Security News

Suspected Chinese cyber criminals have zeroed in on unpatched SonicWall gateways and are infecting the devices with credential-stealing malware that persists through firmware upgrades, according to Mandiant. The spyware targets the SonicWall Secure Mobile Access 100 Series - a gateway device that provides VPN access to remote users.

The FBI and the US government's Cybersecurity and Infrastructure Security Agency claim any foreign interference in the 2022 US midterm elections is unlikely to disrupt or prevent voting, compromise ballot integrity, or manipulate votes at scale. The agencies also took the time to explain how US election systems are secured using "a variety of technological, physical, and procedural controls to mitigate the likelihood of malicious cyber activity" that could affect "Election infrastructure systems or data that would alter votes or otherwise disrupt or prevent voting."

Cybersecurity biz Kaspersky has spotted a modified version of the Tor Browser it says collects sensitive data on Chinese users. The data collected by the browser itself includes internet history and data entered into website forms, said the threat hunter.

This included using email, OneDrive and other Microsoft cloud services accounts, as well as phony LinkedIn profiles that the criminals used to scope out employees who work for target organizations. In May, Google and Reuters attributed a hack-and-leak campaign to Coldriver, aka Seaborgium, in which the criminals leaked emails and documents reportedly stolen from high-level Brexit proponents, including former British spymaster Richard Dearlove.

Beijing-backed cyberspies used specially crafted phishing emails and six different backdoors to break into and then steal confidential data from military and industrial groups, government agencies and other public institutions, according to Kaspersky researchers. "The attackers were able to penetrate dozens of enterprises and even hijack the IT infrastructure of some, taking control of systems used to manage security solutions," the team wrote in a report published on Monday.

ESET researchers discovered CloudMensis, a macOS backdoor that spies on users of compromised Macs and uses public cloud storage services to communicate back and forth with its operators. Outline of how CloudMensis uses cloud storage services.

A cyber-spy group is targeting Microsoft Exchange deployments to steal data related to mergers and acquisitions and large corporate transactions, according to Mandiant. The infosec giant's researchers have dubbed the cyber-espionage threat group UNC3524.

The Threat Hunter Team team is attributing the attacks to Cicada, also known as APT10 - a group that has been operating for more than a decade and that intelligence agencies in the US have linked to China's Ministry of State Security. The researchers are pointing at Cicada because a custom loader and custom malware that have been used exclusively by the group were found in victims' networks.

A prolific Middle East team with links to Hamas is said to be using malware and infrastructure to target high-ranking Israeli officials and steal sensitive data from Windows and Android devices. The advanced persistent threat group - known by some as APT-C-23, Arid Viper, Desert Falcon, and FrozenCell, among other names - set up an elaborate cyberespionage campaign, spending months rolling out fake Facebook accounts to target specific potential Israeli victims, according to Cybereason's Nocturnus threat intelligence team.

"In most of the web application compromises, APT41 conducted.NET deserialization attacks; however, we have also observed APT41 exploiting SQL injection and directory traversal vulnerabilities," they said. APT41 "Heavily" used the Windows version of the KEYPLUG backdoor at state government victims between June 2021 and December 2021, researchers said.