April 18, 2024 at 01:10AM A new malvertising campaign by Google uses multiple fake domains to distribute the backdoor “MadMxShell,” targeting users searching for IP scanning and IT management software. The Windows backdoor is distributed through JavaScript code and DLL side-loading, using DNS MX queries for command-and-control. The threat actor’s origins and motivations are currently … Read more
January 17, 2024 at 03:39PM Microsoft warns that an Iranian hacker group, linked to the IRGC, is targeting high-profile individuals in research organizations and universities in Europe and the US using spearphishing attacks. The attackers use custom-tailored phishing emails and new backdoor malware called MediaPl to steal sensitive data and gather intelligence aligning with Iranian … Read more
November 2, 2023 at 03:16PM The backdoor Trojan Kazuar has been enhanced to be more difficult to detect and can now operate covertly while evading analysis and malware protection tools. It has been used by the Russian-backed APT Pensive Ursa to target Ukraine’s defense sector. Kazuar has sophisticated commands and a command-and-control channel that allows … Read more
October 18, 2023 at 06:34PM Microsoft reports that the North Korean hacking groups Lazarus and Andariel are exploiting a vulnerability in TeamCity servers, CVE-2023-42793, to deploy backdoor malware. These attacks are likely aimed at conducting software supply chain attacks. Once the server is breached, the hackers use different attack chains to gain persistence on the … Read more