Malware

Pierluigi Paganini August 13, 2024
CERT-UA warns of a phishing campaign targeting government entities

CERT-UA warned that Russia-linked actor is impersonating the Security Service of Ukraine (SSU) in a new phishing campaign to distribute malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign targeting organizations in the country, including government entities. The campaign, tracked as UAC-0198, has been active since July. Threat actors sent out […]

Pierluigi Paganini August 12, 2024
EastWind campaign targets Russian organizations with sophisticated backdoors

A campaign tracked as EastWind is targeting Russian government and IT organizations with PlugY and GrewApacha Backdoors. In late July 2024, Kaspersky researchers detected a series of targeted cyberattacks against the Russian government and IT organizations. Kaspersky named this campaign has EastWind. Threat actors sent phishing emails with RAR archive attachments containing a Windows shortcut […]

Pierluigi Paganini August 11, 2024
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Surge in Magniber ransomware attacks impact home users worldwide BlankBot – a new Android banking trojan with screen recording, keylogging and remote control capabilities   LianSpy: new Android spyware targeting Russian users   Cloud Cover: How Malicious Actors […]

Pierluigi Paganini August 10, 2024
Is the INC ransomware gang behind the attack on McLaren hospitals?

A INC Ransom ransomware attack this week disrupted IT and phone systems at McLaren Health Care hospitals. On Tuesday, an INC Ransom ransomware attack hit the McLaren Health Care hospitals and disrupted their IT and phone systems. The organizations did not disclose details about the attack, however Bleeping Computer noticed that employees at McLaren Bay […]

Pierluigi Paganini August 10, 2024
Crooks took control of a cow milking robot causing the death of a cow

Crooks took control of a cow milking robot and demanded a ransom from a farmer who refused to pay it, resulting in the death of a cow. An extortion attempt had a tragic outcome, cybercriminals took control of a cow milking robot and demanded a ransom from a farmer, but he did not pay, resulting […]

Pierluigi Paganini August 08, 2024
Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware

The Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware and offers alleged stolen data for 25 BTC. Bayhealth Hospital is a technologically advanced not-for-profit healthcare system with nearly 4,000 employees and a medical staff of more than 450 physicians and 200 advanced practice clinicians. Bayhealth Medical Center, serving central and southern Delaware, […]

Pierluigi Paganini August 07, 2024
New Android spyware LianSpy relies on Yandex Cloud to avoid detection

A previously unknown Android Spyware, dubbed LianSpy, has been targeting Russian users since at least 2021. In March 2024, cybersecurity researchers from Kaspersky discovered previously unknown Android spyware dubbed LianSpy. The malware has been active since July 2021, it is designed to capture screencasts, exfiltrate user files, and harvest call logs and app lists. The […]

Pierluigi Paganini August 06, 2024
A ransomware attack hit French museum network

The Réunion des Musées Nationaux network, including Paris’ Grand Palais and other museums, was hit by a ransomware attack. A ransomware attack hit the Réunion des Musées Nationaux network, including Paris’ Grand Palais and other museums. The attack impacted around 40 museums across France. The attack occurred on Sunday, and despite some affected venues are […]

Pierluigi Paganini August 06, 2024
North Korea-linked hackers target construction and machinery sectors with watering hole and supply chain attacks

South Korea’s National Cyber Security Center (NCSC) reported that North Korea-linked hackers hijacked VPN software updates to deploy malware. South Korea’s national security and intelligence agencies, including the National Intelligence Service, the Prosecutor’s Office, the Police Agency, the Military Intelligence Command, and the Cyber Operations Command, have issued a joint cybersecurity advisory to warn that […]

Pierluigi Paganini August 05, 2024
China-linked APT41 breached Taiwanese research institute

China-linked group APT41 breached a Taiwanese government-affiliated research institute using ShadowPad and Cobalt Strike. Cisco Talos researchers reported that the China-linked group compromised a Taiwanese government-affiliated research institute. The experts attributed the attack with medium confidence to the APT41 group. The campaign started as early as July 2023 and threat actors delivered the ShadowPad malware, Cobalt […]