US Transportation and Logistics Firms Targeted With Infostealers, Backdoors

September 26, 2024 at 07:55AM Threat actors are targeting transportation and shipping organizations in North America, compromising email accounts to deliver various malware families like Arechclient2, DanaBot, Lumma Stealer, NetSupport, and StealC. The attacks involve injecting malicious content into compromised inboxes and using Google Drive links or URL files to deliver malware. Proofpoint advises caution … Read more

PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing

July 22, 2024 at 08:55AM FLUXROOT, a financially motivated threat actor, abused Google Cloud serverless projects to conduct phishing attacks, targeting Latin America. This highlights the trend of threat actors exploiting cloud computing for malicious purposes. Google has taken measures to mitigate such activities, emphasizing the challenges in detecting and countering threats facilitated by cloud … Read more

8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining

June 28, 2024 at 08:10AM Security researchers have uncovered details about the 8220 Gang’s cryptocurrency mining operation, exploiting known vulnerabilities in Oracle WebLogic Server. The threat actor uses fileless execution techniques and a multi-stage loading technique, including dropping a miner payload via PowerShell script. Additionally, a new installer tool called k4spreader has been detailed, used … Read more

Hackers push USB malware payloads via news, media hosting sites

January 31, 2024 at 05:37PM A financially motivated threat actor utilizes USB devices to infect and abuse online platforms such as GitHub, Vimeo, and Ars Technica to host encoded malware. These encoded payloads act as essential components in downloading and executing malware. The attackers, tracked as UNC4990 by Mandiant, predominantly target users in Italy. This … Read more

FBI Takes Down BlackCat Ransomware, Releases Free Decryption Tool

December 19, 2023 at 11:45AM The U.S. Justice Department disrupted the BlackCat ransomware, issuing a decryption tool for victims. With FBI’s help, a confidential source breached the gang’s web panel. BlackCat, a major ransomware variant, operated a ransomware-as-a-service model and used double extortion. The action saved victims $68 million, dismantled the gang’s computer network, and … Read more