Security News > 2023 > July > Cybersecurity Agencies Sound Alarm on Rising TrueBot Malware Attacks
Cybersecurity agencies have warned about the emergence of new variants of the TrueBot malware.
The TrueBot malware, linked with cybercriminal collectives Silence and FIN11, is deployed to siphon off data and disseminate ransomware, jeopardising the safety of numerous infiltrated networks.
These beacons facilitate post-exploitation tasks, including stealing data and installing ransomware or different malware payloads.
While previous versions of the TrueBot malware were typically spread through malicious email attachments, the updated versions leverage the CVE-2022-31199 vulnerability to gain initial access.
The advisory does not provide specific information about the victims or the number of organizations affected by the TrueBot attacks.
The report also underlines the participation of the Raspberry Robin malware in these TrueBot attacks, as well as other post-compromise malware like IcedID and Bumblebee.
News URL
https://thehackernews.com/2023/07/cybersecurity-agencies-sound-alarm-on.html
Related news
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware (source)
- From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks (source)
- Quick Glossary: Cybersecurity Attack Response and Mitigation (source)
- New BunnyLoader Malware Variant Surfaces with Modular Attack Features (source)
- Over 100 US and EU orgs targeted in StrelaStealer malware attacks (source)
- The Biggest Takeaways from Recent Malware Attacks (source)
- Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-08 | CVE-2022-31199 | Deserialization of Untrusted Data vulnerability in Netwrix Auditor 9.7/9.8 Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems. | 9.8 |