Security News

Turla’s ‘Crutch’ Backdoor Leverages Dropbox in Espionage Attacks
2020-12-02 18:06

Researchers have discovered a previously undocumented backdoor and document stealer, which they have linked to the Russian-speaking Turla advanced persistent threat espionage group. Researchers said that the Crutch toolset has been designed to exfiltrate sensitive documents and other files to Dropbox accounts, which Turla operators control.

Nation-State Hackers Caught Hiding Espionage Activities Behind Crypto Miners
2020-12-01 00:54

A nation-state actor known for its cyber espionage campaigns since 2012 is now using coin miner techniques to stay under the radar and establish persistence on victim systems, according to new research. Attributing the shift to a threat actor tracked as Bismuth, Microsoft's Microsoft 365 Defender Threat Intelligence Team said the group deployed Monero coin miners in attacks that targeted both the private sector and government institutions in France and Vietnam between July and August earlier this year.

Hackers for hire target victims with cyber espionage campaign
2020-11-12 20:09

A new type of campaign that involves cyber espionage is the latest example of a cybercrime being perpetrated by people for hire. In its new report "The CostaRicto Campaign: Cyber-Espionage Outsourced," BlackBerry describes the actions of a malicious campaign carried out by freelance mercenaries.

Russian Espionage Group Updates Custom Malware Suite
2020-10-28 17:14

The advanced persistent threat known as Turla is targeting government organizations using custom malware, including an updated trio of implants that give the group persistence through overlapping backdoor access. Russia-tied Turla is a cyber-espionage group that's been around for more than a decade.

Cyber Espionage Detection Firm Strider Technologies Raises $10 Million
2020-10-27 13:38

Strider Technologies, a company that provides solutions for combating cyber-espionage, on Tuesday announced that it raised $10 million in Series A funding. Aiming to help organizations mitigate innovation theft and supply-chain vulnerabilities, Strider offers a platform suitable not only for corporations, but also for government agencies and research institutions looking to identify, assess, and remediate state-sponsored economic espionage.

Researchers Uncover Cyber Espionage Operation Aimed At Indian Army
2020-09-30 08:00

The campaign's starting point is an email with an embedded malicious attachment - either in the form of a ZIP file containing an LNK file or a Microsoft Word document - that triggers an infection chain via a series of steps to download the final-stage payload. Aside from identifying three different infection chains, what's notable is the fact that one of them exploited template injection and Microsoft Equation Editor flaw, a 20-year old memory corruption issue in Microsoft Office, which, when exploited successfully, let attackers execute remote code on a vulnerable machine even without user interaction. What's more, the LNK files have a double extension and come with document icons, thereby tricking an unsuspecting victim into opening the file.

Researchers Uncover 6-Year Cyber Espionage Campaign Targeting Iranian Dissidents
2020-09-19 04:24

Capping off a busy week of charges and sanctions against Iranian hackers, a new research offers insight into what's a six-year-long ongoing surveillance campaign targeting Iranian expats and dissidents with an intention to pilfer sensitive information. The threat actor, suspected to be of Iranian origin, is said to have orchestrated the campaign with at least two different moving parts - one for Windows and the other for Android - using a wide arsenal of intrusion tools in the form of info stealers and backdoors designed to steal personal documents, passwords, Telegram messages, and two-factor authentication codes from SMS messages.

APT Hackers Exploit Autodesk 3ds Max Software for Industrial Espionage
2020-08-26 09:33

It's one thing for APT groups to conduct cyber espionage to meet their own financial objectives. "The cybercriminal group infiltrated the company using a tainted and specially crafted plugin for Autodesk 3ds Max," Bitdefender researchers said in a report released today.

APT Hackers Exploit Autodesk 3ds Max Software for Industrial Espionage
2020-08-26 09:09

It's one thing for APT groups to conduct cyber espionage to meet their own financial objectives. "The cybercriminal group infiltrated the company using a tainted and specially crafted plugin for Autodesk 3ds Max," Bitdefender researchers said in a report released today.

NSA, FBI Warn of Linux Malware Used in Espionage Attacks
2020-08-13 22:03

According to a Thursday advisory by the National Security Agency and the Federal Bureau of Investigation, the malware especially represents a threat to national security systems such as the Department of Defense and Defense Industrial Base customers that use Linux systems. "Drovorub is a Linux malware toolset consisting of an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool, and a Command and Control server," according to a 45-page deep-dive analysis of the malware published Thursday [PDF] by the FBI and NSA. "When deployed on a victim machine, the Drovorub implant provides the capability for direct communications with actor controlled C2 infrastructure; file download and upload capabilities; execution of arbitrary commands as 'root'; and port forwarding of network traffic to other hosts on the network."