Security News

Sophisticated hackers believed to be tied to the North Korean government are actively targeting journalists with novel malware dubbed Goldbackdoor. "The Goldbackdoor malware shares strong technical overlaps with the Bluelight malware," researchers wrote.

A state-backed threat actor with ties to the Democratic People's Republic of Korea has been attributed to a spear-phishing campaign targeting journalists covering the country with the ultimate goal of deploying a backdoor on infected Windows systems. The threat actor has a track record of targeting the Republic of Korea with a noted focus on government officials, non-governmental organizations, academics, journalists, and North Korean defectors.

An Iranian-linked threat actor known as Rocket Kitten has been observed actively exploiting a recently patched VMware vulnerability to gain initial access and deploy the Core Impact penetration testing tool on vulnerable systems. Tracked as CVE-2022-22954, the critical issue concerns a case of remote code execution vulnerability affecting VMware Workspace ONE Access and Identity Manager.

North Korean state-sponsored hackers known as APT37 have been discovered targeting journalists specializing in the DPRK with a novel malware strain. The malware is distributed through a phishing attack first discovered by NK News, an American news site dedicated to covering news and providing research and analysis about North Korea, using intelligence from within the country.

Hospitals and Health Care group has disconnected all incoming and outgoing Internet connections after discovering they suffered a cyberattack that resulted in the theft of sensitive administrative and patient data. The cyberattack occurred on April 19th and affected the CHs of Vitry-le-François and Saint-Dizier, causing GHT to disconnect Internet connections to the hospitals to prevent the attack's spread and further data theft.

The company added that it has mitigated the breach by terminating the hacker's group access to its network and disabled the stolen credentials that were used in the breach. Using these credentials Lapsus$ members can get access to the company's internal tools like - Atlas an internal T-Mobile tool for managing customer accounts.

Telecom company T-Mobile on Friday confirmed that it was the victim of a security breach in March after the LAPSUS$ mercenary gang managed to gain access to its networks. "T-Mobile, in a statement, said that the incident occurred"several weeks ago, with the "Bad actor" using stolen credentials to access internal systems.

The Russian cybercrime community, one of the most active and prolific in the world, is turning to alternative money-laundering methods due to sanctions on Russia and law enforcement actions against dark web markets. First came the bank sanctions and the blocking of SWIFT payments, a result of the Russian invasion of Ukraine.

T-Mobile has confirmed that the Lapsus$ extortion gang breached its network "Several weeks ago" using stolen credentials and gained access to internal systems. Per T-Mobile, the Lapsus$ hackers didn't steal sensitive customer or government information during the incident.

Threat analysts report that zero-day vulnerability exploitation is on the rise, with Chinese hackers using most of them in attacks last year. Zero-day disclosures are of particular interest to hackers because they have a wider exploitation window until vendors address the flaws and clients start applying the updates.