October 27, 2023 at 10:43AM Cybersecurity firm Kaspersky has warned about a highly advanced piece of malware named StripedFly that has been infecting over one million devices for the past five years. The threat is designed as a modular framework and can target both Windows and Linux systems. It utilizes a Tor network tunnel for … Read more
October 26, 2023 at 09:31AM Researchers at Kaspersky have discovered that a malware called StripedFly, initially thought to be a basic cryptominer, is actually a sophisticated spy platform infecting over 1 million victims. The malware allows attackers to gain control over networks, exfiltrate data, and mine cryptocurrency. It includes a Tor network tunnel and uses … Read more
October 26, 2023 at 04:48AM The Iranian threat actor Tortoiseshell is responsible for a new series of watering hole attacks. They use a malware called IMAPLoader, which acts as a downloader for additional payloads. The attacks target various sectors, including maritime, shipping, logistics, and nuclear industries. Tortoiseshell has a history of strategic website compromises and … Read more
October 26, 2023 at 04:48AM A new threat actor called YoroTrooper, likely consisting of operators from Kazakhstan, has been identified. The group employs various tactics to hide their activities, including targeting Kazakhstani entities and using VPN exit nodes in Azerbaijan. YoroTrooper primarily uses spear-phishing and malware to steal data, and has now shifted to custom … Read more
October 24, 2023 at 04:26PM The emerging ransomware strain called Rhysida, operating since May, is targeting users of Brazil’s PIX payment system. Rhysida, which functions as a ransomware-as-a-service (RaaS), has a unique self-deletion mechanism and is compatible with pre-Windows 10 versions of Microsoft. It faced initial configuration challenges but quickly adapted. Alongside Rhysida, there is … Read more
October 23, 2023 at 02:09PM DoNot Team, a threat actor suspected to be of Indian origin, has been using a new .NET-based backdoor called Firebird to target victims in Pakistan and Afghanistan. The attack also involves a downloader named CSVtyrei. Kaspersky discovered the attack and noted ongoing development efforts. Transparent Tribe, another hacking group, has … Read more
October 22, 2023 at 01:42PM The number of Cisco IOS XE devices hacked with a malicious backdoor implant has dramatically decreased from over 50,000 to only a few hundred. It is unclear why this decline has occurred, with researchers speculating that the threat actors may have deployed an update to hide their presence or a … Read more
October 20, 2023 at 02:18PM DarkGate, a remote access trojan (RAT), has been linked to the Vietnamese financial cybercrime operation behind the Ducktail infostealer. Researchers have found similarities in the lure documents and targeting used by both malware. DarkGate is a multifunctional malware that can steal information, distribute malware, and mine cryptocurrency. Understanding connections between … Read more
October 20, 2023 at 10:09AM Vietnamese actors linked to the Ducktail stealer have been using DarkGate malware to target entities in the UK, US, and India. The increase in DarkGate campaigns is attributed to the decision to rent it out on a malware-as-a-service basis. The campaigns also involve LOBSHOT and RedLine Stealer, with similar tactics … Read more
October 20, 2023 at 08:50AM LinkedIn users are being targeted by a threat actor spreading malware through fake job posts at Corsair. The cybercriminal group responsible for the attacks, believed to be Vietnamese, is linked to previous campaigns targeting Facebook business accounts. The malware, including DarkGate and RedLine, is distributed through malicious files downloaded from … Read more