Pierluigi Paganini
March 22, 2022
A new email campaign aimed at French entities leverages the Chocolatey Windows package manager to deliver the Serpent backdoor. Proofpoint researchers uncovered a targeted attack leveraging an open-source package installer Chocolatey to deliver a backdoor tracked as Serpent. The campaign targeted French entities in the construction, real estate, and government industries. Experts believe the attacks were […]
Pierluigi Paganini
March 22, 2022
Ukraine CERT (CERT-UA) warns of spear-phishing attacks conducted by UAC-0035 group (aka InvisiMole) on state organizations of Ukraine. The Government Team for Response to Computer Emergencies of Ukraine (CERT-UA) warns of spear-phishing messages conducted by UAC-0035 group (aka InvisiMole) against Ukrainian state bodies. The messages use an archive named “501_25_103.zip”, which contains a shortcut file. Upon opening […]
Pierluigi Paganini
March 21, 2022
A Ukrainian security researcher has leaked more source code from the Conti ransomware operation to protest the gang’s position on the conflict. Hacker leaked a new version of the Conti ransomware source code on Twitter as retaliation of the gang’s support to Russia The attack against the Conti ransomware and the data leak is retaliation […]
Pierluigi Paganini
March 21, 2022
The DirtyMoe botnet continues to evolve and now includes a module that implements wormable propagation capabilities. In June 2021, researchers from Avast warned of the rapid growth of the DirtyMoe botnet (PurpleFox, Perkiler, and NuggetPhantom), which passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. Experts defined DirtyMoe as a […]
Pierluigi Paganini
March 20, 2022
This post provides a timeline of the events related to the Russia invasion of Ukraine from the cyber security perspective. Below is the timeline of the events related to the previous weeks: March 18 – China-linked threat actors are targeting the government of Ukraine Google’s TAG team revealed that China-linked APT groups are targeting Ukraine […]
Pierluigi Paganini
March 20, 2022
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. EU and US agencies warn that Russia could attack satellite communications networks Avoslocker ransomware […]
Pierluigi Paganini
March 19, 2022
The Federal Bureau of Investigation (FBI) reported that AvosLocker ransomware is being used in attacks targeting US critical infrastructure. The Federal Bureau of Investigation (FBI) published a joint cybersecurity advisory warning of AvosLocker ransomware attacks targeting multiple US critical infrastructure. The advisory was published in coordination with the US Treasury Department and the Financial Crimes Enforcement Network […]
Pierluigi Paganini
March 19, 2022
Google’s Threat Analysis Group (TAG) uncovered a new initial access broker, named Exotic Lily, that is closely affiliated with the Conti ransomware gang. Google’s Threat Analysis Group (TAG) researchers linked a new initial access broker, named Exotic Lily, to the Conti ransomware operation. Initial access brokers play an essential role in the cybercrime ecosystem, they provide access to previously […]
Pierluigi Paganini
March 19, 2022
Cybersecurity firm Emsisoft released a free decryptor that allows the victims of the Diavol ransomware to recover their files without paying a ransom. Cybersecurity firm Emsisoft has released a free decryption tool to help Diavol ransomware victims recover their files without paying a ransom. In January, the FBI officially linked the Diavol ransomware operation to the infamous TrickBot […]
Pierluigi Paganini
March 18, 2022
The recently discovered Cyclops Blink botnet, which is believed to be a replacement for the VPNFilter botnet, is now targeting the ASUS routers. The recently discovered Cyclops Blink botnet is now targeting the ASUS routers, reports Trend Micro researchers. The Cyclops Blink malware has been active since at least June 2019, it targets WatchGuard Firebox and other […]
