Security News
Google's Threat Analysis Group, whose primary goal is to defend Google users from state-sponsored attacks, said today that Russian-backed threat groups are still focusing their attacks on Ukrainian organizations. In a report regarding recent cyber activity in Eastern Europe, Google TAG security engineer Billy Leonard revealed that hackers part of the Turla Russian APT group have also been spotted deploying their first Android malware.
Google's Threat Analysis Group, whose primary goal is to defend Google users from state-sponsored attacks, said today that Russian-backed threat groups are still focusing their attacks on Ukrainian organizations. In a report regarding recent cyber activity in Eastern Europe, Google TAG security engineer Billy Leonard revealed that hackers part of the Turla Russian APT group have also been spotted deploying their first Android malware.
Vulnerability researchers have found security issues in a GPS tracker that is advertised as being present in about 1.5 million vehicles in 169 countries. MiCODUS GPS trackers are used by the state-owned Ukrainian transportation agency, so Russian hackers could target them to determine supply routes, troop movements, or patrol routes, researchers at cybersecurity company BitSight say in a report today.
The Minister for Foreign Affairs of Belgium says multiple Chinese state-backed threat groups targeted the country's defense and interior ministries. "Belgium assesses these malicious cyber activities to have been undertaken by Chinese Advanced Persistent Threats."
Payment card details from customers of more than 300 restaurants have been stolen in two web-skimming campaigns targeting three online ordering platforms. Recently, Recorded Future's threat detection tools identified two Magecart campaigns injecting malicious code into the online ordering portals of MenuDrive, Harbortouch, and InTouchPOS. As a result, 50,000 payment cards were stolen and have already been offered for sale on various marketplaces on the dark web.
State-backed hackers part of Russia's Federation Foreign Intelligence Service have started using Google Drive legitimate cloud storage service to evade detection. "We have discovered that their two most recent campaigns leveraged Google Drive cloud storage services for the first time," Unit 42 analysts who spotted the new trend said.
Industrial engineers and operators are the target of a new campaign that leverages password cracking software to seize control of Programmable Logic Controllers and co-opt the machines to a botnet. The software "Exploited a vulnerability in the firmware which allowed it to retrieve the password on command," Dragos security researcher Sam Hanson said.
Researchers following the activities of advanced persistent threat groups originating from China, North Korea, Iran, and Turkey say that journalists and media organizations have remained a constant target for state-aligned actors. Proofpoint analysts have been following these activities from 2021 and into 2022 and published a report about several APT groups impersonating or targeting journalists.
VoIP phones using Digium's software have been targeted to drop a web shell on their servers as part of an attack campaign designed to exfiltrate data by downloading and executing additional payloads. "The malware installs multilayer obfuscated PHP backdoors to the web server's file system, downloads new payloads for execution, and schedules recurring tasks to re-infect the host system," Palo Alto Networks Unit 42 said in a Friday report.
An emerging threat cluster originating from North Korea has been linked to developing and using ransomware in cyberattacks targeting small businesses since September 2021. The group, which calls itself H0lyGh0st after the ransomware payload of the same name, is being tracked by the Microsoft Threat Intelligence Center under the moniker DEV-0530, a designation assigned for unknown, emerging, or a developing group of threat activity.