May 1, 2024 at 11:21AM Lumen’s Black Lotus Labs have discovered a new malware platform named Cuttlefish, capable of harvesting public cloud authentication data from enterprise and SOHO routers. The platform, similar to HiatusRat, is believed to be linked to a Chinese hacking group targeting US and European organizations. Cuttlefish is specifically designed to capture … Read more
March 26, 2024 at 02:42PM Lumen Technologies’ Black Lotus Labs discovered a 40,000-strong botnet comprised of end-of-life routers and IoT devices, used by a cybercriminal group to power the Faceless proxy service. The botnet, in operation since 2014, has grown to 40,000 bots from 88 countries. Researchers urge network defenders to watch for attacks on … Read more
January 17, 2024 at 01:30PM Microsoft has uncovered a sophisticated spear-phishing campaign by the ‘Mint Sandstorm’ hackers, associated with Iran’s military intelligence. The attacks target high-profile individuals in Middle Eastern affairs, using impersonation of journalists and benign emails to build trust before delivering malicious content. The hackers utilize compromised accounts to send phishing lures and … Read more
January 10, 2024 at 08:03PM Volexity warned of Chinese hackers exploiting zero-day vulnerabilities (CVE-2023-46805 and CVE-2024-21887) in Ivanti Connect Secure VPN. It affected fully patched appliances, with pre-patch mitigations provided. The attackers used these exploits to execute commands, steal data, and gain access to network systems. Volexity discovered and described the attacker’s methods. From the … Read more
December 13, 2023 at 12:24PM Malware hunters in the US have uncovered a resilient botnet built from outdated SOHO routers, serving as a covert data transfer network for Chinese government-backed hacker group Volt Typhoon. The botnet spans various sectors, including critical infrastructure organizations. Black Lotus Labs plans to release detailed technical analysis of the threat, … Read more
October 18, 2023 at 01:48PM Google’s Threat Analysis Group has found that government-backed hacking groups from Russia and China are still using a security flaw in the WinRAR file archiving utility, despite patches being released three months ago. The vulnerability, which allows attackers to execute code, has been known since at least April and is … Read more