Security News
The North Korea-linked threat actor known as Moonstone Sleet has continued to push malicious npm packages to the JavaScript package registry with the aim of infecting Windows systems, underscoring the persistent nature of their campaigns. The security arm of the cloud monitoring firm is tracking the threat actor under the name Stressed Pungsan, which exhibits overlaps with a newly discovered North Korean malicious activity cluster dubbed Moonstone Sleet.
South Korea's National Cyber Security Center (NCSC) warns that state-backed DPRK hackers hijacked flaws in a VPN's software update to deploy malware and breach networks. [...]
APT StormBamboo compromised a undisclosed internet service provider to poison DNS queries and thus deliver malware to target organizations, Volexity researchers have shared. In April 2023, ESET researchers documented the threat actor targeting an international NGO in China with malicious updates, but weren't able to pinpoint whether these updates were delivered through supply-chain compromise or adversary-in-the-middle attacks.
The China-linked threat actor known as Evasive Panda compromised an unnamed internet service provider to push malicious software updates to target companies in mid-2023, highlighting a new level of sophistication associated with the group. It was also found to have targeted an international non-governmental organization in Mainland China with MgBot delivered via update channels of legitimate applications like Tencent QQ. While it was speculated that the trojanized updates were either the result of a supply chain compromise of Tencent QQ's update servers or a case of an adversary-in-the-middle attack, Volexity's analysis confirms it's the latter stemming from a DNS poisoning attack at the ISP level.
Cybersecurity researchers have disclosed details of a new distributed denial-of-service attack campaign targeting misconfigured Jupyter Notebooks. The activity, codenamed Panamorfi by cloud security firm Aqua, utilizes a Java-based tool called mineping to launch a TCP flood DDoS attack.
A Taiwanese government-affiliated research institute that specializes in computing and associated technologies was breached by nation-state threat actors with ties to China, according to new findings from Cisco Talos. The unnamed organization was targeted as early as mid-July 2023 to deliver a variety of backdoors and post-compromise tools like ShadowPad and Cobalt Strike.
In a historic prisoner exchange between Belarus, Germany, Norway, Russia, Slovenia, and the U.S., two Russian nationals serving time for cybercrime activities have been freed and repatriated to their country. U.S. President Joe Biden called the deal a "Feat of diplomacy," adding "Some of these women and men have been unjustly held for years." Other nations that played a role in the swap include Poland and Turkey.
Researchers are warning of threat actors increasingly abusing the Cloudflare Tunnel service in malware campaigns that usually deliver remote access trojans (RATs). [...]
Threat actors have hijacked more than 35,000 registered domains in so-called Sitting Ducks attacks that allow claiming a domain without having access to the owner's account at the DNS provider or...