0 Comments
ESET researchers have identified twelve Android espionage apps that share the same malicious code: six were available on Google Play, and six were found on VirusTotal. All the observed applications were advertised as messaging tools apart from one that posed as a news app. In the background, these apps covertly execute remote access trojan (RAT)
0 Comments
Russian state-sponsored actors have staged NT LAN Manager (NTLM) v2 hash relay attacks through various methods from April 2022 to November 2023, targeting high-value targets worldwide. The attacks, attributed to an “aggressive” hacking crew called APT28, have set their eyes on organizations dealing with foreign affairs, energy, defense, and transportation, as well as those involved
0 Comments
The White House’s goal of bolstering the cyber resilience of critical infrastructure is being threatened by US federal agencies’ lack of oversight of ransomware protections, according to a new Government Accountability Office (GAO) report. The GAO noted that some agencies only assess the adoption of basic cybersecurity protections and general guidance in critical sectors like
0 Comments
Feb 01, 2024NewsroomCyber Attack / Botnet The threat actor behind a peer-to-peer (P2P) botnet known as FritzFrog has made a return with a new variant that leverages the Log4Shell vulnerability to propagate internally within an already compromised network. “The vulnerability is exploited in a brute-force manner that attempts to target as many vulnerable Java applications
0 Comments
Pawn Storm, an advanced persistent threat (APT) actor also known as APT28, has been targeting high-value entities globally, employing a range of techniques since at least 2004.  Despite relying on seemingly outdated methods like decade-old phishing campaigns, the group continues to compromise thousands of email accounts.  According to an advisory published today by Trend Micro
0 Comments
ESET has collaborated with the Federal Police of Brazil in an attempt to disrupt the Grandoreiro botnet. ESET contributed to the project by providing technical analysis, statistical information, and known command and control (C&C) server domain names and IP addresses. Due to a design flaw in Grandoreiro’s network protocol, ESET researchers were also able to
0 Comments
Jan 31, 2024NewsroomSoftware Security / Linux Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of the container and stage follow-on attacks. The vulnerabilities, tracked as CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653, have been collectively dubbed Leaky Vessels by cybersecurity vendor Snyk.
0 Comments
Digital Security In today’s digitally interconnected world, advanced cyber capabilities have become an exceptionally potent and versatile tool of tradecraft for nation-states and criminals alike Andy Garth 29 Jan 2024  •  , 4 min. read For thousands of years, nations have engaged in espionage, spying on their neighbors, allies, and adversaries. Traditionally, this realm of
0 Comments
Security researchers have recently uncovered a new variant of the notorious Phobos ransomware family named FAUST.  Phobos, which first emerged in 2019, encrypts files on victims’ computers and demands a ransom in cryptocurrency for the decryption key.  According to an advisory published by FortiGuard Labs last Thursday, the FAUST variant was found in an Office document
0 Comments
Jan 26, 2024NewsroomMalvertising / Phishing-as-a-service Chinese-speaking users have been targeted by malicious Google ads for restricted messaging apps like Telegram as part of an ongoing malvertising campaign. “The threat actor is abusing Google advertiser accounts to create malicious ads and pointing them to pages where unsuspecting users will download Remote Administration Trojan (RATs) instead,” Malwarebytes’
0 Comments
New evidence shows that Iran’s intelligence and military services are associated with cyber activities targeting Western countries through their network of contracting companies. A string of multi-year leaks and doxxing efforts led by anti-Iranian government hacktivists and dissident networks has uncovered an intricate web of entities associated with the Islamic Revolutionary Guard Corps (IRGC) involved
0 Comments
Video The previously unknown threat actor used the implant to target Chinese and Japanese companies, as well as individuals in China, Japan, and the UK 26 Jan 2024 This week, ESET researchers released their findings about an attack where a previously unknown threat actor deployed a sophisticated multistage implant, which ESET named NSPX30, through adversary-in-the-middle
0 Comments
Jan 27, 2024NewsroomMalware / Software Update Mexican financial institutions are under the radar of a new spear-phishing campaign that delivers a modified version of an open-source remote access trojan called AllaKore RAT. The BlackBerry Research and Intelligence Team attributed the activity to an unknown Latin American-based financially motivated threat actor. The campaign has been active
0 Comments
Ukrainian security services have arrested a hacker for allegedly targeting government websites and providing intelligence to Russia to carry out missile strikes on the city of Kharkiv. Security Service of Ukraine (SSU) revealed that its cyber unit has identified the individual, who it accused of following instructions from Russia’s intelligence service, the FSB. Hacker Spied
0 Comments
Medieval castles stood as impregnable fortresses for centuries, thanks to their meticulous design. Fast forward to the digital age, and this medieval wisdom still echoes in cybersecurity. Like castles with strategic layouts to withstand attacks, the Defense-in-Depth strategy is the modern counterpart — a multi-layered approach with strategic redundancy and a blend of passive and
0 Comments
ESET researchers have recently unveiled a highly sophisticated implant known as NSPX30, which has been linked to a newly identified Advanced Persistent Threat (APT) group named Blackwood. The findings, detailed in a Wednesday publication on the ESET blog, indicate that Blackwood has been actively engaged in cyber-espionage since at least 2018. From a technical standpoint,
0 Comments
ESET researchers provide an analysis of an attack carried out by a previously undisclosed China-aligned threat actor we have named Blackwood, and that we believe has been operating since at least 2018. The attackers deliver a sophisticated implant, which we named NSPX30, through adversary-in-the-middle (AitM) attacks hijacking update requests from legitimate software. Key points in
0 Comments
Jan 25, 2024NewsroomRemote Access Trojan Cybersecurity researchers have shed light on the command-and-control (C2) server of a known malware family called SystemBC. “SystemBC can be purchased on underground marketplaces and is supplied in an archive containing the implant, a command-and-control (C2) server, and a web administration portal written in PHP,” Kroll said in an analysis
0 Comments
Security researchers have observed a notable surge in dark web discussions regarding the illicit use of ChatGPT and other Large Language Models (LLMs), according to findings from Kaspersky’s Digital Footprint Intelligence service in 2023.  Nearly 3000 dark web posts were identified, focusing on a spectrum of cyber-threats, from creating malicious chatbot versions to exploring alternative
0 Comments
Jan 24, 2024NewsroomCloud Security / Kubernetes Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine (GKE) that could be potentially exploited by threat actors with a Google account to take control of a Kubernetes cluster. The critical shortcoming has been codenamed Sys:All by cloud security firm Orca. As many as 250,000 active GKE clusters
0 Comments
Security researchers have uncovered two new malicious packages on the npm open source package manager that utilized GitHub to store stolen Base64-encrypted SSH keys taken from developer systems.  These packages, identified earlier this month, have since been removed from npm. According to a ReversingLabs report published today, this discovery highlights an ongoing trend of cybercriminals
0 Comments
The threat actors behind ClearFake, SocGholish, and dozens of other actors have established partnerships with another entity known as VexTrio as part of a massive “criminal affiliate program,” new findings from Infoblox reveal. The latest development demonstrates the “breadth of their activities and depth of their connections within the cybercrime industry,” the company said, describing