backdoor Archives - Page 7 of 23

Pierluigi Paganini January 21, 2021

SolarWinds Attack: Microsoft sheds lights into Solorigate second-stage activation

Microsoft’s report provides details of the entire SolarWinds attack chain with a deep dive in the second-stage activation of malware and tools. Microsoft published a new report that includes additional details of the SolarWinds supply chain attack. The new analysis shad lights on the handover from the Solorigate DLL backdoor to the Cobalt Strike loader. […]

Pierluigi Paganini January 19, 2021

Raindrop, a fourth malware employed in SolarWinds attacks

The threat actors behind the SolarWinds attack used malware dubbed Raindrop for lateral movement and deploying additional payloads. Security experts from Symantec revealed that threat actors behind the SolarWinds supply chain attack leveraged a malware named Raindrop for lateral movement and deploying additional payloads. Raindrop is the fourth malware that was discovered investigating the SolarWinds […]

Pierluigi Paganini January 15, 2021

Winnti APT continues to target game developers in Russia and abroad

A Chinese Threat actor targeted organizations in Russia and Hong Kong with a previously undocumented backdoor, experts warn. Cybersecurity researchers from Positive Technologies have uncovered a series of attacks conducted by a Chinese threat actor that aimed at organizations in Russia and Hong Kong. Experts attribute the attacks to the China-linked Winnti APT group (aka APT41) […]

Pierluigi Paganini January 11, 2021

Connecting the dots between SolarWinds and Russia-linked Turla APT

Experts have found some similarities between the Sunburst backdoor used in the SolarWinds supply chain attack and Turla’s backdoor Kazuar. Security experts from Kaspersky have identified multiple similarities between the Sunburst malware used in the SolarWinds supply chain attack and the Kazuar backdoor that has been employed in cyber espionage campaigns conducted by Russia-linked APT group Turla. The discovery […]

Pierluigi Paganini January 06, 2021

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Threat actors are attempting to hack Zyxel devices exploiting the recently disclosed vulnerability CVE-2020-29583, security researchers warn. The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583, related to the presence of a hardcoded undocumented secret account. The vulnerability received a CVSS score of 7.8, it could be exploited by […]

Pierluigi Paganini December 25, 2020

North Korea-linked Lazarus APT targets the COVID-19 research

The North Korea-linked Lazarus APT group has recently launched cyberattacks against at least two organizations involved in COVID-19 research. The North Korea-linked APT group Lazarus has recently launched cyberattacks against two entities involved in COVID-19 research. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. […]

Pierluigi Paganini December 22, 2020

Researchers shared the lists of victims of SolarWinds hack

Security experts shared lists of organizations that were infected with the SolarWinds Sunburst backdoor after decoding the DGA mechanism. Security experts started analyzing the DGA mechanism used by threat actors behind the SolarWinds hack to control the Sunburst/Solarigate backdoor and published the list of targeted organizations. Researchers from multiple cybersecurity firms published a list that […]

Pierluigi Paganini December 21, 2020

SUPERNOVA, a backdoor found while investigating SolarWinds hack

While investigating the recent SolarWinds Orion supply-chain attack security researchers discovered another backdoor, tracked SUPERNOVA. The investigation of the SolarWinds Orion supply-chain attack revealed the existence of another backdoor that was likely used by a separate threat actor. After the initial disclosure of the SolarWinds attack, several teams of researchers mentioned the existence of two […]

Pierluigi Paganini December 17, 2020

FireEye, GoDaddy, and Microsoft created a kill switch for SolarWinds backdoor

Microsoft, FireEye, and GoDaddy have partnered to create a kill switch for the Sunburst backdoor that was employed in the recent SolarWinds hack. Microsoft, FireEye, and GoDaddy have created a kill switch for the Sunburst backdoor that was used in SolarWinds supply chain attack. Last week, Russia-linked hackers breached SolarWinds, the attackers had used a trojanized […]

Pierluigi Paganini December 05, 2020

Cyber mercenaries group DeathStalker uses a new backdoor

The group of cyber mercenaries tracked as DeathStalker has been using a new PowerShell backdoor in recent attacks. The cyber mercenaries group known as DeathStalker has been using a new PowerShell backdoor in recent attacks. DeathStalker is a hack-for-hire group discovered by Kaspersky, it has been targeting organizations worldwide, mainly law firms and financial entities, […]

backdoor

SolarWinds Attack: Microsoft sheds lights into Solorigate second-stage activation

Raindrop, a fourth malware employed in SolarWinds attacks

Winnti APT continues to target game developers in Russia and abroad

Connecting the dots between SolarWinds and Russia-linked Turla APT

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

North Korea-linked Lazarus APT targets the COVID-19 research

Researchers shared the lists of victims of SolarWinds hack

SUPERNOVA, a backdoor found while investigating SolarWinds hack

FireEye, GoDaddy, and Microsoft created a kill switch for SolarWinds backdoor

Cyber mercenaries group DeathStalker uses a new backdoor

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

McLaren Health Care data breach impacted over 743,000 people

American steel giant Nucor confirms data breach in May attack

The financial impact of Marks & Spencer and Co-op cyberattacks could reach £440M

Iran-Linked Threat Actors Cyber Fattah Leak Visitors and Athletes' Data from Saudi Games

Qilin ransomware gang now offers a "Call Lawyer" feature to pressure victims

QUICK LINKS

backdoor

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!