Security News

The Iran-linked hacking group named Charming Kitten has added a new Android backdoor to its arsenal and successfully compromised individuals associated with the Iranian reformist movement, according to security researchers with IBM's X-Force threat intelligence team. Last year, the group accidentally exposed approximately 40 GB of videos and other content associated with its operations, including training videos on how to exfiltrate data from online accounts, and clips detailing the successful compromise of certain targets.

Russia has put forward a draft convention to the United Nations ostensibly to fight cyber-crime. The proposal, titled "United Nations Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes," [PDF] calls for member states to develop domestic laws to punish a far broader set of offenses than current international rules recognize.

Half of publicly reported supply chain attacks were carried out by "Well known APT groups", according to an analysis by EU infosec agency ENISA, which warned such digital assaults need to drive "New protective methods." Juhan Lepassaar, ENISA's exec director, said in a canned statement: "Due to the cascading effect of supply chain attacks, threat actors can cause widespread damage affecting businesses and their customers all at once. With good practices and coordinated actions at EU level, Member States will be able to reach a similar level of capabilities raising the common level of cybersecurity in the EU.".

Financial cybercrime gang FIN7 has rebounded after the jailing of some key members, launching a campaign that uses as a lure a legal complaint involving the liquor company that owns Jack Daniels whiskey. According to eSentire's Threat Response Unit, the successful breach for FIN7 was part of a wider, non-targeted email campaign.

The author of a popular software-defined radio project has removed a "Backdoor" from radio devices that granted root-level access. The backdoor had been, according to the author, present in all versions of KiwiSDR devices for the purposes of remote administration and debugging.

Threat actors are trying to capitalize on the ongoing Kaseya ransomware attack crisis by targeting potential victims in a spam campaign pushing Cobalt Strike payloads disguised as Kaseya VSA security updates. Cobalt Strike is a legitimate penetration testing tool and threat emulation software that's also used by attackers for post-exploitation tasks and to deploy so-called beacons that allow them to gain remote access to compromised systems.

The spies who backdoored SolarWinds' Orion software infiltrated Microsoft's support desk systems last month and obtained information to use in cyber-attacks on some of the Windows giant's customers, it was reported. Microsoft customers targeted by the support desk intruder have been alerted.

The PYSA ransomware gang has been using a remote access Trojan dubbed ChaChi to backdoor the systems of healthcare and education organizations and steal data that later gets leveraged in double extortion ransom schemes. ChaChi is a custom Golang-based RAT malware developed in early 2020 deployed by PYSA operators to access and control infected systems.

Microsoft is tracking a series of attacks that use SEO poisoning to infect targets with a remote access trojan capable of stealing the victims' sensitive info and backdooring their systems. The malware delivered in this campaign is SolarMarker, a.NET RAT that runs in memory and is used by attackers to drop other payloads on infected devices.

Researchers said, is the novel backdoor, which they said has been in development by a Chinese APT for at least three years. A multi-stage chain eventually results in the installation of the backdoor module, which is called "Victory." It "Appears to be a custom and unique malware," according to Check Point.