Security News

Autodesk has confirmed that it was also targeted by the Russian state hackers behind the large-scale SolarWinds Orion supply-chain attack, almost nine months after discovering that one of its servers was backdoored with Sunburst malware. "We identified a compromised SolarWinds server and promptly took steps to contain and remediate the incidents," Autodesk said in a recent 10-Q SEC filing.

A nascent information-stealing malware sold and distributed on underground Russian underground forums has been written in Rust, signalling a new trend where threat actors are increasingly adopting exotic programming languages to bypass security protections, evade analysis, and hamper reverse engineering efforts. First seen in the wild in August 2020, the Windows-based malware is used to steal sensitive information, including login credentials, credit card information, cryptocurrency wallets, and browser information, in addition to functioning as a tool to grab sensitive files from the compromised machine, and act as a downloader to download and execute additional second-stage malware.

A nascent information-stealing malware sold and distributed on underground Russian underground forums has been written in Rust, signalling a new trend where threat actors are increasingly adopting exotic programming languages to bypass security protections, evade analysis, and hamper reverse engineering efforts. First seen in the wild in August 2020, the Windows-based malware is used to steal sensitive information, including login credentials, credit card information, cryptocurrency wallets, and browser information, in addition to functioning as a tool to grab sensitive files from the compromised machine, and act as a downloader to download and execute additional second-stage malware.

At least two Chinese cyberespionage groups targeted Russian federal executive authorities in 2020, security researchers with threat hunting and intelligence firm Group-IB reveal. An in-depth analysis of the employed malware families suggests that Chinese hacker groups TA428 and TaskMasters were behind a series of attacks that targeted Russian government agencies in 2020, Group-IB says.

An amalgam of multiple state-sponsored threat groups from China may have been behind a string of targeted attacks against Russian federal executive authorities in 2020. The latest research, published by Singapore-headquartered company Group-IB, delves into a piece of computer virus called "Webdav-O" that was detected in the intrusions, with the cybersecurity firm observing similarities between the tool and that of popular Trojan called "BlueTraveller," that's known to be connected to a Chinese threat group called TaskMasters and deployed in malicious activities with the aim of espionage and plundering confidential documents.

The Russian hackers behind the massive SolarWinds cyberespionage campaign broke into the email accounts of some of the most prominent federal prosecutors' offices around the country last year, the Justice Department said. The department said 80% of Microsoft email accounts used by employees in the four U.S. attorney offices in New York were breached.

Details of 30 servers thought to be used by Russia's SVR spy agency as part of its ongoing campaigns to steal Western intellectual property were made public today by RiskIQ. Russia's Foreign Intelligence Service "Is actively serving malware previously used in espionage campaigns targeting COVID-19 research in the UK, US, and Canada," according to threat intel firm. "We were unable to locate any malware which communicated with this infrastructure, but we suspect it is likely similar to previously identified samples."

A Russian hacker known internationally as the "Bot master" was sentenced Tuesday to the 33 months he has already served in custody on federal charges he operated a network of devices used to steal computer credentials, distribute spam and install malicious software. In their written presentencing arguments, prosecutors said Levashov spent more than a decade controlling the botnets - including one that may have infected 200,000 computers - to harvest email addresses, logins and passwords from infected computers and also distributed malware and other malicious software.

Google security researchers shared more information on four security vulnerabilities, also known as zero-days, unknown before they discovered them being exploited in the wild earlier this year. The four security flaws were found by Google Threat Analysis Group and Google Project Zero researchers after spotting exploits abusing zero-day in Google Chrome, Internet Explorer, and WebKit, the engine used by Apple's Safari web browser.

President Biden asked Russian President Putin during a phone call today to disrupt ransomware groups operating within Russia's borders behind the ongoing wave of attacks impacting the United States and other countries worldwide. "President Biden underscored the need for Russia to take action to disrupt ransomware groups operating in Russia and emphasized that he is committed to continued engagement on the broader threat posed by ransomware," a White House statement reads.