Pierluigi Paganini
May 07, 2022
Experts spotted a malware campaign that is the first one using a technique of hiding a shellcode into Windows event logs. In February 2022 researchers from Kaspersky spotted a malicious campaign using a novel technique that consists of hiding the shellcode in Windows event logs. The technique allows hiding a fileless Trojan, the experts also […]
Pierluigi Paganini
May 06, 2022
Researchers discovered a sophisticated malware framework, dubbed NetDooka, distributed via a pay-per-install (PPI) malware service known as PrivateLoader. Trend Micro researchers uncovered a sophisticated malware framework dubbed NetDooka that is distributed via a pay-per-install (PPI) service known as PrivateLoader and includes multiple components, including a loader, a dropper, a protection driver, and a full-featured remote […]
Pierluigi Paganini
May 06, 2022
Uptycs researchers identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API. The Uptycs Threat Research team has identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API port 2375. The attacks are related to crypto miners and reverse shells on the vulnerable servers using base64-encoded commands in the cmdline, built […]
Pierluigi Paganini
May 04, 2022
A sophisticated cyberespionage campaign, dubbed Operation CuckooBees, conducted by the China-linked Winnti group remained undetected since at least 2019. Researchers from Cybereason uncovered a sophisticated cyberespionage campaign, dubbed Operation CuckooBees, aimed at stealing intellectual property from the victims. The campaign flew under the radar since at least 2019, it was attributed by the experts to […]
Pierluigi Paganini
May 04, 2022
Researchers from Trellix linked multiple ransomware strains to the North Korea-backed APT38 group. The ransomware was employed in attacks on financial institutions, experts estimated that APT38 (Unit 180 of North Korea’s cyber-army Bureau 121) has stolen at hundreds of million dollars from banks worldwide. APT38 appears to be a North Korea-linked group separate from the […]
Pierluigi Paganini
May 04, 2022
A security researcher discovered that samples of Conti, REvil, LockBit ransomware were vulnerable to DLL hijacking. The security researcher John Page aka (hyp3rlinx) discovered that malware from multiple ransomware operations, including Conti, REvil, LockBit, AvosLocker, and Black Basta, are affected by flaws that could be exploited block file encryption. Page shared its findings through its […]
Pierluigi Paganini
May 03, 2022
A new APT group, tracked as UNC3524, uses IP cameras to deploy backdoors and steal Microsoft Exchange emails. Mandiant researchers discovered a new APT group, tracked as UNC3524, that heavily targets the emails of employees that focus on corporate development, mergers and acquisitions, and large corporate transactions. Once gained initial access to the target systems, […]
Pierluigi Paganini
May 02, 2022
The REvil ransomware gang has resumed its operations, experts found a new encryptor and a new attack infrastructure. The REvil ransomware operation shut down in October 2021, in January the Russian Federal Security Service (FSB) announced to have shut down the REvil ransomware gang, the group that is behind a long string of attacks against large organizations, such as Kaseya and JBS […]
Pierluigi Paganini
May 02, 2022
Russia-linked APT29 (Cozy Bear or Nobelium) launched a spear-phishing campaign targeting diplomats and government entities. In mid-January 2022, security researchers from Mandiant have spotted a spear-phishing campaign, launched by the Russia-linked APT29 group, on targeting diplomats and government entities. The Russia-linked APT29 group (aka SVR, Cozy Bear, and The Dukes) has been active since at least 2014, […]
Pierluigi Paganini
April 30, 2022
Emotet operators are testing new attack techniques in response to Microsoft’s move to disable Visual Basic for Applications (VBA) macros by default. The operators of the infamous Emotet botnet are testing new attack techniques in response to Microsoft’s move to disable Visual Basic for Applications (VBA) macros by default. The threat actors are adopting the […]
