October 20, 2023 at 02:18PM DarkGate, a remote access trojan (RAT), has been linked to the Vietnamese financial cybercrime operation behind the Ducktail infostealer. Researchers have found similarities in the lure documents and targeting used by both malware. DarkGate is a multifunctional malware that can steal information, distribute malware, and mine cryptocurrency. Understanding connections between … Read more
October 20, 2023 at 10:09AM Vietnamese actors linked to the Ducktail stealer have been using DarkGate malware to target entities in the UK, US, and India. The increase in DarkGate campaigns is attributed to the decision to rent it out on a malware-as-a-service basis. The campaigns also involve LOBSHOT and RedLine Stealer, with similar tactics … Read more
October 20, 2023 at 08:50AM LinkedIn users are being targeted by a threat actor spreading malware through fake job posts at Corsair. The cybercriminal group responsible for the attacks, believed to be Vietnamese, is linked to previous campaigns targeting Facebook business accounts. The malware, including DarkGate and RedLine, is distributed through malicious files downloaded from … Read more
October 20, 2023 at 05:57AM ExelaStealer, a new information stealer, has emerged in the crowded world of off-the-shelf malware. It is an open-source infostealer with customizable features, capable of stealing various types of sensitive data from compromised Windows systems. ExelaStealer is sold on cybercrime forums and a dedicated Telegram channel for as low as $20 … Read more
October 19, 2023 at 10:35AM An Iranian state-aligned APT known as MuddyWater has conducted a spying campaign on an unnamed Middle Eastern government for eight months. Symantec, which tracks the group, identified daily efforts to steal sensitive government data using custom malware tools. The campaign, which went undetected, involved accessing various computers on the network … Read more
October 19, 2023 at 06:39AM Between February and September 2023, the Iran-linked threat actor, OilRig, conducted an eight-month cyber espionage campaign against an unnamed Middle East government. The attack involved the theft of files and passwords, as well as the deployment of a PowerShell backdoor called PowerExchange. Additional malware used included Tokel, Dirps, and Clipog. … Read more
October 18, 2023 at 12:28PM The MATA backdoor framework has been observed in attacks targeting oil and gas firms and the defense industry in Eastern Europe between August 2022 and May 2023. The attacks used spear-phishing emails to trick victims into downloading malicious executables that exploit a vulnerability in Internet Explorer. The updated MATA framework … Read more
October 18, 2023 at 12:15PM North Korea’s Kimsuky cyber threat group has been found to be using Remote Desktop Protocol (RDP) and other tools to remotely take over targeted systems. The group has also been leveraging open source software such as TightVNC and Chrome Remote Desktop. Kimsuky continues to use spear phishing as its initial … Read more
October 18, 2023 at 11:03AM The Lazarus Group, a North Korea-linked hacking organization, has been using trojanized versions of Virtual Network Computing (VNC) apps to target the defense industry and nuclear engineers. They trick job seekers on social media into opening malicious apps for fake job interviews. The malware operates discreetly to avoid detection and … Read more
October 18, 2023 at 06:04AM Researchers have discovered a Tunisian hacker using Jupyter Notebook and malware to engage in cryptomining and compromise cloud systems. The incident highlights the importance of prioritizing cloud security as advanced productivity tools are increasingly adopted. Jupyter Notebook is an open-source platform for creating notebook documents that is used in data … Read more