Void Arachne Uses Deepfakes and AI to Deliver Malicious VPNs to Chinese Users

June 19, 2024 at 07:00AM Cybersecurity firm Trend Micro discovered a new threat group targeting Chinese-speaking users with a campaign dubbed Void Arachne. The attack employs malicious Windows Installer files for VPNs to distribute the Winos 4.0 command-and-control framework. The campaign involves social media and messaging platforms and promotes compromised files with deepfake and AI … Read more

Russian Power Companies, IT Firms, and Govt Agencies Hit by Decoy Dog Trojan

June 4, 2024 at 12:06PM Russian organizations have been targeted in cyber attacks delivering a Windows version of the Decoy Dog malware by the HellHounds group. The advanced persistent threat (APT) group compromises organizations, remaining undetected for years. The malware includes a custom variant of the open-source Pupy RAT and is designed to maintain covert … Read more

Courtroom Software Backdoored to Deliver RustDoor Malware in Supply Chain Attack

May 24, 2024 at 06:00AM The courtroom video recording software developed by Justice AV Solutions (JAVS) has been targeted in a software supply chain attack, resulting in the delivery of malware known as RustDoor. Cybersecurity firm Rapid7 discovered the attack and reported that the compromised installer and associated executable have been signed with unexpected Authenticode … Read more

New BiBi Wiper version also destroys the disk partition table

May 20, 2024 at 12:10PM The BiBi Wiper malware’s new variants are targeting Israeli and Albanian systems, linked to an Iranian hacking group named ‘Void Manticore.’ Check Point Research uncovered newer variants and operational overlaps involving another Iranian threat group. The malware is designed to complicate data restoration efforts, significantly extending downtime for targeted victims … Read more

North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign

May 16, 2024 at 10:15AM The Kimsuky hacking group is behind a new social engineering attack, using fictitious Facebook accounts to target individuals via Messenger and deliver malware. The campaign impersonates a legitimate individual to trick activists in the North Korean human rights and anti-North Korea sectors. This approach aims to avoid detection and may … Read more

‘Four horsemen of cyber’ look back on 2008 DoD IT breach that led to US Cyber Command

May 10, 2024 at 09:08AM A malware-infected USB inserted into a military laptop in Afghanistan in 2008 caused the worst US military breach, leading to the formation of the US Cyber Command. The malware, suspected to be from Russian cyber spies, infected DoD systems and prompted Operation Buckshot Yankee. The Four Horsemen of Cyber discussed … Read more

MITRE Hack: China-Linked Group Breached Systems in December 2023

May 7, 2024 at 04:15AM MITRE disclosed details of a recent hack targeting its NERVE network, including the use of Ivanti zero-day vulnerabilities and attribution to a Chinese cyberespionage group. The attack involved manipulating virtual machines, deploying malicious payloads and preparing for data exfiltration. MITRE shared technical details on the malware and indicators of compromise. … Read more

Cisco Raises Alarm for ‘ArcaneDoor’ Zero-Days Hitting ASA Firewall Platforms

April 24, 2024 at 02:09PM Cisco issued a warning about professional, nation state-backed hackers exploiting two zero-day vulnerabilities in its ASA firewall platforms to plant malware on telecommunications and energy sector networks. The campaign, known as ArcaneDoor, aims to exploit software defects in Cisco products, potentially exfiltrate data, and execute commands. Cisco recommended ensuring proper … Read more

DPRK hacking groups breach South Korean defense contractors

April 23, 2024 at 01:00PM The National Police Agency in South Korea issued an urgent warning about North Korean hacking groups targeting defense industry entities in South Korea. Groups Lazarus, Andariel, and Kimsuky breached companies by exploiting vulnerabilities, stealing critical technology information. Special inspection found multiple companies compromised since late 2022, leading to recommendations for … Read more

Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice

March 27, 2024 at 04:09AM A new phishing campaign discovered by Trustwave SpiderLabs involves a novel loader malware delivering Agent Tesla via a deceptive bank payment notification email. The malware evades detection and antivirus defenses, retrieves its payload using unique URLs, and exfiltrates data via legitimate email accounts. This tactic poses challenges for detection and … Read more