Security News

Two North Korean hacker groups had access to the internal systems of Russian missile and satellite developer NPO Mashinostoyeniya for five to six months, cyber security firm SentinelOne asserted on Monday. The attack illustrates potential North Korean efforts to advance development of missile and other military tech via cyber espionage.

Hackers are increasingly abusing the legitimate Cloudflare Tunnels feature to create stealthy HTTPS connections from compromised devices, bypass firewalls, and maintain long-term persistence. The technique isn't entirely new, as Phylum reported in January 2023 that threat actors created malicious PyPI packages that used Cloudflare Tunnels to stealthy steal data or remotely access devices.

The North Korean state-sponsored hacking group ScarCruft has been linked to a cyberattack on the IT infrastructure and email server for NPO Mashinostroyeniya, a Russian space rocket designer and intercontinental ballistic missile engineering organization. Today, SentinelLabs reported that ScarCruft is behind a hack of NPO Mashinostroyeniya's email server and IT systems, where the threat actors planted a Windows backdoor named 'OpenCarrot' for remote access to the network.

Two different North Korean nation-state actors have been linked to a cyber intrusion against the major Russian missile engineering company NPO Mashinostroyeniya. Cybersecurity firm SentinelOne said it identified "Two instances of North Korea related compromise of sensitive internal IT infrastructure," including a case of an email server compromise and the deployment of a Windows backdoor dubbed OpenCarrot.

The main executable for the Microsoft Publisher application has already been confirmed that it can download payloads from a remote server. According to recent research, even executables that are not signed by Microsoft serve purposes that are useful in attacks, such as reconnaissance.

Microsoft on Wednesday disclosed that it identified a set of highly targeted social engineering attacks mounted by a Russian nation-state threat actor using credential theft phishing lures sent as Microsoft Teams chats. Microsoft said the campaign, observed since at least late May 2023, affected less than 40 organizations globally spanning government, non-government organizations, IT services, technology, discrete manufacturing, and media sectors.

Microsoft says a hacking group tracked as APT29 and linked to Russia's Foreign Intelligence Service targeted dozens of organizations worldwide, including government agencies, in Microsoft Teams phishing attacks. These new domains were part of the 'onmicrosoft.com' domain, a legitimate Microsoft domain that is automatically used by Microsoft 365 for fallback purposes in case a custom domain is not created.

Hackers exploited a zero-day vulnerability in Salesforce's email services and SMTP servers to launch a sophisticated phishing campaign targeting valuable Facebook accounts.The attackers chained a flaw dubbed "PhishForce," to bypass Salesforce's sender verification safeguards and quirks in Facebook's web games platform to mass-send phishing emails.

Services offered by an obscure Iranian company known as Cloudzy are being leveraged by multiple threat actors, including cybercrime groups and nation-state crews. The Texas-based cybersecurity firm said the company acts as a command-and-control provider, which provides attackers with Remote Desktop Protocol virtual private servers and other anonymized services that ransomware affiliates and others use to pull off the cybercriminal endeavors.

Chinese state-sponsored hackers have been targeting industrial organizations with new malware that can steal data from air-gapped systems. Researchers at cybersecurity company Kaspersky discovered the new malware and attributed it to the cyber-espionage group APT31, a.k.a. Zirconium.