Security News

State-sponsored North Korean hacker group Kimsuky has been impersonating journalists and academics for spear-phishing campaigns to collect intelligence from think tanks, research centers, academic institutions, and various media organizations. Kimsuky hackers meticulously plan and execute their spear-phishing attacks by using email addresses that closely resemble those of real individuals and by crafting convincing, realistic content for the communication with the target.

Register Kettle If there's one thing that's more all the rage these days than this AI hype, it's warrantless spying by the Feds. As we reported this week, the FBI abused its foreign surveillance powers in a "Persistent and widespread" manner to probe protesters, political campaign donors, and others, according to a court opinion.

A joint Cybersecurity Advisory from government agencies in the U.S. and Australia, and published by the Cybersecurity and Infrastructure Security Agency is warning organizations of the latest tactics, techniques, and procedures used by the BianLian ransomware group. BianLian is a ransomware and data extortion group that has been targeting entities in the U.S. and Australian critical infrastructure since June 2022.

The FBI and CISA issued a joint advisory to warn that the Bl00dy Ransomware gang is now also actively exploiting a PaperCut remote-code execution vulnerability to gain initial access to networks. "In early May 2023, according to FBI information, the Bl00dy Ransomware Gang gained access to victim networks across the Education Facilities Subsector where PaperCut servers vulnerable to CVE-2023-27350 were exposed to the internet," reads the security advisory.

Reuters is reporting that the FBI "Had identified and disabled malware wielded by Russia's FSB security service against an undisclosed number of American computers, a move they hoped would deal a death blow to one of Russia's leading cyber spying programs." The headline says that the FBI "Sabotaged" the malware, which seems to be wrong.

The FBI has cut off a network of Kremlin-controlled computers used to spread the Snake malware which, according to the Feds, has been used by Russia's FSB to steal sensitive documents from NATO members for almost two decades. After identifying and stealing sensitive files on victims' devices, Turla exfiltrated them through a covert network of unwitting Snake-compromised computers in the US. In effect, Snake can infect Windows, Linux, and macOS systems, and use those network nodes to pass data stolen from victims along to the software nasty's Russian spymasters.

The development of the Snake malware started under the name "Uroburos" in late 2003, while the first versions of the implant were seemingly finalized by early 2004, with Russian state hackers deploying the malware in attacks immediately after. The malware is linked to a unit within Center 16 of the FSB, the notorious Russian Turla hacking group, and was disrupted following a coordinated effort named Operation MEDUSA. Among the computers ensnared in the Snake peer-to-peer botnet, the FBI also found devices belonging to NATO member governments.

The U.S. Justice Department announced today the seizure of 13 more domains linked to DDoS-for-hire platforms, also known as 'booter' or 'stressor' services. "As part of an ongoing initiative targeting computer attack 'booter' services, the Justice Department today announced the court-authorized seizure of 13 internet domains associated with these DDoS-for-hire services," the Department of Justice said.

"Unfortunately, one of our primary login domains was seized today. Therefore, we recommend using the domain singlelogin.re to log in to your account, as well as to register. Please share this domain with others," Z-Library said in a Telegram post. Z-Library's seized domains now display a banner indicating that the FBI seized them in accordance with a warrant issued pursuant to 18 U.S.C. 981(b) and 21 U.S.C. 853(f) by the United States District Court for the Eastern District of New York.

The FBI and Ukrainian police have seized nine cryptocurrency exchange websites that facilitated money laundering for scammers and cybercriminals, including ransomware actors. The seized sites allowed users to anonymously convert cryptocurrency into harder-to-trace coins to obscure the money trace and help cybercriminals launder their pilfers without being traced by law enforcement.