Tag: group
-
ANEL Backdoor Reactivated in Earth Kasha Cyber-Espionage Campaign
by
in SecurityNewsIn June 2024, Trend Micro identified a new spear-phishing campaign targeting political organizations, research institutions, and think tanks in Japan. This operation, attributed to the cyber-espionage group Earth Kasha, marks... First seen on securityonline.info Jump to article: securityonline.info/anel-backdoor-reactivated-in-earth-kasha-cyber-espionage-campaign/
-
Ransomware Groups Targeting VPNs for Initial Access: Report
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/ransomware-groups-targeting-vpns-for-initial-access-report
-
Russian APT RomCom combines Firefox and Windows zero-day flaws in drive-by exploit
by
in SecurityNews
Tags: access, antivirus, apt, attack, backdoor, browser, business, computer, cve, cybercrime, cyberespionage, defense, endpoint, exploit, flaw, germany, government, group, insurance, intelligence, malicious, microsoft, msp, password, powershell, russia, software, threat, ukraine, vulnerability, windows, zero-dayA Russia-aligned group that engages in both cybercrime and cyberespionage operations used a zero-click exploit chain last month that combined previously unknown and unpatched vulnerabilities in Firefox and Windows.The campaign, whose goal was to deploy the group’s RomCom backdoor on computers, targeted users from Europe and North America. The APT group, also known as Storm-0978,…
-
Attack Group APT60 Targets Japan Using Trusted Platforms
APT-C-60 targets Japan with phishing emails, using job application ruse and malware via Google Drive First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/aptc60-targets-japan-using-trusted/
-
Appeals court tosses sanctions on Tornado cash crypto mixer
by
in SecurityNewsThe mixer was sanctioned after a North Korea hacking group used the software to launder more than $455 million. First seen on cyberscoop.com Jump to article: cyberscoop.com/tornado-cash-sanctions-overturned-lazarus-group/
-
Russian Hackers Exploit Firefox and Windows 0-Days to Deploy Backdoor
Watch out for the Russian hackers from the infamous RomRom group, also known as Storm-0978, Tropical Scorpius, or UNC2596, and their use of a custom backdoor. First seen on hackread.com Jump to article: hackread.com/russian-hackers-firefox-windows-0-days-backdoor/
-
Lazarus Hackers Exploits macOS Extended Attributes To Evade Detection
by
in SecurityNewsThe xattr command in Unix-like systems allows for the embedding of hidden metadata within files, similar to Windows ADS, known as Rustyattr, which is being exploited by threat actors like Lazarus Group to stealthily conceal malicious payloads within seemingly benign files. The Lazarus Group is covertly embedding malicious data within system files using xattr, a…
-
INTERPOL Arrests 1,000 and Dismantles Cybercrime Networks Across Africa
by
in SecurityNewsGroup-IB collaborated with INTERPOL and AFRIPO in a major crackdown on cybercrime in Africa for >>Operation Serengeti.
