A threat actor with a suspected China nexus has been linked to a set of espionage attacks in the Philippines that primarily relies on USB devices as an initial infection vector. The reliance on infected USB drives to propagate the malware is unusual if not new.
Threat actors are capitalizing on a popular TikTok challenge to trick users into downloading information-stealing malware, according to new research from Checkmarx. The trend, called Invisible Challenge, involves applying a filter called Invisible Body that just leaves behind a silhouette of the person's body.
New ransomware attacks targeting organizations in Ukraine first detected this Monday have been linked to the notorious Russian military threat group Sandworm. "There are similarities with previous attacks conducted by Sandworm: a PowerShell script used to distribute the.NET ransomware from the domain controller is almost identical to the one seen last April during the Industroyer2 attacks against the energy sector."
A threat actor associated with cyberespionage operations since at least 2017 has been luring victims with fake VPN software for Android that is a trojanized version of legitimate software SoftVPN and OpenVPN. Researchers say that the campaign was "Highly targeted" and aimed at stealing contact and call data, device location, as well as messages from multiple apps. ESET malware analyst Lukas Stefanko says that Bahamut repackaged the SoftVPN and OpenVPN apps for Android to include malicious code with spying functions.
The cyber espionage group known as Bahamut has been attributed as behind a highly targeted campaign that infects users of Android devices with malicious apps designed to extract sensitive information. The activity, which has been active since January 2022, entails distributing rogue VPN apps through a fake SecureVPN website set up for this purpose, Slovak cybersecurity firm ESET said in a new report shared with The Hacker News.
A cybercriminal operation tracked as Ducktail has been hijacking Facebook Business accounts causing losses of up to $600,000 in advertising credits. The gang has been spotted before using malware to steal Facebook-related information and hijack associated business accounts to run their own ads that are paid for by the victim.
Microsoft said its own investigation into the attack activity uncovered Boa as a common link, assessing that the intrusions were directed against exposed IoT devices running the web server. "Despite being discontinued in 2005, the Boa web server continues to be implemented by different vendors across a variety of IoT devices and popular software development kits," the company said.
A nascent and legitimate penetration testing framework known as Nighthawk is likely to gain threat actors' attention for its Cobalt Strike-like capabilities. There are no indications that a leaked or cracked version of Nighthawk is being weaponized by threat actors in the wild, Proofpoint researcher Alexander Rausch said in a write-up.
The best line of defense against holiday hacking schemes is a comprehensive incident response strategy that focuses on end-user vulnerabilities. The heightened number of cybersecurity threats around the holidays underscore just how important it is to have a comprehensive incident response strategy in place, protecting both your employees and your company's digital infrastructure.
Microsoft said today that security vulnerabilities found to impact a web server discontinued since 2005 have been used to target and compromise organizations in the energy sector. The attackers gained access to the internal networks of the hacked entities via Internet-exposed cameras on their networks as command-and-control servers.