Security News

Kimsuky's New Golang Stealer 'Troll' and 'GoBear' Backdoor Target South Korea
2024-02-08 06:53

The North Korea-linked nation-state actor known as Kimsuky is suspected of using a previously undocumented Golang-based information stealer called Troll Stealer. The malware steals "SSH,...

China-Linked Hackers Target Myanmar's Top Ministries with Backdoor Blitz
2024-01-30 13:45

The China-based threat actor known as Mustang Panda is suspected to have targeted Myanmar's Ministry of Defence and Foreign Affairs as part of twin campaigns designed to deploy backdoors and...

North Korean Hackers Weaponize Research Lures to Deliver RokRAT Backdoor
2024-01-22 16:47

Media organizations and high-profile experts in North Korean affairs have been at the receiving end of a new campaign orchestrated by a threat actor known as ScarCruft in December 2023. "ScarCruft...

Experts Warn of macOS Backdoor Hidden in Pirated Versions of Popular Software
2024-01-19 12:48

Pirated applications targeting Apple macOS users have been observed containing a backdoor capable of granting attackers remote control to infected machines. "These applications are being hosted on...

Google TAG: Kremlin cyber spies move into malware with a custom backdoor
2024-01-18 14:00

Russian cyberspies linked to the Kremlin's Federal Security Service are moving beyond their usual credential phishing antics and have developed a custom backdoor that they started delivering via email as far back as November 2022, according to Google's Threat Analysis Group. "TAG has observed SPICA being used as early as September 2023, but believe that COLDRIVER's use of the backdoor goes back to at least November 2022," the Chocolate Factory's threat hunting team said in an analysis published today.

Google: Russian FSB hackers deploy new Spica backdoor malware
2024-01-18 14:00

Google says the ColdRiver Russian-backed hacking group is pushing previously unknown backdoor malware using payloads masquerading as a PDF decryption tool. "COLDRIVER presents these documents as a new op-ed or other type of article that the impersonation account is looking to publish, asking for feedback from the target. When the user opens the benign PDF, the text appears encrypted," Google TAG said.

SpectralBlur: New macOS Backdoor Threat from North Korean Hackers
2024-01-05 15:35

Cybersecurity researchers have discovered a new Apple macOS backdoor called SpectralBlur that overlaps with a known malware family that has been attributed to North Korean threat actors....

Iranian cyberspies target US defense orgs with a brand new backdoor
2023-12-23 12:47

Iranian cyberspies are targeting defense industrial base organizations with a new backdoor called FalseFont, according to Microsoft. "We identified APT33 malware tied to an Iranian persona who may have been employed by the Iranian government to conduct cyber threat activity against its adversaries," the threat hunters said in an alert updated in October.

Microsoft Warns of New 'FalseFont' Backdoor Targeting the Defense Sector
2023-12-22 05:34

Organizations in the Defense Industrial Base (DIB) sector are in the crosshairs of an Iranian threat actor as part of a campaign designed to deliver a never-before-seen backdoor called FalseFont....

NKabuse backdoor harnesses blockchain brawn to hit several architectures
2023-12-15 14:28

Dubbed "NKAbuse" by the researchers, the Go-based backdoor offers criminal attackers a range of possibilities, including being able to DDoS or fling remote access trojans, and leans on NKN for more anonymous yet reliable data exchange. NKN is an open source protocol that lets users perform a peer-to-peer data exchange over a public blockchain - like a cross between a traditional blockchain and the Tor network.