Security News

Fake Kaseya VSA security update backdoors networks with Cobalt Strike
2021-07-07 12:50

Threat actors are trying to capitalize on the ongoing Kaseya ransomware attack crisis by targeting potential victims in a spam campaign pushing Cobalt Strike payloads disguised as Kaseya VSA security updates. Cobalt Strike is a legitimate penetration testing tool and threat emulation software that's also used by attackers for post-exploitation tasks and to deploy so-called beacons that allow them to gain remote access to compromised systems.

SolarWinds backdoor gang pwns Microsoft support agent to turn sights on customers
2021-06-26 03:28

The spies who backdoored SolarWinds' Orion software infiltrated Microsoft's support desk systems last month and obtained information to use in cyber-attacks on some of the Windows giant's customers, it was reported. Microsoft customers targeted by the support desk intruder have been alerted.

PYSA ransomware backdoors education orgs using ChaChi malware
2021-06-23 13:00

The PYSA ransomware gang has been using a remote access Trojan dubbed ChaChi to backdoor the systems of healthcare and education organizations and steal data that later gets leveraged in double extortion ransom schemes. ChaChi is a custom Golang-based RAT malware developed in early 2020 deployed by PYSA operators to access and control infected systems.

Microsoft: SEO poisoning used to backdoor targets with malware
2021-06-14 16:30

Microsoft is tracking a series of attacks that use SEO poisoning to infect targets with a remote access trojan capable of stealing the victims' sensitive info and backdooring their systems. The malware delivered in this campaign is SolarMarker, a.NET RAT that runs in memory and is used by attackers to drop other payloads on infected devices.

Novel ‘Victory’ Backdoor Spotted in Chinese APT Campaign
2021-06-07 18:49

Researchers said, is the novel backdoor, which they said has been in development by a Chinese APT for at least three years. A multi-stage chain eventually results in the installation of the backdoor module, which is called "Victory." It "Appears to be a custom and unique malware," according to Check Point.

New Kubernetes malware backdoors clusters via Windows containers
2021-06-07 10:51

New malware active for more than a year is compromising Windows containers to compromise Kubernetes clusters with the end goal of backdooring them and paving the way for attackers to abuse them in other malicious activities. It organizes app containers into pods, nodes, and clusters, with multiple nodes forming clusters managed by a master which coordinates cluster-related tasks such as scaling or updating apps.

Chinese Hackers Using Previously Unknown Backdoor
2021-06-03 12:39

A previously unknown Windows backdoor enables remote access and the collection of considerable live data - but only during Chinese working hours. Researchers from Check Point Research report that opening the attachment starts a chain of in-memory loaders leading to the delivery of the previously unknown backdoor.

SolarWinds Hackers Target Think Tanks With New 'NativeZone' Backdoor
2021-06-01 21:59

Microsoft on Thursday disclosed that the threat actor behind the SolarWinds supply chain hack returned to the threat landscape to target government agencies, think tanks, consultants, and non-governmental organizations located across 24 countries, including the U.S. Some of the entities that were singled out include the U.S. Atlantic Council, the Organization for Security and Co-operation in Europe, the Ukrainian Anti-Corruption Action Center, the EU DisinfoLab, and the Government of Ireland's Department of Foreign Affairs. The attacks leveraged a legitimate mass-mailing service called Constant Contact to conceal its malicious activity and masquerade as USAID, a U.S.-based development organization, for a wide-scale phishing campaign that distributed phishing emails to a variety of organizations and industry verticals.

Researchers Warn of Facefish Backdoor Spreading Linux Rootkits
2021-05-29 01:17

Cybersecurity researchers have disclosed a new backdoor program capable of stealing user login credentials, device information and executing arbitrary commands on Linux systems. The malware dropper has been dubbed "Facefish" by Qihoo 360 NETLAB team owing its capabilities to deliver different rootkits at different times and the use of Blowfish cipher to encrypt communications to the attacker-controlled server.

QNAP confirms Qlocker ransomware used HBS backdoor account
2021-05-21 15:27

QNAP is advising customers to update the HBS 3 disaster recovery app to block Qlocker ransomware attacks targeting their Internet-exposed Network Attached Storage devices. "The ransomware known as Qlocker exploits CVE-2021-28799 to attack QNAP NAS running certain versions of HBS 3," the Taiwan-based NAS appliance maker said in a security advisory issued today.