May 16, 2024 at 03:47AM This report provides a detailed analysis of Earth Hundun’s cyberespionage campaign, focusing on the evolution from Waterbear to Deuterbear malware. Deuterbear displays advancements in capabilities such as shellcode plugins and HTTPS communication for C&C operations. The report also outlines the functionalities and differences between the two malware variants. The comprehensive … Read more
May 15, 2024 at 09:07AM An unnamed European Ministry of Foreign Affairs and its three diplomatic missions in the Middle East were targeted by two new backdoors, LunarWeb and LunarMail, attributed with medium confidence to the Russia-aligned cyberespionage group Turla. The backdoors use HTTP(S) and email messages for their communication, and appear to have been … Read more
May 14, 2024 at 12:39PM Google has released an emergency security update for Chrome to address a zero-day vulnerability with potential for data theft, malware implantation, and more. This is the second zero-day patched within a week and the sixth this year. The update includes a patch for a high-severity out-of-bounds write in the V8 … Read more
May 10, 2024 at 11:27AM North Korean threat actor Kimsuky deployed Golang-based malware Durian in targeted cyber attacks on South Korean cryptocurrency firms, per Kaspersky’s APT trends report. The attacks used legitimate South Korean software, establishing a connection to the attacker’s server to execute the infection. Kimsuky aims to steal data and geopolitical insight for … Read more
May 9, 2024 at 07:18PM Poland warns of state-backed Russian threat group targeting its government institutions. Russian APT28 hackers used a phishing campaign to trick officials into clicking malicious links, compromising their devices. This aligns with previous APT28 operations targeting NATO and EU members. APT28’s history includes hacking the DNC, DCCC, and the German Bundestag. … Read more
May 9, 2024 at 05:52PM The “Careto” APT group, inactive for over a decade, has reemerged in cyber-espionage targeting entities in Latin America and Central Africa. Kaspersky researchers have identified previous victims and new targets, emphasizing the need to remain vigilant against long-dormant APTs. The group’s sophisticated attacks involve custom techniques and versatile implants, showcasing … Read more
May 7, 2024 at 10:51AM A critical vulnerability in XZ Utils raised comparisons to the SolarWinds hack and highlighted the power of the open source community in averting a disaster. However, it also raised questions about security and trust within the ecosystem. The incident suggests the need for stricter security measures and consideration of internal … Read more
May 7, 2024 at 09:57AM Iranian state-backed hacking group APT42 utilizes advanced social engineering tactics to breach target networks and cloud environments. The group impersonates journalists and event organizers to gain trust and steal credentials, operating as part of the larger APT35 group. Their operations involve extensive credential harvesting and data exfiltration while evading detection. … Read more
May 7, 2024 at 09:57AM The recent cyber attack on MITRE Corporation, disclosed last month, exploited two zero-day vulnerabilities to target its NERVE research network. The attackers utilized various web shells and backdoors to gain access and maintain control, including deploying a Golang backdoor and conducting data exfiltration. The attack, attributed to a China-nexus cyber … Read more
May 7, 2024 at 07:09AM Germany recalled its ambassador to Russia for a week of consultations following an alleged hacker attack on Chancellor Olaf Scholzās party. The government expressed serious concern over the incident and accused Russian military agents of cyberespionage, leading to diplomatic tensions between Germany and Russia. Other European countries also condemned the … Read more