Security News

Trend Micro attributed the intrusion set to a cyber espionage group it tracks under the name Earth Longzhi, which is a subgroup within APT41 and shares overlaps with various other clusters known as Earth Baku, SparklingGoblin, and GroupCC. Earth Longzhi was first documented by the cybersecurity firm in November 2022, detailing its attacks against various organizations located in East and Southeast Asia as well as Ukraine. Attack chains mounted by the threat actor leverage vulnerable public-facing applications as entry points to deploy the BEHINDER web shell, and then leverage that access to drop additional payloads, including a new variant of a Cobalt Strike loader called CroxLoader.

Threat actors are actively exploiting an unpatched five-year-old flaw impacting TBK digital video recording devices, according to an advisory issued by Fortinet FortiGuard Labs. The vulnerability in question is CVE-2018-9995, a critical authentication bypass issue that could be exploited by remote actors to gain elevated permissions.

Hackers are actively exploiting an unpatched 2018 authentication bypass vulnerability in exposed TBK DVR devices. Fortinet's FortiGard Labs reports seeing an uptick in hacking attempts on TBK DVR devices recently, with the threat actors using a publicly available proof of concept exploit to target a vulnerability in the servers.

A new malware known as 'LOBSHOT' distributed using Google ads allows threat actors to stealthily take over infected Windows devices using hVNC. Earlier this year, BleepingComputer and numerous cybersecurity researchers reported a dramatic increase in threat actors utilizing Google ads to distribute malware in search results. In a new report by Elastic Security Labs, researchers revealed that a new remote access trojan named LOBSHOT was being distributed through Google Ads.

The leak comes after the threat actor warned Western Digital on April 17th that they would hurt them until they "Cannot stand anymore" if a ransom was not paid. On March 26th, Western Digital suffered a cyberattack where threat actors breached its internal network and stole company data.

China has 50 hackers for every one of the FBI's cyber-centric agents, the Bureau's director told a congressional committee last week. "The scale of the Chinese cyber threat is unparalleled. They've got a bigger hacking program than every other major nation combined and have stolen more of our personal and corporate data than all other nations big or small combined."

The Computer Emergency Response Team of Ukraine says Russian hackers are targeting various government bodies in the country with malicious emails supposedly containing instructions on how to update Windows as a defense against cyber attacks. Instead of legitimate instructions on upgrading Windows systems, the malicious emails advise the recipients to run a PowerShell command.

Veeam backup servers are being targeted by at least one group of threat actors known to work with multiple high-profile ransomware gangs. Malicious activity and tools echoing FIN7 attacks have been observed in intrusions since March 28, less than a week after an exploit became available for a high-severity vulnerability in Veeam Backup and Replication software.

Hackers are hijacking online stores to display modern, realistic-looking fake payment forms to steal credit cards from unsuspecting customers. These payment forms are shown as a modal, HTML content overlayed on top of the main webpage, allowing the user to interact with login forms or notification content without leaving the page.

The Chinese nation-state group dubbed Alloy Taurus is using a Linux variant of a backdoor called PingPull as well as a new undocumented tool codenamed Sword2033. Alloy Taurus is the constellation-themed moniker assigned to a threat actor that's known for its attacks targeting telecom companies since at least 2012.