Security News
Researchers have discovered a previously undocumented backdoor and document stealer, which they have linked to the Russian-speaking Turla advanced persistent threat espionage group. Researchers said that the Crutch toolset has been designed to exfiltrate sensitive documents and other files to Dropbox accounts, which Turla operators control.
A nation-state actor known for its cyber espionage campaigns since 2012 is now using coin miner techniques to stay under the radar and establish persistence on victim systems, according to new research. Attributing the shift to a threat actor tracked as Bismuth, Microsoft's Microsoft 365 Defender Threat Intelligence Team said the group deployed Monero coin miners in attacks that targeted both the private sector and government institutions in France and Vietnam between July and August earlier this year.
A new type of campaign that involves cyber espionage is the latest example of a cybercrime being perpetrated by people for hire. In its new report "The CostaRicto Campaign: Cyber-Espionage Outsourced," BlackBerry describes the actions of a malicious campaign carried out by freelance mercenaries.
The advanced persistent threat known as Turla is targeting government organizations using custom malware, including an updated trio of implants that give the group persistence through overlapping backdoor access. Russia-tied Turla is a cyber-espionage group that's been around for more than a decade.
Strider Technologies, a company that provides solutions for combating cyber-espionage, on Tuesday announced that it raised $10 million in Series A funding. Aiming to help organizations mitigate innovation theft and supply-chain vulnerabilities, Strider offers a platform suitable not only for corporations, but also for government agencies and research institutions looking to identify, assess, and remediate state-sponsored economic espionage.
The campaign's starting point is an email with an embedded malicious attachment - either in the form of a ZIP file containing an LNK file or a Microsoft Word document - that triggers an infection chain via a series of steps to download the final-stage payload. Aside from identifying three different infection chains, what's notable is the fact that one of them exploited template injection and Microsoft Equation Editor flaw, a 20-year old memory corruption issue in Microsoft Office, which, when exploited successfully, let attackers execute remote code on a vulnerable machine even without user interaction. What's more, the LNK files have a double extension and come with document icons, thereby tricking an unsuspecting victim into opening the file.
Capping off a busy week of charges and sanctions against Iranian hackers, a new research offers insight into what's a six-year-long ongoing surveillance campaign targeting Iranian expats and dissidents with an intention to pilfer sensitive information. The threat actor, suspected to be of Iranian origin, is said to have orchestrated the campaign with at least two different moving parts - one for Windows and the other for Android - using a wide arsenal of intrusion tools in the form of info stealers and backdoors designed to steal personal documents, passwords, Telegram messages, and two-factor authentication codes from SMS messages.
It's one thing for APT groups to conduct cyber espionage to meet their own financial objectives. "The cybercriminal group infiltrated the company using a tainted and specially crafted plugin for Autodesk 3ds Max," Bitdefender researchers said in a report released today.
It's one thing for APT groups to conduct cyber espionage to meet their own financial objectives. "The cybercriminal group infiltrated the company using a tainted and specially crafted plugin for Autodesk 3ds Max," Bitdefender researchers said in a report released today.
According to a Thursday advisory by the National Security Agency and the Federal Bureau of Investigation, the malware especially represents a threat to national security systems such as the Department of Defense and Defense Industrial Base customers that use Linux systems. "Drovorub is a Linux malware toolset consisting of an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool, and a Command and Control server," according to a 45-page deep-dive analysis of the malware published Thursday [PDF] by the FBI and NSA. "When deployed on a victim machine, the Drovorub implant provides the capability for direct communications with actor controlled C2 infrastructure; file download and upload capabilities; execution of arbitrary commands as 'root'; and port forwarding of network traffic to other hosts on the network."