Security News

Daxin Espionage Backdoor Ups the Ante on Chinese Malware
2022-03-01 17:55

The Daxin malware is taking aim at hardened government networks around the world, according to researchers, with the goal of cyberespionage. "Daxin malware is a highly sophisticated rootkit backdoor with complex, stealthy command-and-control functionality that enabled remote actors to communicate with secured devices not connected directly to the internet," warned CISA, in a Monday alert.

China-linked Daxin Malware Targeted Multiple Governments in Espionage Attacks
2022-03-01 00:01

A previously undocumented espionage tool has been deployed against selected governments and other critical infrastructure targets as part of a long-running espionage campaign orchestrated by China-linked threat actors since at least 2013. Broadcom's Symantec Threat Hunter team characterized the backdoor, named Daxin, as a technologically advanced malware, allowing the attackers to carry out a variety of communications and information-gathering operations aimed at entities in the telecom, transportation, and manufacturing sectors that are of strategic interest to China.

US winds up national security team dedicated to Chinese espionage
2022-02-24 05:05

The United States' National Security Division will wind up its "China Initiative" - an effort to combat what then-attorney general Jeff Sessions described in 2018 as "Systematic and calculated threats" posed by Beijing-backed economic espionage. "We have heard concerns from the civil rights community that the 'China Initiative' fueled a narrative of intolerance and bias," Olsen stated in a speech delivered at the National Security Institute and George Mason University.

Moses Staff Hackers Targeting Israeli Organizations for Cyber Espionage
2022-02-17 19:19

The politically motivated Moses Staff hacker group has been observed using a custom multi-component toolset with the goal of carrying out espionage against its targets as part of a new campaign that exclusively singles out Israeli organizations. First publicly documented in late 2021, Moses Staff is believed to be sponsored by the Iranian government, with attacks reported against entities in Israel, Italy, India, Germany, Chile, Turkey, the U.A.E., and the U.S. Earlier this month, the hacker collective was observed incorporating a previously undocumented remote access trojan called "StrifeWater" that masquerades as the Windows Calculator app to evade detection.

Iranian Hackers Using New Marlin Backdoor in 'Out to Sea' Espionage Campaign
2022-02-09 04:51

An advanced persistent threat group with ties to Iran has refreshed its malware toolset to include a new backdoor dubbed Marlin as part of a long-running espionage campaign that started in April 2018. Slovak cybersecurity company ESET attributed the attacks - code named Out to Sea - to a threat actor called OilRig, while also conclusively connecting its activities to a second Iranian group tracked under the name Lyceum.

Iranian Hackers Using New PowerShell Backdoor in Cyber Espionage Attacks
2022-02-01 02:28

An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason. The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten, while also calling out the backdoor's evasive PowerShell execution.

Ukraine Continues to Face Cyber Espionage Attacks from Russian Hackers
2022-02-01 01:11

Cybersecurity researchers on Monday said they uncovered evidence of attempted attacks by a Russia-linked hacking operation targeting a Ukrainian entity in July 2021. Broadcom-owned Symantec, in a new report published Monday, attributed the attacks to an actor tracked as Gamaredon, a cyber-espionage collective known to be active since at least 2013.

Molerats Hackers Hiding New Espionage Attacks Behind Public Cloud Infrastructure
2022-01-22 06:21

An active espionage campaign has been attributed to the threat actor known as Molerats that abuses legitimate cloud services like Google Drive and Dropbox to host malware payloads and for command-and-control and the exfiltration of data from targets across the Middle East. The cyber offensive is believed to have been underway since at least July 2021, according to cloud-based information security company Zscaler, continuing previous efforts by the hacking group to conduct reconnaissance on the target hosts and plunder sensitive information.

Cyber espionage campaign targets renewable energy companies
2022-01-17 16:38

A large-scale cyber-espionage campaign targeting primarily renewable energy and industrial technology organizations have been discovered to be active since at least 2019, targeting over fifteen entities worldwide. The campaign was discovered by security researcher William Thomas, a Curated Intelligence trust group member, who employed OSINT techniques like DNS scans and public sandbox submissions.

New SysJoker Espionage Malware Targeting Windows, macOS, and Linux Users
2022-01-12 20:13

A new cross-platform backdoor called "SysJoker" has been observed targeting machines running Windows, Linux, and macOS operating systems as part of an ongoing espionage campaign that's believed to have been initiated during the second half of 2021. "SysJoker masquerades as a system update and generates its by decoding a string retrieved from a text file hosted on Google Drive," Intezer researchers Avigayil Mechtinger, Ryan Robinson, and Nicole Fishbein noted in a technical write-up publicizing their findings.