Malware

Pierluigi Paganini September 06, 2024
Russia-linked GRU Unit 29155 targeted critical infrastructure globally

The United States and its allies state that Russia-linked threat actors operating under the GRU are behind global critical infrastructure attacks. The FBI, CISA, and NSA linked threat actors from Russia’s GRU Unit 29155 to global cyber operations since at least 2020. These operations include espionage, sabotage, and reputational damage. The United States and its […]

Pierluigi Paganini September 05, 2024
Earth Lusca adds multiplatform malware KTLVdoor to its arsenal

The Chinese-speaking threat actor Earth Lusca used the new backdoor KTLVdoor in an attack against a trading company in China. Trend Micro Researchers spotted the Chinese-speaking threat actor Earth Lusca using a new multiplatform backdoor called KTLVdoor. The Earth Lusca group has been active since at least the first half of 2023, it primarily targeted […]

Pierluigi Paganini September 02, 2024
Lockbit gang claims the attack on the Toronto District School Board (TDSB)

The Toronto District School Board (TDSB) confirmed that student information was compromised in the June Lockbit ransomware attack. The Toronto District School Board (TDSB) confirmed that students’ information was compromised following a ransomware attack that was discovered in June.  The TDSB is the largest school board in Canada with 582 schools and about 235,000 students. In […]

Pierluigi Paganini September 02, 2024
A new variant of Cicada ransomware targets VMware ESXi systems

A new ransomware-as-a-service (RaaS) operation called Cicada3301 has emerged in the threat landscape and already targeted tens of companies. Cicada3301 is a new ransomware-as-a-service (RaaS) operation that appeared in the threat landscape. The group appears to be very active and already listed 23 victims on its extortion portal since mid-June. The following image shows the […]

Pierluigi Paganini September 01, 2024
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 9

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Unveiling “sedexp”: A Stealthy Linux Malware Exploiting udev Rules Malware infiltrates Pidgin messenger’s official plugin repository HZ Rat backdoor for macOS attacks users of China’s DingTalk and WeChat   BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities […]

Pierluigi Paganini August 30, 2024
Threat actors exploit Atlassian Confluence bug in cryptomining campaigns

Threat actors are actively exploiting a critical flaw in the Atlassian Confluence Data Center and Confluence Server in cryptocurrency mining campaigns. The critical vulnerability CVE-2023-22527  (CVSS score 10.0) in the Atlassian Confluence Data Center and Confluence Server is being actively exploited for cryptojacking campaigns. The vulnerability is a template injection vulnerability that can allow remote […]

Pierluigi Paganini August 30, 2024
Russia-linked APT29 reused iOS and Chrome exploits previously developed by NSO Group and Intellexa

Russia-linked APT29 group was spotted reusing iOS and Chrome exploits previously developed by surveillance firms NSO Group and Intellexa. Google TAG (Threat Analysis Group) researchers observed the Russia-linked group APT29 (aka SVR group, BlueBravo, Cozy Bear, Nobelium, Midnight Blizzard, and The Dukes). using exploits previously used by surveillance software vendors NSO Group and Intellexa. The circumstance suggests that the nation-state actors […]

Pierluigi Paganini August 29, 2024
Corona Mirai botnet spreads via AVTECH CCTV zero-day 

An instance of the Corona Mirai botnet spreads via AVTECH CCTV zero-day and multiple previously known vulnerabilities. Akamai’s Security Intelligence and Response Team (SIRT) has detected a botnet campaign exploiting multiple previously known vulnerabilities and a newly discovered zero-day, tracked as CVE-2024-7029 (CVSS score: 8.7), in AVTECH CCTV cameras. The flaw is a command injection issue […]

Pierluigi Paganini August 29, 2024
Iran-linked group APT33 adds new Tickler malware to its arsenal

Iran-linked group APT33 used new Tickler malware in attacks against organizations in the government, defense, satellite, oil and gas sectors. Microsoft researchers reported that the Iran-linked cyberespionage group APT33  (aka Peach Sandstorm, Holmium, Elfin, Refined Kitten, and Magic Hound) used new custom multi-stage backdoor called Tickler to compromise organizations in sectors such as government, defense, satellite, oil, and gas […]

Pierluigi Paganini August 28, 2024
Young Consulting data breach impacts 954,177 individuals

A ransomware attack by the BlackSuit group on Young Consulting compromised the personal information of over 950,000 individuals. Software solutions provider Young Consulting disclosed a data breach impacting 950,000 individuals following a BlackSuit ransomware attack. On April 13 the company “became aware of technical difficulties” that impacted its infrastructure. Attackers gained access to the company […]