Security News

A malware-as-a-service dubbed Matanbuchus has been observed spreading through phishing campaigns, ultimately dropping the Cobalt Strike post-exploitation framework on compromised machines. "If we look historically, BelialDemon has been involved in the development of malware loaders," Unit 42 researchers Jeff White and Kyle Wilhoit noted in a June 2021 report.

The Ukrainian Computer Emergency Response Team is warning that Russian hacking groups are exploiting the Follina code execution vulnerability in new phishing campaigns to install the CredoMap malware and Cobalt Strike beacons. The RTF document used in the APT28 campaign attempts to exploit CVE-2022-30190, aka "Follina," to download and launch the CredoMap malware on a target's device.

Security researchers have noticed a new malicious spam campaign that delivers the 'Matanbuchus' malware to drop Cobalt Strike beacons on compromised machines. Cobalt Strike is a penetration testing suite that is frequently used by threat actors for lateral movement and to drop additional payloads.

Security researchers have noticed a new malicious spam campaign that delivers the 'Matanbuchus' malware to drop Cobalt Strike beacons on compromised machines. Cobalt Strike is a penetration testing suite that is frequently used by threat actors for lateral movement and to drop additional payloads.

A threat actor known as 'Blue Mockingbird' targets Telerik UI vulnerabilities to compromise servers, install Cobalt Strike beacons, and mine Monero by hijacking system resources. The flaw leveraged by the attacker is CVE-2019-18935, a critical severity deserialization that leads to remote code execution in the Telerik UI library for ASP.NET AJAX. The same threat actor was seen targeting vulnerable Microsoft IIS servers that used Telerik UI in May 2020, by which time a year had passed since security updates were made available by the vendor.

A threat actor targeted security researchers with fake Windows proof-of-concept exploits that infected devices with the Cobalt Strike backdoor. Threat actors commonly use these exploits to conduct attacks or spread laterally within a network.

A threat actor targeted security researchers with fake Windows proof-of-concept exploits that infected devices with the Cobalt Strike backdoor. Threat actors commonly use these exploits to conduct attacks or spread laterally within a network.

The Iran-linked Cobalt Mirage crew is running attacks against America for both financial gain and for cyber-espionage purposes, according to Secureworks' threat intelligence team. For the espionage strikes, Cobalt Mirage pulls off targeted intrusions to gain access and collect intelligence, though the snoops appear to be experimenting with ransomware here as well, the threat hunters wrote.

A new spear phishing campaign is taking place in Russia targeting dissenters with opposing views to those promoted by the state and national media about the war against Ukraine. The campaign targets government employees and public servants with emails warning of the software tools and online platforms that are forbidden in the country.

Ukraine's Computer Emergency Response Team is warning that threat actors are distributing fake Windows antivirus updates that install Cobalt Strike and other malware. The phishing emails are sent to Ukrainian state bodies and propose downloading "Critical security updates," which come in the form of a 60 MB file named "BitdefenderWindowsUpdatePackage.exe."