Earth Preta Evolves its Attacks with New Malware and Strategies

September 9, 2024 at 03:44AM Earth Preta has enhanced its attacks by incorporating new malware and strategies, such as the propagation of PUBLOAD via a variant of the worm HIUPAN. Additional tools like FDMTP and PTSOCKET are utilized to extend control and data exfiltration capabilities. These attacks are highly targeted and time-sensitive, focusing on specific … Read more

IRGC-Linked Hackers Package Modular Malware in Monolithic Trojan

August 20, 2024 at 05:06AM State-level Iranian APT TA453 (aka APT42) recently executed a phishing attack by disguising as the research director of ISW and engaging with an Israeli rabbi. They delivered a new monolithic PowerShell Trojan, “AnvilEcho,” bundling their previous espionage tools into a single script. This change aims to reduce malware download size … Read more

Attackers Abuse Google OAuth Endpoint to Hijack User Sessions

January 3, 2024 at 06:08AM Prisma uncovered a critical exploit within an undocumented Google OAuth endpoint, enabling attackers to hijack user sessions and maintain continuous unauthorized access to Google services. The exploit has been integrated into various malware and has continued to evolve, posing a significant threat. CloudSEK has emphasized the need for enhanced cybersecurity … Read more