Security News

North Korean hackers are using a new version of the DTrack backdoor to attack organizations in Europe and Latin America. In the new campaign, Kaspersky has seen DTrack distributed using filenames commonly associated with legitimate executables.

The Russia-linked APT29 nation-state actor has been found leveraging a "Lesser-known" Windows feature called Credential Roaming as part of its attack against an unnamed European diplomatic entity. "The diplomatic-centric targeting is consistent with Russian strategic priorities as well as historic APT29 targeting," Mandiant researcher Thibault Van Geluwe de Berlaere said in a technical write-up.

The ByteDance-owned platform, which currently stores European user data in the U.S. and Singapore, said the revision is part of its ongoing data governance efforts to limit employee access to users in the region, minimize data flows outside of it, and store the information locally. "Based on a demonstrated need to do their job, subject to a series of robust security controls and approval protocols, and by way of methods that are recognised under the GDPR, we allow certain employees within our corporate group located in Brazil, Canada, China, Israel, Japan, Malaysia, Philippines, Singapore, South Korea, and the U.S. remote access to TikTok European user data," the company said.

Law enforcement authorities in France, in collaboration with Spain and Latvia, have disrupted a cybercrime ring that leveraged a hacking tool to steal cars without having to use a physical key fob. "The criminals targeted vehicles with keyless entry and start systems, exploiting the technology to get into the car and drive away," Europol said in a press statement.

Akamai says it has absorbed the largest-ever publicly known distributed denial of service attack - an assault against an unfortunate Eastern European organization that went beyond 700 million packets per second. For comparison, the July attack peaked at 659.6 Mpps with the organization coming under attack 75 times at its primary data center.

The ALPHV ransomware gang, aka BlackCat, claimed responsibility for a cyberattack against Creos Luxembourg S.A. last week, a natural gas pipeline and electricity network operator in the central European country. Creos' owner, Encevo, who operates as an energy supplier in five EU countries, announced on July 25 that they had suffered a cyberattack the previous weekend, between July 22 and 23.

The beleaguered Israeli surveillanceware vendor NSO Group this week admitted to the European Union lawmakers that its Pegasus tool was used by at least five countries in the region. The disclosure comes as a special inquiry committee was launched in April 2022 to investigate alleged breaches of E.U. law following revelations that the company's Pegasus spyware is being used to snoop on phones belonging to politicians, diplomats, and civil society members.

The Chinese hacking group known as 'Winnti' has been stealthily stealing intellectual property assets like patents, copyrights, trademarks, and other corporate data - all while remaining undetected by researchers and targets since 2019. Winnti establishes persistence via an encoded WebShell, by abusing the WinRM protocol for remote access, the IKEEXT and PrintNotify Windows services for DLL side-loading, or by loading a signed kernel rootkit.

Someone at least tried to use NSO Group's surveillance software to spy on European Commission officials last year, according to a Reuters report. European Justice Commissioner Didier Reynders and at least four commission staffers were targeted, according to the news outlet, citing two EU officials and documentation.

A Russian cybercrime gang has lately sent credential-phishing emails to the military of Eastern European countries and a NATO Center of Excellence, according to a Google threat report this week. One of these crews is Coldriver, which the Google team refer to as "a Russian-based threat actor." According to Leonard, Google hasn't seen attackers successfully compromise any Gmail accounts in its phishing campaigns.