Security researchers found a new cross-platform backdoor, dubbed SysJoker, the is suspected to be the work of an APT group. Security experts from Intezer discovered a new backdoor, dubbed SysJoker, that is able to infect Windows, macOS, and Linux systems. The experts spotted a Linux variant of the backdoor in December while investigating an attack against […]
US authorities warn critical infrastructure operators of the threat of cyberattacks orchestrated by Russia-linked threat actors. US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) issued a joint alert to warn critical infrastructure operators about threats from Russian state-sponsored hackers. “This joint Cybersecurity Advisory (CSA)—authored […]
Iran-linked APT35 group has been observed leveraging the Log4Shell flaw to drop a new PowerShell backdoor. Iran-linked APT35 cyberespionege group (aka ‘Charming Kitten‘ or ‘Phosphorus‘) has been observed leveraging the Log4Shell flaw to drop a new PowerShell backdoor, Check Point researchers states. The experts also details the use of a modular PowerShell-based framework dubbed CharmPower, that allows […]
The India-linked threat actor Patchwork infected one of their own computers with its RAT revealing its operations to researchers. An India-linked threat actor, tracked as Patchwork (aka Dropping Elephant), employed a new variant of the BADNEWS backdoor, dubbed Ragnatela (“spider web” in Italian), in a recent campaign. However, the group made the headlines after infecting […]
North Korea-linked APT group Konni targets Russian Federation’s Ministry of Foreign Affairs (MID) new versions of malware implants. Security researchers at Cluster25 uncovered a recent campaign carried out by the North Korea-linked Konni APT group aimed at Russian diplomatic entities that used new versions of malware implants. The APT group carried out spear-phishing attacks using New Year’s […]
North Korea-linked threat actors are behind some of the largest cyberattacks against cryptocurrency exchanges. North Korea-linked APT groups are suspected to be behind some of the largest cyberattacks against cryptocurrency exchanges. According to South Korean media outlet Chosun, North Korean threat actors have stolen around $1.7 billion (2 trillion won) worth of cryptocurrency from multiple […]
A previously unknown rootkit, dubbed iLOBleed, was used in attacks aimed at HP Enterprise servers that wiped data off the infected systems. iLOBleed, is a previously undetected rootkit that was spotted targeting the HP Enterprise’s Integrated Lights-Out (iLO) server management technology to tamper with the firmware modules and wipe data off the infected systems. The […]
China-linked APT group Aquatic Panda is exploiting the Log4Shell vulnerability to compromise a large academic institution. China-linked cyberespionage group Aquatic Panda was spotted exploiting the Log4Shell vulnerability (CVE 2021-44228) in an attack aimed at a large academic institution. According to the Crowdstrike OverWatch team, the APT group is using a modified version of the Log4j […]
China-linked BlackTech cyberespionage group was targeting Japanese companies using new malware tracked as ‘Flagpro’. Researchers from NTT Security reported that China-linked BlackTech cyberespionage group targeted Japanese companies using new malware tracked as ‘Flagpro’. Attacks using Flagpro targeted multiple companies in Defense, Media, and Communications industries several times. According to a report by NTT Security, Flagpro has […]
Researchers analyzed the DoubleFeature logging tool of DanderSpritz Framework that was used by the Equation Group APT group. Check Point researchers have published a detailed analysis of the DoubleFeature tool used to log post-exploitation activities in attacks conducted by the Equation Group and involving the DanderSpritz malware framework. DanderSpritz made the headlines on April 14, […]