#Sekoia – Xynik

Watering Hole Attack on Kurdish Sites Distributing Malicious APKs and Spyware

September 26, 2024 by Xynik

September 26, 2024 at 07:51AM French cybersecurity firm Sekoia discovered a long-running cyber espionage campaign, dubbed SilentSelfie, targeting Kurdish websites. The attacks aimed to steal sensitive information using a watering hole technique and various information-stealing frameworks. The campaign, of low sophistication, affected multiple Kurdish sites, indicating a new threat targeting the Kurdish community. The attackers’ … Read more

French police push PlugX malware self-destruct payload to clean PCs

July 25, 2024 by Xynik

July 25, 2024 at 11:26AM French police, with support from Europol and security firm Sekoia, are removing the PlugX malware from infected devices in France and other European countries. The operation, prompted by concern over the upcoming Paris 2024 Olympic Games, started on July 18, 2024, and is expected to continue until late 2024. ANSSI … Read more

Spain arrests three for using DDoSia hacktivist platform

July 22, 2024 by Xynik

July 22, 2024 at 09:18AM Spanish authorities arrested three individuals for using the DDoSia platform to carry out DDoS attacks against governments and organizations in NATO countries. The hacktivists’ arrests in Seville, Huelva, and Manacor led to the seizure of computer equipment. Despite this, the group continued its attacks in the EU. Spanish law enforcement … Read more

Self-Spreading PlugX USB Drive Malware Plagues Over 90k IP Addresses

April 26, 2024 by Xynik

April 26, 2024 at 10:18AM Sekoia reports that over 90,000 unique IP addresses are still infected with a self-spreading PlugX worm variant, attributed to a China-linked threat actor. The malware spreads through infected USB drives, creating potential risks for data exfiltration and surveillance, especially in regions strategically important to China’s Belt and Road Initiative. Sekoia … Read more

Dormant PyPI Package Compromised to Spread Nova Sentinel Malware

February 23, 2024 by Xynik

February 23, 2024 at 12:45PM A dormant package on PyPI, django-log-tracker, was updated after two years to introduce the Nova Sentinel information stealer malware. The update, detected on Feb 21, 2024, suggests a compromise of the PyPI account. The malicious update contained an executable file for the malware. The attack was an attempted supply-chain attack … Read more