Security News

Turla APT Plants Novel Backdoor In Wake of Afghan Unrest
2021-09-21 16:02

The Turla advanced persistent threat group is back with a new backdoor used to infect systems in Afghanistan, Germany and the U.S., researchers have reported. On Tuesday, Cisco Talos researchers said that they've spotted infections they attributed to the Turla group - a Russian-speaking APT. Those attacks are "Likely" using a stealthy, "Second-chance" backdoor to maintain access to infected devices, they noted.

Russian state hackers use new TinyTurla malware as secondary backdoor
2021-09-21 15:54

Russian state-sponsored hackers known as the Turla APT group have been using new malware over the past year that acted as a secondary persistence method on compromised systems in the U.S., Germany, and Afghanistan. Named TinyTurla due to its limited functionality and uncomplicated coding style, the backdoor could also be used as a stealthy second-stage malware dropper.

SideWalk Backdoor Linked to China-Linked Spy Group ‘Grayfly’
2021-09-09 14:30

The novel backdoor technique called SideWalk, seen in campaigns targeting US media and retailers late last month, has been tied to an adversary that's been around for quite a while: namely, China-linked Grayfly espionage group. According to a report published by Symantec on Thursday, the SideWalk malware has been deployed in recent Grayfly campaigns against organizations in Taiwan, Vietnam, the US and Mexico.

More Detail on the Juniper Hack and the NSA PRNG Backdoor
2021-09-09 11:13

We knew the basics of this story, but it’s good to have more detail. Here’s me in 2015 about this Juniper hack. Here’s me in 2007 on the NSA backdoor.

FIN7 Hackers Using Windows 11 Themed Documents to Drop Javascript Backdoor
2021-09-06 03:16

A recent wave of spear-phishing campaigns leveraged weaponized Windows 11 Alpha-themed Word documents with Visual Basic macros to drop malicious payloads, including a JavaScript implant, against a point-of-sale service provider located in the U.S. The attacks, which are believed to have taken place between late June to late July 2021, have been attributed with "Moderate confidence" to a financially motivated threat actor dubbed FIN7, according to researchers from cybersecurity firm Anomali. "The group's goal appears to have been to deliver a variation of a JavaScript backdoor used by FIN7 since at least 2018.".

Researchers Uncover FIN8's New Backdoor Targeting Financial Institutions
2021-08-30 20:12

A financially motivated threat actor notorious for setting its sights on retail, hospitality, and entertainment industries has been observed deploying a completely new backdoor on infected systems, indicating the operators are continuously retooling their malware arsenal to avoid detection and stay under the radar. The previously undocumented malware has been dubbed "Sardonic" by Romanian cybersecurity technology company Bitdefender, which it encountered during a forensic investigation in the wake of an unsuccessful attack carried out by FIN8 aimed at an unnamed financial institution located in the U.S. Said to be under active development, "Sardonic backdoor is extremely potent and has a wide range of capabilities that help the threat actor leverage new malware on the fly without updating components," Bitdefender researchers Eduard Budaca and Victor Vrabie said in a report shared with The Hacker News.

FIN8 Targets US Bank With New ‘Sardonic’ Backdoor
2021-08-27 17:32

The financially motivated FIN8 cybergang used a brand-new backdoor - dubbed Sardonic by the Bitdender researchers who first spotted it - in attempted breaches of networks belonging to two unidentified U.S. financial organizations. It's a nimble newcomer, researchers wrote: "The Sardonic backdoor is extremely potent and has a wide range of capabilities that help the threat actor leverage new malware on the fly without updating components," according to Bitdefender's report.

ProxyLogon flaw, evil emails, SQL injections used to open backdoors on Windows boxes
2021-08-25 19:50

ESET and TrendMicro have identified a novel and sophisticated backdoor tool that miscreants have slipped onto compromised Windows computers in companies mostly in Asia but also in North America. TrendMicro's researchers speculate that the design of the malware indicates that at least one member of the group is familiar with the tools and techniques of security red teams while the SideWalk/ScrambleCross backdoor suggests personnel with deep knowledge of low-level programming and advanced software development.

FIN8 cybercrime gang backdoors US orgs with new Sardonic malware
2021-08-25 13:00

A financially motivated cybercrime gang has breached and backdoored the network of a US financial organization with a new malware known dubbed Sardonic by Bitdefender researchers who first spotted it. Sardonic is a new C++-based backdoor the FIN8 threat actors deployed on targets' systems likely via social engineering or spear-phishing, two of the group's favorite attack methods.

Researchers Uncover FIN8's New Backdoor Targeting Financial Institutions
2021-08-25 06:02

A financially motivated threat actor notorious for setting its sights on retail, hospitality, and entertainment industries has been observed deploying a completely new backdoor on infected systems, indicating the operators are continuously retooling their malware arsenal to avoid detection and stay under the radar. The previously undocumented malware has been dubbed "Sardonic" by Romanian cybersecurity technology company Bitdefender, which it encountered during a forensic investigation in the wake of an unsuccessful attack carried out by FIN8 aimed at an unnamed financial institution located in the U.S. Said to be under active development, "Sardonic backdoor is extremely potent and has a wide range of capabilities that help the threat actor leverage new malware on the fly without updating components," Bitdefender researchers Eduard Budaca and Victor Vrabie said in a report shared with The Hacker News.