This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchanges

December 5, 2024 at 11:15AM A new Android remote access trojan (RAT) called DroidBot targets 77 banking institutions and organizations. Disguised as security apps, it utilizes keylogging and UI monitoring. Active since June 2024, it operates on a Malware-as-a-Service model, with affiliates customizing the malware for attacks predominantly across Europe. ### Meeting Takeaways – December … Read more

Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers

December 5, 2024 at 06:24AM A suspected Chinese threat actor targeted a large U.S. organization between April and August 2024, compromising multiple computers and potentially exfiltrating email data. The attack used tactics, such as DLL side-loading and open-source tools. Previous links to another Chinese hacking group were also noted. Specific intrusion details remain unclear. **Meeting … Read more

Russian hackers hijack Pakistani hackers’ servers for their own attacks

December 5, 2024 at 03:48AM The Russian cyber-espionage group Turla is hijacking the infrastructure of Pakistani threat actor Storm-0156 to conduct covert attacks on compromised networks, particularly targeting Afghan and Indian government entities. This tactic, observed since late 2022, allows Turla to stealthily deploy malware while complicating attribution efforts. **Meeting Takeaways** 1. **Turla’s Activities:** – … Read more

ANEL and NOOPDOOR Backdoors Weaponized in New MirrorFace Campaign Against Japan

December 5, 2024 at 03:30AM The China-linked group MirrorFace has launched a spear-phishing campaign targeting individuals in Japan since June 2024, delivering backdoors NOOPDOOR and ANEL. This marks the return of ANEL, previously used by APT10. The attacks leverage malicious OneDrive links and various infection vectors, focusing on national security and international relations themes. ### … Read more

MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks

December 5, 2024 at 02:38AM Trend Micro researchers uncovered the Earth Minotaur group utilizing the MOONSHINE exploit kit, targeting vulnerabilities in instant messaging apps, particularly against Tibetan and Uyghur communities. They discovered an Android backdoor, DarkNimbus, which also runs on Windows. MOONSHINE has evolved since 2019, with over 55 identified servers by 2024. ### Meeting … Read more

CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel

December 5, 2024 at 01:18AM The U.S. CISA has added several vulnerabilities to its KEV catalog, including severe issues in Zyxel and I-O DATA products, with active exploitation reported. Recommendations for remediation by December 25, 2024, are urged for federal agencies. Meanwhile, I-O DATA advises users to enhance security until patches are released. **Meeting Takeaways … Read more

Russian FSB Hackers Breach Pakistan’s APT Storm-0156

December 4, 2024 at 05:31PM Russian hackers, known as Secret Blizzard, have infiltrated a Pakistani hacker group, Storm-0156, to access sensitive information from Afghan and Indian military targets. By leveraging Storm-0156’s tools and infrastructure, they employed diverse tactics for espionage, showcasing a unique trend of threat actors hacking fellow cybercriminals to gain operational advantages. **Meeting … Read more

Russia-Linked Turla Exploits Pakistani Hackers’ Servers to Target Afghan and Indian Entities

December 4, 2024 at 12:54PM The Russia-linked APT group Turla has infiltrated the command-and-control servers of the Pakistan-based Storm-0156 hacking group since December 2022. Turla utilizes this access to deploy custom malware against Afghan government networks, demonstrating a tactic of leveraging others’ infrastructure for intelligence gathering, complicating attribution and enhancing their operational reach. ### Meeting … Read more

Russian hackers hijack Pakistani hackers’ servers for their own attacks

December 4, 2024 at 12:11PM The Russian cyber-espionage group Turla is infiltrating the infrastructure of the Pakistani threat actor Storm-0156, using its compromised networks for covert attacks since late 2022. This strategy allows Turla to stealthily gather intelligence while complicating attribution efforts, leveraging previously breached targets, including Afghan governmental entities. **Meeting Notes Takeaways:** 1. **Turla’s … Read more

Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks

December 4, 2024 at 02:15AM A joint advisory from Australia, Canada, New Zealand, and the U.S. warns of a Chinese cyber espionage campaign targeting telecommunications. The group, known as Salt Typhoon, has been active since 2020, with ongoing intrusions. Cybersecurity guidance emphasizes strengthening network defenses to mitigate associated risks amid escalating U.S.-China trade tensions. **Meeting … Read more