Security News

A Chinese cyber-espionage hacking group tracked as Budworm has been observed targeting a telecommunication firm in the Middle East and a government entity in Asia using a new variant of its custom 'SysUpdate' backdoor. The SysUpdate malware is a remote access trojan associated with Budworm since 2020, supporting Windows service, process, and file management, command execution, data retrieval, and screenshot capturing.

US and Japanese law enforcement and cybersecurity agencies warn of the Chinese 'BlackTech' hackers breaching network devices to install custom backdoors for access to corporate networks. The FBI notice warns that the BlackTech hackers use custom, regularly updated malware to backdoor network devices, which are used for persistence, initial access to networks, and to steal data by redirecting traffic to attacker-controlled servers.

Sony says that it is investigating allegations of a cyberattack this week as different hackers have stepped up to claim responsibility for the purported hack. "We have successfully all of Sony systems," read a note posted on RansomedVC's onion leak site.

A new APT hacking group named 'AtlasCross' targets organizations with phishing lures impersonating the American Red Cross to deliver backdoor malware. Cybersecurity firm NSFocus identified two previously undocumented trojans, DangerAds and AtlasAgent, associated with attacks by the new APT group.

Hackers are actively exploiting a high-severity vulnerability in Openfire messaging servers to encrypt servers with ransomware and deploy cryptominers. Although Openfire fixed the issue with versions 4.6.8, 4.7.5, and 4.8.0, released in May 2023, VulnCheck reported that by mid-August 2023, over 3,000 Openfire servers were still running a vulnerable version.

A "multi-year" Chinese state-sponsored cyber espionage campaign has been observed targeting South Korean academic, political, and government organizations. Recorded Future's Insikt Group, which is...

Group-IB analysts attribute with various degrees of confidence ShadowSyndicate's use of the Quantum, Nokoyawa, BlackCat/ALPHV, Clop, Royal, Cactus, and Play ransomware in breaches since July 2022. Based on their findings, researchers believe that the threat actor could be an initial access broker, although evidence suggests that ShadowSyndicate is an affiliate to multiple ransomware operations.

A stealthy advanced persistent threat tracked as Gelsemium was observed in attacks targeting a Southeast Asian government that spanned six months between 2022 and 2023. Gelsemium is a cyberespionage group operational since 2014, targeting government, education, and electronic manufacturers in East Asia and the Middle East.

The Government of British Overseas Territory Bermuda has linked a cyberattack affecting all its departments' IT systems since Thursday to hackers based out of Russia. "The public is advised that the Government Is currently experiencing internet/email and phone service interruptions. All Departments are impacted," the Bermuda Government said.

Security researchers discovered a multi-step information stealing campaign where hackers breach the systems of hotels, booking sites, and travel agencies and then use their access to go after financial data belonging to customers. "After the infostealer is executed on the original target, the attacker can access messaging with legitimate customers" - Shiran Guez, information security senior manager at Akamai.