Security News
NSA, CISA, and the FBI revealed today the top security vulnerabilities most exploited by hackers backed by the People's Republic of China to target government and critical infrastructure networks. The three federal agencies said in a joint advisory that Chinese-sponsored hackers are targeting U.S. and allied networks and tech companies to gain access to sensitive networks and steal intellectual property.
The threat actor behind the malware-as-a-service called Eternity has been linked to new piece of malware called LilithBot. "The group has been continuously enhancing the malware, adding improvements such as anti-debug and anti-VM checks."
U.S. cybersecurity and intelligence agencies on Tuesday disclosed that multiple nation-state hacking groups potentially targeted a "Defense Industrial Base Sector organization's enterprise network" as part of a cyber espionage campaign. " actors used an open-source toolkit called Impacket to gain their foothold within the environment and further compromise the network, and also used a custom data exfiltration tool, CovalentStealer, to steal the victim's sensitive data," the authorities said.
Convicted wire fraud perpetrator Paige Thompson has been sentenced to time served and five years of probation with location and computer monitoring, prompting U.S. Attorney Nick Brown to label the sanctions unsatisfactory. Thompson infamously raided cloud storage buckets operated by financial services company Capital One and made off with over 100 million individuals' personal information, in addition to other data heists.
The U.S. Government today released an alert about state-backed hackers using a custom CovalentStealer malware and the Impacket framework to steal sensitive data from a U.S. organization in the Defense Industrial Base sector. The hackers combined custom malware called CovalentStealer, the open-source Impacket collection of Python classes, the HyperBro remote access trojan, and well over a dozen ChinaChopper webshell samples.
The U.S. Government today released an alert about state-backed hackers using a custom 'CovalentStealer' malware and the Impacket framework to steal sensitive data from a U.S. organization in the Defense Industrial Base sector. The hackers combined custom malware called CovalentStealer, the open-source Impacket collection of Python classes, the HyperBro remote access trojan, and well over a dozen ChinaChopper webshell samples.
India's Central Bureau of Investigation on Monday disclosed that it has detained a Russian national for allegedly hacking into a software platform used to conduct engineering entrance assessments in the country in 2021. "The said accused was detained by the Bureau of Immigration at Indira Gandhi International Airport, Delhi while arriving in India from Almaty, Kazakhstan," the primary investigating agency said in a press release.
In a perfect example of there being no honor among thieves, a threat actor named 'Water Labbu' is hacking into cryptocurrency scam sites to inject malicious JavaScript that steals funds from the scammer's victims. In July, the FBI warned of scam 'dApps' that impersonated cryptocurrency liquidity mining services but, in reality, stole a victim's crypto investments.
The recently discovered Linux-Based ransomware strain known as Cheerscrypt has been attributed to a Chinese cyber espionage group known for operating short-lived ransomware schemes. "This reinforces claims that the 'Emperor Dragonfly' ransomware operators are based in China."
The North Korea-backed Lazarus Group has been observed deploying a Windows rootkit by taking advantage of an exploit in a Dell firmware driver, highlighting new tactics adopted by the state-sponsored adversary. The Bring Your Own Vulnerable Driver attack, which took place in the autumn of 2021, is another variant of the threat actor's espionage-oriented activity called Operation In(ter)ception that's directed against aerospace and defense industries.