Pierluigi Paganini
August 28, 2023
Researchers spotted an updated version of the KmsdBot botnet that is now targeting Internet of Things (IoT) devices. The Akamai Security Intelligence Response Team (SIRT) discovered a new version of the KmsdBot botnet that employed an updated Kmsdx binary targeting Internet of Things (IoT) devices. KmsdBot is an evasive Golang-based malware that was first detected by […]
Pierluigi Paganini
August 27, 2023
The leak of the source code of the LockBit 3.0 ransomware builder in 2022 allowed threat actors to create new variants of the threat. Lockbit v3, aka Lockbit Black, was detected in June 2022, but in September 2022 a builder for this variant was leaked online. The availability of the builder allowed anyone to create their own […]
Pierluigi Paganini
August 25, 2023
Experts observed the SmokeLoader malware delivering a new Wi-Fi scanning malware strain dubbed Whiffy Recon. Secureworks Counter Threat Unit (CTU) researchers observed the Smoke Loader botnet dropping a new Wi-Fi scanning malware named Whiffy Recon. The malicious code triangulates the positions of the infected systems using nearby Wi-Fi access points as a data point for Google’s […]
Pierluigi Paganini
August 24, 2023
The North Korea-linked Lazarus group exploits a critical flaw in Zoho ManageEngine ServiceDesk Plus to deliver the QuiteRAT malware. The North Korea-linked APT group Lazarus has been exploiting a critical vulnerability, tracked as CVE-2022-47966, in Zoho’s ManageEngine ServiceDesk in attacks aimed at the Internet backbone infrastructure provider and healthcare organizations. The state-sponsored hackers targeted entities […]
Pierluigi Paganini
August 23, 2023
A previously unknown APT group, tracked as Carderbee, was behind a supply chain attack against Hong Kong organizations. Symantec Threat Hunter Team reported that a previously unknown APT group, tracked as Carderbee, used a malware-laced version of the legitimate Cobra DocGuard software to carry out a supply chain attack aimed at organizations in Hong Kong. […]
Pierluigi Paganini
August 22, 2023
The Akira ransomware gang targets Cisco VPN products to gain initial access to corporate networks and steal their data. The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. Like other ransomware gangs, the […]
Pierluigi Paganini
August 22, 2023
Snatch gang claims the hack of the Department of Defence South Africa and added the military organization to its leak site. The Snatch ransomware group added the Department of Defence South Africa to its data leak site. The mission of the Department of Defence is to provide, manage, prepare and employ defence capabilities commensurate with the […]
Pierluigi Paganini
August 21, 2023
The BlackCat/ALPHV ransomware group claims to have hacked the Japanese maker of watches Seiko and added the company to its data leak site. On August 10, 2023, the Japanese maker of watches Seiko disclosed a data breach following a cyber attack. “Seiko Group Corporation (hereinafter referred to as “the Company” or “we”) has confirmed that […]
Pierluigi Paganini
August 21, 2023
HiatusRAT malware operators resurfaced with a new wave of attacks targeting Taiwan-based organizations and a U.S. military procurement system. In March 2023, Lumen Black Lotus Labs researchers uncovered a sophisticated campaign called “HiatusRAT” that infected over 100 edge networking devices globally. Threat actors leveraged edge routers, or “living on the edge” access, to passively collect […]
Pierluigi Paganini
August 19, 2023
Threat actors are using Android Package (APK) files with unsupported compression methods to prevent malware analysis. On June 28th, researchers from Zimperium zLab researchers observed that Joe Sandbox announced the availability of an Android APK that could not be analyzed from most of the anti-decompilation tools. The APT could be installed on Android devices running […]
