Posted on Leave a comment

Iranian Hackers Use A Log4j Vulnerability To Install A Backdoor In PowerShell.

Check point researchers reported that “The actor’s attack setup was ¬†fast, as they employed a basic open-source tool for exploitation and built their activities on existing infrastructure, making the attack easy to detect and attribute,”

The attackers employed one of the publicly accessible open-source JNDI Exploit Kits to exploit the Log4j vulnerability (CVE-2021-44228), which has since been deleted from GitHub due to its great popularity following the vulnerability’s discovery. We will omit the details of the actual exploitation phase because … Read more

Posted on Leave a comment

Botnet Abcbot Linked To The Xanthe Cryptomining Malware Operators.

Abcbot attacks, first reported by Qihoo 360’s Netlab security team in November 2021, are triggered by a malicious shell script that targets insecure cloud instances operated by cloud service providers such as Huawei, Tencent, Baidu, and Alibaba Cloud to download malware that co-opts the machine to a botnet, but not before terminating processes from competing threat actors and establishing persistence.

Cado Security has issued an analysis, “Our ongoing investigation into this malware family uncovers a clear relationship to Cisco’s Read more

Posted on Leave a comment

Researchers Identified That APT Hackers Infecting Their Own Infra In Recent Malware Attacks.

Malwarebytes Threat Intelligence Team reported that ,”Ironically, all of the information we gathered was made possible by the threat actor infecting themselves with their own [remote access trojan], which resulted in captured keystrokes and screenshots of their own computer and virtual machines.

Pakistan’s Ministry of Defense, National Defence University of Islamabad, Faculty of Bio-Sciences at UVAS Lahore, International Center for Chemical and Biological Sciences (ICCBS), H.E.J. Research Institute of Chemistry, and Salim Habib University are among the major victims (SBU).… Read more

Posted on Leave a comment

The FluBot Malware Is Still Developing. What is New In Version 5.0 And Later?

F5 security researchers have issued a warning about a new enhanced version of the FluBot Android malware, which spreads under the guise of Flash Player. FluBot, a recent SMISHING campaign discovered by CSIRT KNF, targeted Polish users with a message asking them to click on a link to view a video. When recipients click on the link, they are redirected to a page that offers a fake Flash Player APK that instals the FluBot malware on their Android device.

In … Read more

Posted on Leave a comment

North Korean Hackers Begin The New Year By Attacking Russia’s Foreign Ministry.

Lumen Technologies Black Lotus Labs researchers reported that ,”This activity cluster demonstrates the patient and persistent nature of advanced actors in waging multi-phased campaigns against perceived high-value networks.”

A North Korean cyberespionage group known as Konni has been linked to a series of targeted attacks on the Russian Federation’s Ministry of Foreign Affairs (MID) that used New Year’s lures to compromise Windows systems with malware.

The Konni group’s tactics, techniques, and procedures (TTPs) are known to overlap with threat actors … Read more

Posted on Leave a comment

Microsoft Signature Verification Is Being Used In A New Zloader Banking Malware Campaign.

Check Point’s Golan Cohen reported that , ” The techniques incorporated in the infection chain include the use of legitimate remote management software (RMM) to gain initial access to the target machine.” The malware then uses Microsoft’s digital signature verification method to inject its payload into a signed system DLL, allowing it to evade the system’s defences even further.”

An ongoing ZLoader malware campaign has been discovered, stealing user credentials and sensitive information by exploiting remote monitoring tools and a … Read more