-
Hackers Exploit Firefox and Windows Flaws: RomCom’s Advanced Attack Unveiled
by
in SecurityNewsA Russia-aligned hacking group, known as RomCom (also identified as Storm-0978, Tropical Scorpius, or UNC2596), has successfully exploited two zero-day vulnerabilities”, one in Mozilla Firefox and another in Microsoft Windows Task Scheduler. These vulnerabilities, identified as CVE-2024-9680 and CVE-2024-49039, were chained together to allow the group to execute arbitrary code and install malicious backdoors on…
-
Russian RomCom APT Group Leverages Zero-Day Flaws in Firefox and Windows
by
in SecurityNewsRussia-backed hackers, known as RomCom, have exploited critical zero-day vulnerabilities in Mozilla Firefox and Windows to launch targeted attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/romcom-apt-zeroday-flaws-firefox/
-
Russian group RomCom exploited Firefox and Tor Browser zero-days to target attacks Europe and North America
by
in SecurityNewsThe Russian RomCom group exploited Firefox and Tor Browser zero-day vulnerabilities in attacks on users in Europe and North America. Russian-based cybercrime group RomCom (aka UAT-5647, Storm-0978, Tropical Scorpius, UAC-0180, UNC2596) exploited two Firefox and Tor Browser zero-day vulnerabilities in recent attacks on users across Europe and North America. The first zero-day exploited by the Russian group, is a use-after-free…
-
CVE-2024-21887 and More: How Earth Estries APT Group Exploits VPNs Servers
In a detailed report from Trend Micro, the Chinese advanced persistent threat (APT) group Earth Estries, also known by aliases like Salt Typhoon and GhostEmperor, has emerged as a significant... First seen on securityonline.info Jump to article: securityonline.info/cve-2024-21887-and-more-how-earth-estries-apt-group-exploits-vpns-servers/
-
Russian Hackers Target Mozilla, Windows in New Exploit Chain
by
in SecurityNewsESET Discovers Two Major Vulnerabilities Exploited by Russian RomCom Hacking Group. Two vulnerabilities in Mozilla products and Windows are actively exploited by RomCom, a Kremlin-linked cybercriminal group known for targeting businesses and conducting espionage, warn security researchers from Eset. Exploiting the two flaws together enables attackers to execute arbitrary code. First seen on govinfosecurity.com Jump…
-
RomCom Hackers Exploits Windows Firefox Zero-Day in Advanced Cyberattacks
by
in SecurityNewsIn a new wave of cyberattacks, the Russia-aligned hacking group >>RomCom>The compromise chain is composed of a […] The post RomCom Hackers Exploits Windows & Firefox Zero-Day in Advanced Cyberattacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform. First seen on gbhackers.com Jump to article: gbhackers.com/romcom-hackers-exploits-windows-firefox-zero-day/
-
Russian-Speaking Ransomware Gangs on the Hunt for Pen Testers
by
in SecurityNewsIn further proof of the professionalization of Russian cybercriminal groups, ransomware gangs have been posting job ads for security positions such as pen testers, looking to boost their ransomware deployment operations. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/russian-ransomware-gangs-hunt-pen-testers
-
Chinese APT Hackers Using Multiple Tools And Vulnerabilities To Attack Telecom Orgs
by
in SecurityNews
Tags: apt, attack, backdoor, china, control, cyber, exploit, government, group, hacker, infrastructure, rat, tool, vulnerabilityEarth Estries, a Chinese APT group, has been actively targeting critical sectors like telecommunications and government entities since 2023. They employ advanced techniques, including exploiting vulnerabilities, lateral movement, and deploying multiple backdoors like GHOSTSPIDER, SNAPPYBEE, and MASOL RAT, which have impacted Southeast Asia significantly. The group makes use of a sophisticated command and control infrastructure…
-
British hospital group declares ‘major incident’ following cyberattack
by
in SecurityNewsFirst seen on therecord.media Jump to article: therecord.media/england-hospitals-cyberattack-nhs-wirral
-
Aggressive Chinese APT Group Targets Governments with New Backdoors
by
in SecurityNewsA Trend Micro analysis of Earth Estries found that the Chinese threat actor is using new backdoors to avoid detection during espionage operations First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-apt-governments-backdoors/
-
Firefox and Windows zero-days exploited by Russian RomCom hackers
by
in SecurityNewsRussian-based RomCom cybercrime group chained two zero-day vulnerabilities in recent attacks targeting Firefox and Tor Browser users across Europe and North America. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/firefox-and-windows-zero-days-exploited-by-russian-romcom-hackers/
-
Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries
