Security News
It's one thing for APT groups to conduct cyber espionage to meet their own financial objectives. "The cybercriminal group infiltrated the company using a tainted and specially crafted plugin for Autodesk 3ds Max," Bitdefender researchers said in a report released today.
It's one thing for APT groups to conduct cyber espionage to meet their own financial objectives. "The cybercriminal group infiltrated the company using a tainted and specially crafted plugin for Autodesk 3ds Max," Bitdefender researchers said in a report released today.
The China-based APT known as CactusPete has returned with a new campaign aimed at military and financial targets in Eastern Europe, which is a new geography for the group's victimology, according to researchers. CactusPete is a Chinese-speaking APT group that has been publicly known since at least 2013, according to the blog post.
A stack of Linux backdoor malware used for espionage, compiled dynamically and customizable to specific targets, is being used as a shared resource by five different Chinese-language APT groups, according to researchers. Finally, the sixth item is the Linux XOR DDoS botnet, which is the largest known Linux botnet, first coming to notice in 2015.
"Whenever a successful connection was made, a network share was mounted, and the VHD ransomware was copied and executed through WMI calls. This stood out to us as an uncharacteristic technique for cybercrime groups; instead, it reminded us of the APT campaigns Sony SPE, Shamoon and OlympicDestroyer, three previous wipers with worming capabilities." The VHD ransomware is written in C++ and encrypts files on all connected disks, the analysis determined.
The backdoor first debuted as a proprietary OilRig weapon in 2017 and has gone through several updates since then, the firm noted, adding that timestamps indicate that OilRig added the steganography trick to RDAT's profile as far back as 2018. "To send emails from the compromised host, the payload uses the email associated with the account logged into the compromised host, as it uses the WinHTTP library to make requests to the API , which automatically attempts to log onto Exchange using the default credentials," according to the report.
There's a direct correlation between a company's poor privacy practices and the likelihood of a data breach, according to a report from the data privacy platform Osano, The Osano Data Privacy and Data Breach Link. Businesses with poor privacy practices are 80% more apt to experience a data breach.
The APT group known as StrongPity is back with a new watering-hole campaign, targeting mainly Kurdish victims in Turkey and Syria. The sheer variety of the trojanized applications on offer in the latest campaign is a method aimed at casting a wide net in terms of victims' interests, according to researchers at Bitdefender in a report released Tuesday.
Palo Alto Networks revealed on Monday that it has patched a critical authentication bypass vulnerability in its PAN-OS firewall operating system, and U.S. Cyber Command believes foreign APTs will likely attempt to exploit it soon. "When Security Assertion Markup Language authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled, improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. The attacker must have network access to the vulnerable server to exploit this vulnerability," Palo Alto Networks explained in an advisory.
With the U.S. presidential election months away, advanced persistent threat groups are targeting the campaign staffers of both Donald Trump and Joe Biden in recent phishing attacks. A China-linked APT group targeted Biden's campaign staff, while an Iran-linked APT targeted Trump's.