Security News

Zebra2104 Initial Access Broker Supports Rival Malware Gangs, APTs
2021-11-08 19:42

Three separate threat groups are all using a common initial access broker to enable their cyberattacks, according to researchers - a finding that has revealed a tangled web of related attack infrastructure underpinning disparate malware campaigns. The BlackBerry Research & Intelligence Team has found that the ransomware groups known as MountLocker and Phobos, as well as the StrongPity advanced persistent threat, have all partnered with an IAB threat actor that BlackBerry has dubbed Zebra2104.

SolarWinds APT Targets Tech Resellers in Latest Supply-Chain Cyberattacks
2021-10-25 19:16

The SolarWinds attackers - an advanced persistent threat known as Nobelium - have started a new wave of supply-chain intrusions, this time using the technology reseller/service provider community to attack their targets. "While the SolarWinds supply-chain attack involved malicious code inserted in legitimate software, most of this recent intrusion activity has involved leveraging stolen identities and the networks of technology solutions, services and reseller companies in North America and Europe to ultimately access the environments of organizations that are targeted by the Russian government."

Geriatric Microsoft Bug Exploited by APT Using Commodity RATs
2021-10-20 13:28

An APT described as a "Lone wolf" is exploiting a decades-old Microsoft Office flaw to deliver a barrage of commodity RATs to organizations in India and Afghanistan, researchers have found. Attackers use political and government-themed malicious domains as lures in the campaign, which targets mobile devices with out-of-the-box RATs such as dcRAT and QuasarRAT for Windows and AndroidRAT. They're delivering the RATs in malicious documents by exploiting CVE-2017-11882, according to a report published Tuesday by Cisco Talos.

Fresh APT Harvester Reaps Telco, Government Data
2021-10-19 20:15

Harvester has invested in a range of tools for scything through organizations' defenses, Symantec found, including the "Graphon" custom backdoor. "We do not know the initial infection vector that Harvester used to compromise victim networks, but the first evidence we found of Harvester activity on victim machines was a malicious URL," according to Symantec's writeup.

Lyceum APT Returns, This Time Targeting Tunisian Firms
2021-10-19 17:16

The Lyceum threat group has resurfaced, this time with a weird variant of a remote-access trojan that doesn't have a way to talk to a command-and-control server and might instead be a new way to proxy traffic between internal network clusters. Kaspersky's Mark Lechtik - senior security researcher at the company's Global Research & Analysis Team - said in a Monday post that the team has identified a new cluster of Lyceum activity that's focused on two entities in Tunisia.

A New APT Hacking Group Targeting Fuel, Energy, and Aviation Industries
2021-10-04 05:48

A previously undocumented threat actor has been identified as behind a string of attacks targeting fuel, energy, and aviation production industries in Russia, the U.S., India, Nepal, Taiwan, and Japan with the goal of stealing data from compromised networks. "The group compromised a subsidiary and penetrated the target company's network through it. Trusted relationship attacks are rare today due to the complexity of their execution. Using this method [], the ChamelGang group was able to achieve its goal and steal data from the compromised network."

New APT ChamelGang Targets Russian Energy, Aviation Orgs
2021-10-01 12:36

Though attackers mainly have been seen targeting Russian organizations, they have attacked targets in 10 countries so far, researchers said in a report by company researchers Aleksandr Grigorian, Daniil Koloskov, Denis Kuvshinov and Stanislav Rakovsky published online Thursday. ChamelGang - like Nobelium and REvil before it - has hopped on the bandwagon of attacking the supply chain first to gain access to its ultimate target, they said.

Russian Turla APT Group Deploying New Backdoor on Targeted Systems
2021-09-27 21:14

State-sponsored hackers affiliated with Russia are behind a new series of intrusions using a previously undocumented implant to compromise systems in the U.S., Germany, and Afghanistan. Cisco Talos attributed the attacks to the Turla advanced persistent threat group, coining the malware "TinyTurla" for its limited functionality and efficient coding style that allows it to go undetected.

A New APT Hacker Group Spying On Hotels and Governments Worldwide
2021-09-26 21:38

A new advanced persistent threat has been behind a string of attacks against hotels across the world, along with governments, international organizations, engineering companies, and law firms. Slovak cybersecurity firm ESET codenamed the cyber espionage group FamousSparrow, which it said has been active since at least August 2019, with victims located across Africa, Asia, Europe, the Middle East, and the Americas, spanning several countries such as Burkina Faso, Taiwan, France, Lithuania, the U.K., Israel, Saudi Arabia, Brazil, Canada, and Guatemala.

FamousSparrow APT Wings in to Spy on Hotels, Governments
2021-09-23 14:08

A cyberespionage group dubbed "FamousSparrow" by researchers has taken flight, targeting hotels, governments and private organizations around the world with a custom backdoor called, appropriately, "SparrowDoor." It's one of the advanced persistent threats that targeted the ProxyLogon vulnerabilities earlier this year, according to ESET, though its activity has only recently come to light. According to the firm, the backdoor's malicious actions include the ability to: rename or delete files; create directories; shut down processes; send information such as file attributes, file size and file write time; exfiltrate the content of a specified file; write data to a specified file; or establish an interactive reverse shell.