Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework

June 19, 2024 at 03:17AM The Void Arachne campaign targets Chinese-speaking users with malicious Windows Installer (MSI) files containing legitimate software bundled with malicious Winos payloads. The campaign also promotes compromised MSI files embedded with nudifiers and deepfake pornography-generating software, as well as AI voice and facial technologies. The threat actors use SEO poisoning tactics … Read more

WarmCookie Gives Cyberattackers Tasty New Backdoor for Initial Access

June 11, 2024 at 12:37PM A new Windows backdoor named WarmCookie, distributed through phishing emails, has become the latest tool for cyber attackers. Despite lacking sophistication, this backdoor is actively impacting organizations globally. It targets individuals with job recruitment lures and can ultimately lead to ransomware deployment. Organizations are urged to watch out for it … Read more

CrushFTP warns users to patch exploited zero-day “immediately”

April 19, 2024 at 06:36PM CrushFTP issued a private memo warning about an actively exploited zero-day vulnerability. It enables attackers to escape the user’s file system and download system files. While servers using a DMZ perimeter network are protected, customers are urged to patch immediately. The vulnerability, reported on April 19th, affects CrushFTP versions 9 … Read more

Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks

March 18, 2024 at 04:58AM APT & Targeted Attacks Summary An APT campaign named Earth Krahang targets government entities worldwide, with a focus in Southeast Asia, but also in Europe, America, and Africa. Using public-facing servers and spear phishing emails, the threat actor aims to conduct cyberespionage by abusing compromised government infrastructure. The campaign involves … Read more

Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections

February 26, 2024 at 01:39AM Earth Lusca, a China-linked threat actor, launched a campaign targeting Taiwan before the national elections, using geopolitical relations as a lure to infect selected targets. The attacks involved spear phishing and a multi-stage infection chain, ultimately deploying a stageless Cobalt Strike payload. There are significant overlaps between the tools used … Read more

Earth Preta Campaign Uses DOPLUGS to Target Asia

February 20, 2024 at 04:37AM Summary: Earth Preta’s APT campaign, employing a customized PlugX malware named DOPLUGS, targeted Asian countries, including Taiwan and Vietnam. Phishing emails embedded with Google Drive links were used as initial access, executing DOPLUGS malware. The DOPLUGS variant was found to integrate the KillSomeOne module for malware distribution and USB infection. … Read more

‘BlazeStealer’ Python Malware Allows Complete Takeover of Developer Machines

November 9, 2023 at 06:16PM Malicious Python packages masquerading as code obfuscation tools are targeting developers through the PyPI code repository. Known as “BlazeStealer,” the malware can steal data, launch keyloggers, encrypt files, and execute commands. Hackers target developers engaged in code obfuscation due to the valuable and sensitive information they work with. BlazeStealer is … Read more