Category: Malware

Malware

US FEDERAL NETWORK HACKED BY IRANIAN HACKERS.

FBI and CISA had released a joint advisory stating that Federal Civilian Executive Branch (FCEB) organization was compromised by Iranian linked APT group using well-known log4shell vulnerability and installed the cryptomining malware. The government has conducted the investigation and identified that the attackers installed XMRig crypto miner and conducted lateral movement across the network. On … Continue reading US FEDERAL NETWORK HACKED BY IRANIAN HACKERS.

Malware

STATE SPONSORED APT GROUP TARGETS ORGANISATIONS FROM MULTIPLE ASIAN COUNTRIES.

Researchers from Symantec has identified a state sponsored hacking campaign targeting multiple organisations from Asian countries including Certificate authorities, and government agencies. The APT group named "Billbug" has been active atleast from 2009 has reoccured with primary motive of conducting espionage activity with the intention of stealing the sensitive data's. "The targeting of a certificate … Continue reading STATE SPONSORED APT GROUP TARGETS ORGANISATIONS FROM MULTIPLE ASIAN COUNTRIES.

Malware

Experts Track Down Some BlackMatter Affiliates Spreading BlackCat Ransomware.

Tiago Pereira and Caitlin Huey of Cisco Talos reported that "BlackCat appears to be a case of vertical business expansion .In essence, it's a way to gain control of the upstream supply chain by making a key service to their business (the RaaS operator) better suited to their needs and adding another source of revenue." … Continue reading Experts Track Down Some BlackMatter Affiliates Spreading BlackCat Ransomware.

Malware

Google Discovers A ‘Initial Access Broker’ Cooperating With The Conti Ransomware Gang.

TAG researchers Vlad Stolyarov reported that ," Initial access brokers are the opportunistic locksmiths of the security world .These groups specialise in breaching a target in order to provide the malicious actor with access to the doors   or the Windows." TAG has launched a new initial access broker that it claims is closely associated with a … Continue reading Google Discovers A ‘Initial Access Broker’ Cooperating With The Conti Ransomware Gang.

Malware

Hacked IoT Devices Are Used As Command- And Control Servers By The TrickBot Malware.

According to Microsoft's Defender for IoT Research Team and Threat Intelligence Center (MSTIC) ," TrickBot adds another persistence layer that helps malicious IPs evade detection by standard security systems by using MikroTik routers as proxy servers for its C2 servers and redirecting traffic through non-standard ports." Microsoft stated on Wednesday that the TrickBot virus uses … Continue reading Hacked IoT Devices Are Used As Command- And Control Servers By The TrickBot Malware.