#MalwareThreats

Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia

November 22, 2024 by Xynik

November 22, 2024 at 07:12AM Russian-linked threat group TAG-110 has been conducting a cyber espionage campaign targeting Central Asia, East Asia, and Europe, utilizing custom malware HATVIBE and CHERRYSPY. The campaign, focused on government and educational institutions, aims to gather intelligence to support Russia’s geopolitical interests, particularly in post-Soviet states. **Meeting Takeaways – Cyber Espionage … Read more

Russian Cyberespionage Group Hit 60 Victims in Asia, Europe

November 22, 2024 by Xynik

November 22, 2024 at 07:02AM A Russia-linked cyberespionage group, TAG-110, has targeted over 60 victims across Asia and Europe, mainly in government and education, since at least 2021. Utilizing malware like HatVibe and CherrySpy, the group’s activities align with Russian geopolitical interests, particularly in Central Asia, impacting multiple sectors and national institutions. ### Meeting Takeaways … Read more

The Urgent And Critical Need To Prioritize Mobile Security

November 19, 2024 by Xynik

November 19, 2024 at 09:54AM SecurityWeek offers extensive resources on cybersecurity, including news, webcasts, and virtual events. Key topics include malware, cybercrime, ransomware, and risk management. They also host ICS Cybersecurity Conferences, provide funding insights, and offer a daily newsletter for updates on the latest threats and expert opinions. **Meeting Takeaways: SecurityWeek Overview** 1. **Focus … Read more

Chinese hackers exploit Fortinet VPN zero-day to steal credentials

November 18, 2024 by Xynik

November 18, 2024 at 05:48PM Chinese hackers “BrazenBamboo” exploit a zero-day vulnerability in Fortinet’s FortiClient VPN using a tool called ‘DeepData’ to extract user credentials. Discovered by Volexity in July 2024, the flaw has not been patched, risking corporate networks. VPN access should be restricted until Fortinet releases a fix. ### Meeting Takeaways 1. **Zero-Day … Read more

Iranian Hackers Target Aerospace Industry in ‘Dream Job’ Campaign

November 14, 2024 by Xynik

November 14, 2024 at 12:53PM Iran-linked Charming Kitten hackers are targeting the aerospace sector through a ‘dream job’ campaign using SnailResin malware, as reported by SecurityWeek. **Meeting Takeaways:** 1. **Threat Actor:** Iranian-linked hackers known as Charming Kitten. 2. **Campaign Details:** The hackers have launched a ‘dream job’ campaign. 3. **Targeted Industry:** The aerospace sector is … Read more

Citrix ‘Recording Manager’ Zero-Day Bug Allows Unauthenticated RCE

November 12, 2024 by Xynik

November 12, 2024 at 10:25AM A zero-day vulnerability in Citrix’s Session Recording Manager permits unauthenticated remote code execution, enabling potential data theft and desktop takeover. It stems from insecure BinaryFormatter use and an exposed MSMQ service. As of now, there’s no known exploitation, but Citrix remains a prime target for cybercriminals. **Meeting Takeaways: Citrix Session … Read more

New Ymir ransomware partners with RustyStealer in attacks

November 11, 2024 by Xynik

November 11, 2024 at 05:50PM A new ransomware strain, ‘Ymir’, has emerged, targeting systems previously infected by RustyStealer malware. Notable for its in-memory execution and use of the ChaCha20 cipher, Ymir performs reconnaissance and avoids detection. It appends random extensions to encrypted files and displays ransom notes, signaling a rising threat in cybercrime collaboration. ### … Read more

AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services

November 8, 2024 by Xynik

November 8, 2024 at 09:58AM The AndroxGh0st malware is now exploiting various security vulnerabilities in internet-facing applications while incorporating the Mozi botnet for persistent access and credential theft. This integration enhances its targeting capabilities, allowing it to infect more IoT devices and streamline operations within a shared command infrastructure. ### Meeting Takeaways – November 8, … Read more

Android Botnet ‘ToxicPanda’ Bashes Banks Across Europe, Latin America

November 5, 2024 by Xynik

November 5, 2024 at 04:20PM Researchers have identified a new banking botnet named ToxicPanda, linked to Chinese-speaking threat actors, which targets over 1,500 devices across various countries. This malware exploits Android vulnerabilities for money transfers, undermining multifactor authentication. Cleafy emphasizes the necessity for improved security measures and real-time detection to counter such threats. ### Meeting … Read more

China’s ‘Evasive Panda’ APT Debuts High-End Cloud Hijacking

October 29, 2024 by Xynik

October 29, 2024 at 05:11PM The China-sponsored hacking group Evasive Panda has launched CloudScout, a sophisticated toolset to exploit stolen Web session cookies and access data from cloud services like Google Drive and Gmail. This post-compromise tool evades authentication checks and illustrates the group’s advanced cyberespionage skills targeting civil society and political entities. ### Meeting … Read more