Malware

Pierluigi Paganini June 28, 2024
US announces a $10M reward for Russia’s GRU hacker behind attacks on Ukraine

The US DoJ announced charges against a member of Russia’s military intelligence service GRU for conducting wiper attacks on Ukraine in 2022. The US Department of Justice (DoJ) announced charges against Russian national Amin Timovich Stigal, who is a member of Russia’s military intelligence service GRU, for conducting wiper attacks on Ukraine in 2022. The […]

Pierluigi Paganini June 27, 2024
LockBit group falsely claimed the hack of the Federal Reserve

The LockBit ransomware group seems to have lied when they announced the hack of the US Federal Reserve. The real victim is the Evolve Bank. The LockBit ransomware group hasn’t hacked the Federal Reserve as it has recently claimed, the real victim is the Evolve Bank. Last week, the LockBit gang announced that it had […]

Pierluigi Paganini June 27, 2024
New P2Pinfect version delivers miners and ransomware on Redis servers

Researchers warn that the P2Pinfect worm is targeting Redis servers with ransomware and cryptocurrency mining payloads. Cado Security researchers warned that the P2Pinfect worm is employed in attacks against Redis servers, aimed at deploying both ransomware and cryptocurrency mining payloads. In July 2023, Palo Alto Networks Unit 42 researchers first discovered the P2P worm P2PInfect that targets Redis servers […]

Pierluigi Paganini June 26, 2024
New Caesar Cipher Skimmer targets popular CMS used by e-stores

A new e-skimmer called Caesar Cipher Skimmer is used to compromise multiple CMS, including WordPress, Magento, and OpenCart. Sucuri researchers discovered a new e-skimmer, called Caesar Cipher Skimmer, that was used in recent weeks to target users of e-stores based on popular CMS, including WordPress, Magento, and OpenCart. Over the past several weeks, the experts […]

Pierluigi Paganini June 25, 2024
Mirai-like botnet is exploiting recently disclosed Zyxel NAS flaw

Researchers warn that a Mirai-based botnet is exploiting a recently disclosed critical vulnerability in EoL Zyxel NAS devices. Researchers at the Shadowserver Foundation warn that a Mirai-based botnet has started exploiting a recently disclosed vulnerability tracked as CVE-2024-29973 (CVSS score 9.8) in end-of-life NAS devices Zyxel NAS products. The flaw is a command injection vulnerability […]

Pierluigi Paganini June 24, 2024
Experts observed approximately 120 malicious campaigns using the Rafel RAT

Multiple threat actors are using an open-source Android remote administration tool called Rafel RAT to target Android Devices. Check Point Research identified multiple threat actors using Rafel, an open-source remote administration tool (RAT). The researchers spotted an espionage group using Rafel, highlighting the tool’s effectiveness across different threat profiles and goals. Previously, Check Point observed the cyber […]

Pierluigi Paganini June 24, 2024
LockBit claims the hack of the US Federal Reserve

The Lockbit ransomware group announced that it had breached the US Federal Reserve and exfiltrated 33 TB of sensitive data. The Lockbit ransomware group announced that it had breached the systems of Federal Reserve of the United States and exfiltrated 33 TB of sensitive data, including “Americans’ banking secrets.” The Lockbit ransomware group added the […]

Pierluigi Paganini June 24, 2024
Ransomware threat landscape Jan-Apr 2024: insights and challenges

Between Jan and Apr 2024, the global ransomware landscape witnessed significant activity, with 1420 ransomware claims reported worldwide. In the first four months of 2024, the global ransomware landscape witnessed significant activity, with 1420 ransomware claims reported worldwide, including 55 in Italy. These findings, sourced from the Ransomfeed platform, shed light on the geographical distribution […]

Pierluigi Paganini June 24, 2024
ExCobalt Cybercrime group targets Russian organizations in multiple sectors

The cybercrime group ExCobalt targeted Russian organizations in multiple sectors with a previously unknown backdoor known as GoRed. Positive Technologies researchers reported that a cybercrime gang called ExCobalt targeted Russian organizations in multiple sectors with a previously unknown Golang-based backdoor known as GoRed. Members of the ExCobalt group have been active since at least 2016, […]

Pierluigi Paganini June 22, 2024
Experts found a bug in the Linux version of RansomHub ransomware

The RansomHub ransomware operators added a Linux encryptor to their arsenal, the version targets VMware ESXi environments. RansomHub ransomware operation relies on a new Linux version of the encrypted to target VMware ESXi environments. Although RansomHub only emerged in February 2024, it has rapidly grown and has become the fourth most prolific ransomware operator over […]