Security News

The North Korean state-sponsored threat actor known as Kimsuky has been discovered using a new reconnaissance tool called ReconShark as part of an ongoing global campaign. Active since at least 2012, the prolific threat actor has been linked to targeted attacks on non-governmental organizations, think tanks, diplomatic agencies, military organizations, economic groups, and research entities across North America, Asia, and Europe.

The North Korean Kimsuky hacking group has been observed employing a new version of its reconnaissance malware, now called 'ReconShark,' in a cyberespionage campaign with a global reach. Previously, in August 2022, Kaspersky revealed another Kimsuky campaign targeting politicians, diplomats, university professors, and journalists in South Korea using a multi-stage target validation scheme that ensured only valid targets would be infected with malicious payloads.

An APT hacking group known as "Dragon Breath," "Golden Eye Dog," or "APT-Q-27" is demonstrating a new trend of using several complex variations of the classic DLL sideloading technique to evade detection. DLL sideloading is a technique exploited by attackers since 2010, taking advantage of the insecure way Windows loads DLL files required by an application.

The Russian 'Sandworm' hacking group has been linked to an attack on Ukrainian state networks where WinRar was used to destroy data on government devices. In a new advisory, the Ukrainian Government Computer Emergency Response Team says the Russian hackers used compromised VPN accounts that weren't protected with multi-factor authentication to access critical systems in Ukrainian state networks.

Trend Micro attributed the intrusion set to a cyber espionage group it tracks under the name Earth Longzhi, which is a subgroup within APT41 and shares overlaps with various other clusters known as Earth Baku, SparklingGoblin, and GroupCC. Earth Longzhi was first documented by the cybersecurity firm in November 2022, detailing its attacks against various organizations located in East and Southeast Asia as well as Ukraine. Attack chains mounted by the threat actor leverage vulnerable public-facing applications as entry points to deploy the BEHINDER web shell, and then leverage that access to drop additional payloads, including a new variant of a Cobalt Strike loader called CroxLoader.

Threat actors are actively exploiting an unpatched five-year-old flaw impacting TBK digital video recording devices, according to an advisory issued by Fortinet FortiGuard Labs. The vulnerability in question is CVE-2018-9995, a critical authentication bypass issue that could be exploited by remote actors to gain elevated permissions.

Hackers are actively exploiting an unpatched 2018 authentication bypass vulnerability in exposed TBK DVR devices. Fortinet's FortiGard Labs reports seeing an uptick in hacking attempts on TBK DVR devices recently, with the threat actors using a publicly available proof of concept exploit to target a vulnerability in the servers.

A new malware known as 'LOBSHOT' distributed using Google ads allows threat actors to stealthily take over infected Windows devices using hVNC. Earlier this year, BleepingComputer and numerous cybersecurity researchers reported a dramatic increase in threat actors utilizing Google ads to distribute malware in search results. In a new report by Elastic Security Labs, researchers revealed that a new remote access trojan named LOBSHOT was being distributed through Google Ads.

The leak comes after the threat actor warned Western Digital on April 17th that they would hurt them until they "Cannot stand anymore" if a ransom was not paid. On March 26th, Western Digital suffered a cyberattack where threat actors breached its internal network and stole company data.

China has 50 hackers for every one of the FBI's cyber-centric agents, the Bureau's director told a congressional committee last week. "The scale of the Chinese cyber threat is unparalleled. They've got a bigger hacking program than every other major nation combined and have stolen more of our personal and corporate data than all other nations big or small combined."