December 9, 2024 at 02:59AM Mandiant has discovered a method to bypass browser isolation using QR codes for command-and-control operations. This technique encodes commands in QR codes displayed on webpages, allowing compromised local browsers to capture and decode them. Despite limitations like data size and latency, it highlights vulnerabilities in current security measures, necessitating enhanced … Read more
December 4, 2024 at 12:54PM The Russia-linked APT group Turla has infiltrated the command-and-control servers of the Pakistan-based Storm-0156 hacking group since December 2022. Turla utilizes this access to deploy custom malware against Afghan government networks, demonstrating a tactic of leveraging others’ infrastructure for intelligence gathering, complicating attribution and enhancing their operational reach. ### Meeting … Read more
December 4, 2024 at 12:02PM Russian hackers, known as Turla, spent two years infiltrating Pakistani cyberspies, gaining access to sensitive South Asian government networks. By commandeering Pakistani command servers, Turla deployed its own malware and extracted valuable data. This operation showcases their strategy of exploiting other threat actors’ infrastructures for espionage without revealing their own … Read more
November 8, 2024 at 02:27AM Researchers have identified a new malware campaign, CRON#TRAP, that infects Windows systems via a malicious shortcut file. It sets up a Linux virtual instance with a backdoor for remote access, complicating detection. Another campaign targets electronics companies using GuLoader malware via spear-phishing emails. Proactive security measures are essential. ### Meeting … Read more
November 6, 2024 at 09:40AM Researchers alert that the Winos 4.0 malware, linked to gaming apps, allows extensive control over compromised systems. Originating from Gh0st RAT, it targets Chinese-speaking users through deceptive tactics. The malware executes a multi-stage infection process, harvesting sensitive data and facilitating backdoor access for further exploitation. **Meeting Takeaways: Cybersecurity Update on … Read more
September 26, 2024 at 02:57AM Cloudflare has observed an advanced threat actor using multiple cloud service providers for credential harvesting, malware delivery, and command-and-control. The actor, known as SloppyLemming, targets government, law enforcement, energy, education, telecommunications, and technology entities in South and East Asian countries. The attacks involve spear-phishing emails, malicious links, and custom-built tools … Read more
September 23, 2024 at 02:51AM Attackers are using a new post-exploitation tool called Splinter to infiltrate and disrupt victims’ IT environments. The malicious tool can execute Windows commands, steal files, collect cloud service account info, and download additional malware. Unlike Cobalt Strike, Splinter poses a potential threat to organizations and remains undetected on victims’ networks. … Read more
June 18, 2024 at 12:36PM A new backdoor named BadSpace uses a multi-stage attack that involves infected WordPress sites. It is distributed similarly to the SocGholish malware and is associated with the cybercrime group Evil Corp. BadSpace’s delivery chain starts with an infected website, deploying the backdoor through a fake browser update notification and JavaScript … Read more
May 28, 2024 at 03:08PM The U.S. Treasury Department sanctioned a cybercrime network involving Chinese nationals and Thai companies linked to the “911 S5” botnet, which compromised 19 million IP addresses. The botnet facilitated cybercrimes, including fraudulent applications and bomb threats. Sanctions were imposed on individuals and entities involved, prohibiting transactions with U.S. interests and … Read more
February 2, 2024 at 10:33AM The international law enforcement operation ‘Synergia’ successfully dismantled over 1,300 command and control servers used in ransomware, phishing, and malware campaigns. This involved the collaboration of 60 law enforcement agencies from 55 countries and resulted in the identification of 1,900 IP addresses linked to cybercrime activities. Additionally, 31 individuals were … Read more