The China-linked threat actor known as Earth Estries has been observed using a previously undocumented backdoor called GHOSTSPIDER as part of its attacks targeting Southeast Asian telecommunications companies. Trend Micro, which described the hacking group as an aggressive advanced persistent threat (APT), said the intrusions also involved the use of another cross-platform backdoor dubbed First…
-
RomCom hackers chained Firefox and Windows zero-days to deliver backdoor
by
in SecurityNewsRussia-aligned APT group RomCom was behind attacks that leveraged CVE-2024-9680, a remote code execution flaw in Firefox, and CVE-2024-49039, an elevation of privilege … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/26/romcom-backdoor-cve-2024-9680-cve-2024-49039/
-
Researchers Detailed Tools Used By Hacktivists Fueling Ransomware Attacks
by
in SecurityNewsCyberVolk, a politically motivated hacktivist group, has leveraged readily available ransomware builders like AzzaSec, Diamond, LockBit, and Chaos to launch DDoS and ransomware attacks against targets opposing Russian interests. The highly skilled members of the group modify and improve these tools, which results in an increase in their level of sophistication and makes it more…
-
9 VPN alternatives for securing remote network access
by
in SecurityNews
Tags: access, ai, api, attack, authentication, automation, best-practice, business, cloud, compliance, computer, computing, control, corporate, credentials, cve, cybercrime, cybersecurity, data, defense, detection, dns, encryption, endpoint, exploit, firewall, fortinet, group, guide, Hardware, iam, identity, infrastructure, Internet, iot, least-privilege, login, malicious, malware, mfa, microsoft, monitoring, network, office, password, ransomware, risk, router, saas, service, software, strategy, switch, threat, tool, update, vpn, vulnerability, vulnerability-management, waf, zero-trustOnce the staple for securing employees working remotely, VPNs were designed to provide secure access to corporate data and systems for a small percentage of a workforce while the majority worked within traditional office confines. The move to mass remote working brought about by COVID-19 in early 2020 changed things dramatically. Since then, large numbers…
-
Infostealers VietCredCare and DuckTail Fuel Facebook Business Account Exploitation
Vietnam has become a hotspot for malicious operations targeting Facebook Business accounts, with threat actors leveraging infostealers like VietCredCare and DuckTail. According to a report from Group-IB, these malware families... First seen on securityonline.info Jump to article: securityonline.info/infostealers-vietcredcare-and-ducktail-fuel-facebook-business-account-exploitation/
-
Unveiling the >>Nearest Neighbor Attack<<: A Russian APT's Covert Tactic to Weaponize Wi-Fi
by
in SecurityNewsVolexity, a leading cybersecurity firm, has revealed a novel attack technique employed by the Russian APT group GruesomeLarch (also known as APT28, Fancy Bear, etc.). Dubbed the >>Nearest Neighbor Attack,
-
Thai police arrested Chinese hackers involved in SMS blaster attacks
by
in SecurityNewsThai authorities arrested fraud gangs in Bangkok for SMS blaster attacks, they used fake cell towers to send thousands of malicious SMS messages to nearby phones. Thai authorities arrested members of two Chinese cybercrime organizations, one of these groups carried out SMS blaster attacks. The crooks were driving through Bangkok’s streets while sending hundreds of…
-
Mysterious Elephant Using Hajj-Themed Bait in Attacks
Group Deploys Upgraded Malware Disguised as Microsoft File on Pilgrimage Goers. A South Asian threat actor identified as Mysterious Elephant or APT-K-47 by Knownsec 404 researchers is using a Hajj-themed lure to trick victims into malicious payload disguised as a Windows file. The hacker is using upgraded Asyncshell malware disguised as a Microsoft Compiled HTML…
-
Zyxel firewalls targeted in recent ransomware attacks
by
in SecurityNewsZyxel warns that a ransomware group has been observed exploiting a recently patched command injection issue in its firewalls. Zyxel warns that a ransomware gang has been observed exploiting a recently patched command injection vulnerability, tracked as CVE-2024-42057, in its firewalls for initial compromise. Remote, unauthenticated attackers could exploit the flaw to execute OS commands…
-
Russian Hackers Exploit WiFi in Sophisticated New Attack
by
in SecurityNews‘Nearest Neighbor Attack’ Bypasses Cyber Defenses by Breaching WiFi Networks. A Russian cyberespionage group hacked a Washington, D.C.-based organization focused on Ukraine by deploying a new attack technique that exploits Wi-Fi connectivity, according to new research. The nearest neighbor attack: methodology could lead to a significant broadening of targeting and attacks. First seen on govinfosecurity.com…