Custom “Pygmy Goat” malware used in Sophos Firewall hack on govt network

November 4, 2024 at 12:49PM The UK’s NCSC analyzed “Pygmy Goat,” a Linux malware targeting Sophos XG firewalls used in attacks by Chinese threat actors. It employs advanced techniques for maintaining persistence and remote access. The report offers detection strategies and highlights similarities with “Castletap” malware linked to state-sponsored actors. ### Meeting Takeaways 1. **Malware … Read more

Windows infected with backdoored Linux VMs in new phishing attacks

November 4, 2024 at 10:56AM The ‘CRON#TRAP’ phishing campaign targets Windows systems using deceptive emails to install a Linux virtual machine with a backdoor for stealthy corporate network access. Leveraging the legitimate QEMU tool, attackers ensure persistence and communication via a tunneling program, enabling various malicious actions undetected by security measures. ### Meeting Takeaways on … Read more