‘Sticky Werewolf’ APT Stalks Aviation Sector

June 7, 2024 at 12:14PM A threat actor known as “Sticky Werewolf” is targeting organizations in Russia’s aviation industry, with a focus on espionage related to the Russia-Ukraine conflict. The group has evolved its infection methods to include complex phishing emails and multi-stage malware, aiming to gain access to sensitive information and facilitate data exfiltration. … Read more

Mysterious Cyber Attack Took Down 600,000+ Routers in the U.S.

May 31, 2024 at 02:07PM Between October 25-27, 2023, a cyber attack dubbed Pumpkin Eclipse bricked over 600,000 SOHO routers from a U.S. ISP, impacting access to the internet. Months later, analysis revealed the Chalubo RAT’s involvement. The attack targeted a single ASN, utilizing Lua functionality and exploiting weak credentials, raising questions about its purpose … Read more

North Korea’s Lazarus Group Deploys New Kaolin RAT via Fake Job Lures

April 25, 2024 at 01:51PM The Lazarus Group utilized job lures to distribute the Kaolin RAT, enabling deployment of the FudModule rootkit. This advanced operation, deemed overkill by Avast, involves a multi-stage sequence to ultimately establish communications with the RAT’s C2 server. The malware is capable of various operations including file manipulation and process execution, … Read more

Global Cybercriminal Duo Face Imprisonment After Hive RAT Scheme

April 16, 2024 at 02:27PM FBI arrested Edmond Chakhmakhchyan on federal charges for attempting to market and sell malware, providing unauthorized control over a victim’s device. Pleading not guilty, he’s due to stand trial on June 4. Chakhmakhchyan had struck a deal with the malware’s creator to advertise the Hive remote access Trojan (RAT) and … Read more

Hive RAT Creators and $3.5M Cryptojacking Mastermind Arrested in Global Crackdown

April 16, 2024 at 04:27AM Two individuals were arrested in Australia and the U.S. for their involvement in developing and distributing the remote access trojan Hive RAT. Edmond Chakhmakhchyan, also known as “Corruption,” from Los Angeles, was charged with selling the malware and faces conspiracy and device advertising charges. Additionally, Charles O. Parks III was … Read more

New SteganoAmor attacks use steganography to target 320 orgs globally

April 15, 2024 at 04:36PM TA558 hacking group’s “SteganoAmor” campaign uses steganography to conceal and deliver various malware tools, targeting hospitality and tourism organizations worldwide. The campaign involves sending malicious emails with document attachments exploiting a Microsoft Office vulnerability. This leads to the download of various malware families, including spyware, info-stealers, RATs, and downloaders. Over … Read more

Cybercriminals Targeting Latin America with Sophisticated Phishing Scheme

April 8, 2024 at 05:15AM A new phishing campaign targets Latin American users by sending a phishing email with a ZIP file attachment containing a malicious HTML file posing as an invoice. When the link in the HTML file is opened from a Mexican IP address, a CAPTCHA verification page opens, leading to a malicious … Read more

Visa warns of new JSOutProx malware variant targeting financial orgs

April 4, 2024 at 07:03PM Visa issued a security alert warning about increased detections of the JsOutProx malware targeting financial institutions in South and Southeast Asia, the Middle East, and Africa. The malware provides remote access and can execute various malicious activities. Mitigation actions and indicators of compromise were recommended, and the campaign involved phishing … Read more

New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT

March 19, 2024 at 02:15AM A new phishing campaign dubbed Operation PhantomBlu is using a sophisticated technique to deploy NetSupport RAT, targeting U.S. organizations with salary-themed phishing emails and exploiting Microsoft Office document templates. Additionally, threat actors are increasingly abusing public cloud services and data-hosting platforms to generate undetectable phishing URLs, sold on underground platforms. … Read more

Magnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RAT

March 11, 2024 at 02:45AM Magnet Goblin, a financially motivated threat actor, rapidly exploits newly disclosed vulnerabilities to breach public-facing servers and edge devices. The group deploys malware, including a remote access trojan (RAT) called Nerbian and MiniNerbian, to execute arbitrary commands and steal credentials. Their campaigns are financially motivated and target areas previously left … Read more