September 19, 2024 at 08:53AM A postmortem on the accidental hiring of a North Korean threat actor at a security firm uncovered a network of fake IT workers groomed to deceive US companies for the financial benefit of the North Korean government. The actors slipped through background checks and posed as credible employees, exploiting the … Read more
August 16, 2024 at 09:33AM Cybersecurity researchers have identified a complex information theft campaign, “Tusk,” conducted by Russian-speaking cybercriminals. The campaign leverages legitimate brands to distribute malware like DanaBot and StealC through phishing tactics and social engineering. The sophisticated threat actors mimic well-known projects, employing multistage malware delivery methods, highlighting their advanced capabilities in deceiving … Read more
May 29, 2024 at 09:07AM A new cybercrime group named “Moonstone Sleet,” associated with North Korea and tracked by Microsoft, deceives targets with fake job offers to distribute malware and ransomware for financial gain. The group deployed trojanized software via LinkedIn, Telegram, and freelancing platforms, and has been linked to the deployment of a new … Read more
May 15, 2024 at 07:06AM Ebury, a sophisticated malware botnet, has compromised 400,000 Linux servers since 2009, with over 100,000 still affected as of late 2023. It is employed for various nefarious activities such as spam distribution, web traffic redirection, and credential theft, as well as cryptocurrency heists and credit card stealing. The threat actors … Read more
February 6, 2024 at 10:11AM The ‘ResumeLooters’ threat group has compromised 65 job listing and retail sites using SQL injection and XSS attacks, stealing personal data from over two million job seekers primarily in the APAC region. They employ various tools for penetration testing, such as SQLmap and Acunetix, to exploit security weaknesses and inject … Read more
November 21, 2023 at 04:18PM North Korean threat actors are engaging in deceptive tactics on the internet, posing as both job recruiters and job seekers. Palo Alto Networks’ Unit 42 has identified two ongoing campaigns, “Contagious Interview” and “Wagemole”, where the threat actors lure unsuspecting applicants into installing sophisticated malware or impersonate applicants to gain … Read more