Security News

The North Korea-linked ScarCruft group has been attributed to a previously undocumented backdoor called Dolphin that the threat actor has used against targets located in its southern counterpart. "The backdoor has a wide range of spying capabilities, including monitoring drives and portable devices and exfiltrating files of interest, keylogging and taking screenshots, and stealing credentials from browsers," ESET researcher Filip Jurčacko said in a new report published today.

US Navy nuclear engineer Jonathan Toebbe and his wife Diana Toebbe were sentenced to 232 months and 262 months, respectively, on charges that they worked together to hand numerous physical and electronic documents, including schematics for the advanced Virginia-class nuclear submarine, to an agent of a foreign government. Toebbe never spoke to a spy - when the unnamed foreign government received an initial teaser package of documents from the engineer, it handed them right over to a local FBI attaché.

The Iranian threat actor known as Domestic Kitten has been attributed to a new mobile campaign that masquerades as a translation app to distribute an updated variant of an Android malware known as FurBall. "Since June 2021, it has been distributed as a translation app via a copycat of an Iranian website that provides translated articles, journals, and books," ESET researcher Lukas Stefanko said in a report shared with The Hacker News.

When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client. A "Debugging port" typically refers to a listening network connection, usually a TCP socket, that handles debugging requests.

Modified off-the-shelf drones have been found carrying wireless network-intrusion kit in a very unlikely place. The idea of using consumer-oriented drones for hacking has been explored over the past decade at security conferences like Black Hat 2016, in both the US and in Europe.

The North Korean state-sponsored crime ring Lazarus Group is behind a new cyberespionage campaign with the goal to steal data and trade secrets from energy providers across the US, Canada and Japan, according to Cisco Talos. The Lazarus Group is perhaps best known for the infamous WannaCry attacks and a ton of cryptocurrency theft.

A threat actor operating with interests aligned with North Korea has been deploying a malicious extension on Chromium-based web browsers that's capable of stealing email content from Gmail and AOL. Cybersecurity firm Volexity attributed the malware to an activity cluster it calls SharpTongue, which is said to share overlaps with an adversarial collective publicly referred to under the name Kimsuky. SharpTongue has a history of singling out individuals working for organizations in the U.S., Europe, and South Korea who "Work on topics involving North Korea, nuclear issues, weapons systems, and other matters of strategic interest to North Korea," researchers Paul Rascagneres and Thomas Lancaster said.

US security technology provider L3Harris has courted controversial Israeli spyware firm NSO with an aim to buy it, according to reports. The New York Times claims L3Harris in recent months sent a team to Israel to try to smooth passage of the deal, which was made challenging by US president Joe Biden's decision to blacklist NSO following the use of its Pegasus software to crack phones of politicians and campaigners.

A never-before-seen remote access trojan dubbed ZuoRAT has been singling out small office/home office routers as part of a sophisticated campaign targeting North American and European networks. The malware "Grants the actor the ability to pivot into the local network and gain access to additional systems on the LAN by hijacking network communications to maintain an undetected foothold," researchers from Lumen Black Lotus Labs said in a report shared with The Hacker News.

The Industrial Spy data extortion marketplace has now launched its own ransomware operation, where they now also encrypt victim's devices. Last month, we reported on a new data extortion marketplace called Industrial Spy that allowed threat actors, and possibly even business competitors, to purchase data stolen from companies.