Security News

Red Cross-Themed Phishing Attacks Distributing DangerAds and AtlasAgent Backdoors
2023-09-27 14:42

A new threat actor known as AtlasCross has been observed leveraging Red Cross-themed phishing lures to deliver two previously undocumented backdoors named DangerAds and AtlasAgent. NSFOCUS...

Signal Will Leave the UK Rather Than Add a Backdoor
2023-09-26 11:15

Onstage at TechCrunch Disrupt 2023, Meredith Whittaker, the president of the Signal Foundation, which maintains the nonprofit Signal messaging app, reaffirmed that Signal would leave the U.K. if the country's recently passed Online Safety Bill forced Signal to build "Backdoors" into its end-to-end encryption. "We would leave the U.K. or any jurisdiction if it came down to the choice between backdooring our encryption and betraying the people who count on us for privacy, or leaving," Whittaker said.

Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics
2023-09-23 11:10

Cybersecurity researchers have discovered a previously undocumented advanced backdoor dubbed Deadglyph employed by a threat actor known as Stealth Falcon as part of a cyber espionage campaign....

‘Sandman’ hackers backdoor telcos with new LuaDream malware
2023-09-21 19:50

A previously unknown threat actor dubbed 'Sandman' targets telecommunication service providers in the Middle East, Western Europe, and South Asia, using a modular info-stealing malware named 'LuaDream. SandMan has been seen deploying a new modular malware named 'LuaDream' in attacks using DLL hijacking on targeted systems.

Telecom firms hit with novel backdoors disguised as security software
2023-09-21 12:28

Researchers have unearthed new backdoors leveraged to maintain long-term access in the networks of telecom firms in the Middle East. HTTPSnoop and PipeSnoop - as the two implants have been dubbed by Cisco Talos researchers - have been disguised as components of Palo Alto Networks' Cortex XDR solution.

Hackers backdoor telecom providers with new HTTPSnoop malware
2023-09-19 15:14

New malware named HTTPSnoop and PipeSnoop are used in cyberattacks on telecommunication service providers in the Middle East, allowing threat actors to remotely execute commands on infected devices. The HTTPSnoop malware interfaces with Windows HTTP kernel drivers and devices to execute content on the infected endpoint based on specific HTTP(S) URLs, and the PipeSnoop accepts and executes arbitrary shellcode from a named pipe.

ShroudedSnooper's HTTPSnoop Backdoor Targets Middle East Telecom Companies
2023-09-19 12:35

Telecommunication service providers in the Middle East are the target of a new intrusion set dubbed ShroudedSnooper that employs a stealthy backdoor called HTTPSnoop. "HTTPSnoop is a simple, yet effective, backdoor that consists of novel techniques to interface with Windows HTTP kernel drivers and devices to listen to incoming requests for specific HTTP(S) URLs and execute that content on the infected endpoint," Cisco Talos said in a report shared with The Hacker News.

Earth Lusca's New SprySOCKS Linux Backdoor Targets Government Entities
2023-09-19 11:10

The China-linked threat actor known as Earth Lusca has been observed targeting government entities using a never-before-seen Linux backdoor called SprySOCKS. Earth Lusca was first documented by Trend Micro in January 2022, detailing the adversary's attacks against public and private sector entities across Asia, Australia, Europe, North America. Active since 2021, the group has relied on spear-phishing and watering hole attacks to pull off its cyber espionage schemes.

Iranian hackers backdoor 34 orgs with new Sponsor malware
2023-09-11 16:19

A nation-state threat actor known as 'Charming Kitten' has been observed deploying a previously unknown backdoor malware named 'Sponsor' against 34 companies around the globe. One of the notable features of the Sponsor backdoor is that it hides its otherwise innocuous configuration files on the victim's disk so they can be discreetly deployed by malicious batch scripts, successfully evading detection.

Charming Kitten's New Backdoor 'Sponsor' Targets Brazil, Israel, and U.A.E.
2023-09-11 13:24

The Iranian threat actor known as Charming Kiten has been linked to a new wave of attacks targeting different entities in Brazil, Israel, and the U.A.E. using a previously undocumented backdoor named Sponsor. "The Sponsor backdoor uses configuration files stored on disk," ESET researcher Adam Burgher said in a new report published today.