Browsing tag
Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been described by Adobe as a case of “improper neutralization of special elements” that could pave the way for arbitrary code execution. It was addressed by the […]
Red Hat on Friday released an “urgent security alert” warning that two versions of a popular data compression library called XZ Utils (previously LZMA Utils) have been backdoored with malicious code designed to allow unauthorized remote access. The software supply chain compromise, tracked as CVE-2024-3094, has a CVSS score of 10.0, indicating maximum severity. It […]
Cybersecurity researchers have discovered a previously undocumented advanced backdoor dubbed Deadglyph employed by a threat actor known as Stealth Falcon as part of a cyber espionage campaign. “Deadglyph’s architecture is unusual as it consists of cooperating components – one a native x64 binary, the other a .NET assembly,” ESET said in a new report shared […]
An Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel that’s designed to deploy an updated version of a Windows backdoor called PowerLess. Cybersecurity firm Check Point is tracking the activity cluster under its mythical creature handle Educated Manticore, which exhibits “strong overlaps” with a hacking crew known […]
Telecommunication providers in the Middle East are the subject of new cyber attacks that commenced in the first quarter of 2023. The intrusion set has been attributed to a Chinese cyber espionage actor associated with a long-running campaign dubbed Operation Soft Cell based on tooling overlaps. “The initial attack phase involves infiltrating Internet-facing Microsoft Exchange […]
The China-aligned Mustang Panda actor has been observed using a hitherto unseen custom backdoor called MQsTTang as part of an ongoing social engineering campaign that commenced in January 2023. “Unlike most of the group’s malware, MQsTTang doesn’t seem to be based on existing families or publicly available projects,” ESET researcher Alexandre Côté Cyr said in […]
An espionage-focused threat actor has been observed using a steganographic trick to conceal a previously undocumented backdoor in a Windows logo in its attacks against Middle Eastern governments. Broadcom’s Symantec Threat Hunter Team attributed the updated tooling to a hacking group it tracks under the name Witchetty, which is also known as LookingFrog, a subgroup […]
An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason. The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the […]
An Iranian state-sponsored actor has been observed scanning and attempting to abuse the Log4Shell flaw in publicly-exposed Java applications to deploy a hitherto undocumented PowerShell-based modular backdoor dubbed “CharmPower” for follow-on post-exploitation. “The actor’s attack setup was obviously rushed, as they used the basic open-source tool for the exploitation and based their operations on previous […]
Avast Threat Intelligence Team stated that it tried to notify the agency about the intrusion but didn’t receive any favorable response, which is why it decided to disclose its findings. Czech security firm Avast reported that a backdoor was identified in a US federal agency’s network, the United States Commission on International Religious Freedom (USCIRF). […]
The backdoors were detected during penetration testing by RedTeam Pentesting GmbH. On December 20th, it was reported that a backdoor was found in the network of a US Federal Agency. Now, RedTeam Pentesting researchers have identified multiple backdoors in a commonly used VoIP (voice over Internet protocol) appliance made by the German telecom hardware manufacturer […]
A U.S. federal government commission associated with international rights has been targeted by a backdoor that reportedly compromised its internal network in what the researchers described as a “classic APT-type operation.” “This attack could have given total visibility of the network and complete control of a system and thus could be used as the first […]
Researchers believe that the campaign has been active since 2018, and since then, the malware has been under development constantly. Cisco Talos researchers have identified malvertising campaigns using fake installers of popular games and applications, such as WeChat, Viber, Battlefield, and NoxPlayer, to lure users into downloading an undocumented, malicious Google Chrome extension and a […]
A newly discovered botnet capable of staging distributed denial-of-service (DDoS) attacks targeted unpatched Ribbon Communications (formerly Edgewater Networks) EdgeMarc appliances belonging to telecom service provider AT&T by exploiting a four-year-old flaw in the network appliances. Chinese tech giant Qihoo 360’s Netlab network security division, which detected the botnet first on October 27, 2021, called it […]
Microsoft has warned of a new FoggyWeb backdoor being used by Nobelium, the same state-sponsored hacking group believed to be responsible for SolarWinds supply-chain attacks. According to Microsoft, the notorious attacker group Nobelium is using a never-before-seen post-exploitation backdoor that can steal sensitive data from a compromised AD FS (Active Directory Federation Services) server. What […]
Some fake piracy websites have also been found distributing Crypto Bot and Raccoon Stealer malware in cracked software. Sophos Labs’ security researchers have published a report on the emerging new threat of droppers-as-a-service. According to their research, droppers for hire are installing unwanted content and malware on devices of those who use cracked software of popular […]
According to researchers, the PRISM backdoor has been on their radar for more than 3.5 years. Security researchers at AT&T Labs have published a report sharing details of a newly discovered Linux ELF executables cluster having zero to low antivirus detections on VirusTotal. Researchers noted that these executables have a modified version of the open-source backdoor […]
A financially motivated threat actor notorious for setting its sights on retail, hospitality, and entertainment industries has been observed deploying a completely new backdoor on infected systems, indicating the operators are continuously retooling their malware arsenal to avoid detection and stay under the radar. The previously undocumented malware has been dubbed “Sardonic” by Romanian cybersecurity […]
A computer retail company based in the U.S. was the target of a previously undiscovered implant called SideWalk as part of a recent campaign undertaken by a Chinese advanced persistent threat group primarily known for singling out entities in East and Southeast Asia. Slovak cybersecurity firm ESET attributed the malware to an advanced persistent threat […]
A threat actor believed to be working on behalf of Chinese state-sponsored interests was recently observed targeting a Russia-based defense contractor involved in designing nuclear submarines for the naval arm of the Russian Armed Forces. The phishing attack, which singled out a general director working at the Rubin Design Bureau, leveraged the infamous “Royal Road” […]
New RotaJakiro Stealthy Linux Malware With System Backdoor Capabilities Went Unnoticed for 3 Years. Qihoo 360’s Network Security Research Lab, aka 360 NetLab, the research team has discovered a new Linux malware with outstanding backdoor capabilities. The malware is dubbed RotaJakiro, and it allows attackers to steal and exfiltrate sensitive system data from compromised devices. […]