modular backdoor dubbed “CharmPower” for follow-on post-exploitation. “The actor’s attack setup was obviously rushed, as they used the basic open-source tool for the exploitation and based their operations on previous […]
Cybersecurity specialists from Intezer reported the detection of a new cross-platform malware variant capable of infecting Windows, macOS and Linux systems. Dubbed as SysJoker, the malware is highly evasive and even VirusTotal has trouble identifying iterations for Linux and Mac systems. This malware variant was first identified in mid-2021 during a cyberattack targeting a Linux-based […]
Avast Threat Intelligence Team stated that it tried to notify the agency about the intrusion but didn’t receive any favorable response, which is why it decided to disclose its findings. Czech security firm Avast reported that a backdoor was identified in a US federal agency’s network, the United States Commission on International Religious Freedom (USCIRF). […]
The backdoors were detected during penetration testing by RedTeam Pentesting GmbH. On December 20th, it was reported that a backdoor was found in the network of a US Federal Agency. Now, RedTeam Pentesting researchers have identified multiple backdoors in a commonly used VoIP (voice over Internet protocol) appliance made by the German telecom hardware manufacturer […]
A U.S. federal government commission associated with international rights has been targeted by a backdoor that reportedly compromised its internal network in what the researchers described as a “classic APT-type operation.” “This attack could have given total visibility of the network and complete control of a system and thus could be used as the first […]
Researchers believe that the campaign has been active since 2018, and since then, the malware has been under development constantly. Cisco Talos researchers have identified malvertising campaigns using fake installers of popular games and applications, such as WeChat, Viber, Battlefield, and NoxPlayer, to lure users into downloading an undocumented, malicious Google Chrome extension and a […]
The PDF format has become one of the most popular ways to view files, as this format is compatible with all kinds of technological devices, including desktop computers, laptops, electronic tablets and smartphones. Because of this universal presence, threat actors began using these documents to deliver malware and easily deploy other attack variants. This time, […]
A series of malicious campaigns have been leveraging fake installers of popular apps and games such as Viber, WeChat, NoxPlayer, and Battlefield as a lure to trick users into downloading a new backdoor and an undocumented malicious Google Chrome extension with the goal of stealing credentials and data stored in the compromised systems as well […]
Security specialists from the firm JFrog report the discovery of 11 malicious Python packages in the Python Package Index (PyPI) repository, apparently designed for the theft of access tokens to platforms such as Discord, in addition to intercepting passwords and deploying dependency confusion attacks. The list of malicious packages detected in this research is shown […]
Cybersecurity specialists described a new method to hide backdoors hidden in JavaScript thanks to the use of Unicode characters that are invisible or can be easily confused with other characters. This technique allows malicious code to evade detection, even during a thorough scan. This method was inspired by a Subreddit post documenting a developer’s difficulties […]
A BazarLoader Windows malware campaign has been detected recently by the security firm, Unit42 of Plaalto Networks that was hosting one of their malicious files on Microsoft’s OneDrive service. This BazarLoader Windows malware enables the threat actors backdoor access and network reconnaissance. After the revelation of this incident, a former senior threat intelligence analyst of […]
Cybersecurity specialists report the detection of two severe vulnerabilities in the popular FreeRDP programming language. According to the report, successful exploitation of these flaws would allow threat actors to seriously compromise affected systems. Below are brief descriptions of the reported flaws, in addition to their respective tracking keys and scores assigned under the Common Vulnerability […]
Cybersecurity specialists report the detection of a new malware family that is hidden in legitimate binaries for the infection of Linux systems. Identified as FontOnLake, this set of malicious tools features rootkit and backdoor features and is capable of generating persistence on affected systems. According to ESET researchers, this malware family has various modules that […]
Cybersecurity researchers on Wednesday disclosed a previously undocumented backdoor likely designed and developed by the Nobelium advanced persistent threat (APT) behind last year’s SolarWinds supply chain attack, joining the threat actor’s ever-expanding arsenal of hacking tools. Moscow-headquartered firm Kaspersky codenamed the malware “Tomiris,” calling out its similarities to another second-stage malware used during the campaign, […]
Microsoft has warned of a new FoggyWeb backdoor being used by Nobelium, the same state-sponsored hacking group believed to be responsible for SolarWinds supply-chain attacks. According to Microsoft, the notorious attacker group Nobelium is using a never-before-seen post-exploitation backdoor that can steal sensitive data from a compromised AD FS (Active Directory Federation Services) server. What […]
Researchers from Microsoft uncovered a new malware from NOBELIUM ATP threat group named FoggyWeb that gains a persistence backdoor on Active Directory Federation Services (AD FS) servers. NOBELIUM is an infamous APT threat group that is behind the various malware attacks such as SUNBURST backdoor, TEARDROP malware, GoldMax, GoldFinder, and Sibot. FoggyWeb is a newly […]
State-sponsored hackers affiliated with Russia are behind a new series of intrusions using a previously undocumented implant to compromise systems in the U.S., Germany, and Afghanistan. Cisco Talos attributed the attacks to the Turla advanced persistent threat (APT) group, coining the malware “TinyTurla” for its limited functionality and efficient coding style that allows it to […]
According to researchers, in its latest attack, FIN8 is infiltrating companies to carry out surveillance and obtain privilege escalation to deploy a payload of malware called Sardonic. In its latest report, Bitdefender Labs experts revealed that the financially motivated group FIN8 has resurfaced with brand new malware dubbed Sardonic. After a brief hiatus, the group is […]