Cyware Alerts - Hacker News
New GOOTLOADER Variant Evolves Further with New Obfuscation Tricks
/https://cyware-ent.s3.amazonaws.com/image_bank/02c1_shutterstock_667595752.jpg "New GOOTLOADER Variant Evolves Further with New Obfuscation Tricks - Cyware Alerts - Hacker News")
The UNC2565 hacker group appears to have restructured its GOOTLOADER (or Gootkit) malware by adding new components and implementing new obfuscation techniques. Gootkit is used by adversaries to drop additional malicious payloads, such as SunCrypt, REvil (Sodinokibi) ransomware, Kronos trojan, and C ... Read More
Ukraine Targeted via New Waves of Data Wipers, Including SwiftSlicer
/https://cyware-ent.s3.amazonaws.com/image_bank/870f_shutterstock_1954309246.jpg "Ukraine Targeted via New Waves of Data Wipers, Including SwiftSlicer - Cyware Alerts - Hacker News")
A lot has happened on the cyber front in Ukraine and Russia ever since the war began. Joining the bandwagon, on the behalf of Russian Sandworm APT, is a pack of five wiper malware, including the new Golang-based SwiftSlicer. The new wiper has been added to the VirusTotal database recently (sub ... Read More
Iranian and Russian Groups Target Organizations - Warns NCSC
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_449461888.jpg "Iranian and Russian Groups Target Organizations - Warns NCSC - Cyware Alerts - Hacker News")
The NCSC-U.K warned against ongoing spear-phishing campaigns against government entities, NGOs, think tanks, academia, and others, by Russia-based SEABORGIUM and Iran-based TA453 threat actors. SEABORGIUM and TA453 spend time researching their targets' interests and contacts to create a convin ... Read More
Cybercriminals Impersonate LockBit to Target SMBs in Northern Europe
/https://cyware-ent.s3.amazonaws.com/image_bank/90c6_shutterstock_2115048653.jpg "Cybercriminals Impersonate LockBit to Target SMBs in Northern Europe - Cyware Alerts - Hacker News")
In the wake of a significant rise in ransomware attacks, especially by the Lockbit locker group, a cybercriminals group was spotted targeting SMBs in Belgium and extorting by impersonating Lockbit. The incident highlights the threat of outdated software and systems, as extortion practices beco ... Read More
New PlugX Sample Uses Sneaky Methods, can Impact Air-gapped Systems
/https://cyware-ent.s3.amazonaws.com/image_bank/8368_shutterstock_2252599749.jpg "New PlugX Sample Uses Sneaky Methods, can Impact Air-gapped Systems - Cyware Alerts - Hacker News")
A new strain of the PlugX malware was found, which can hide malicious files on detachable USB drives and infect the Windows hosts they are connected to. The technique is stealthy and can impact air-gapped systems. Organizations are suggested to have in-depth and multi-layered security defense to pr ... Read More
Cobalt Sapling Uses Multiple Personas for Pro-Iranian Missions
/https://cyware-ent.s3.amazonaws.com/image_bank/iStock_69113725_MEDIUM.jpg "Cobalt Sapling Uses Multiple Personas for Pro-Iranian Missions - Cyware Alerts - Hacker News")
The threat actor known as Cobalt Sapling was spotted targeting Saudi Arabia by creating a new sub-group dubbed Abraham's Ax. Researchers also found a connection between Moses Staff and Abraham's Ax. Both rely on the same custom cryptographic wiper malware for encrypting the victim’s data. To stay p ... Read More
Chinese Speaking Threat Actors Leveraging Open-Source Tools to Target East Asia
/https://cyware-ent.s3.amazonaws.com/image_bank/6977_shutterstock_596787797.jpg "Chinese Speaking Threat Actors Leveraging Open-Source Tools to Target East Asia - Cyware Alerts - Hacker News")
A series of attacks was discovered infecting organizations in East Asia with SparkRAT, originally an open source tool. TTPs of the attacks point toward the involvement of a Chinese-speaking threat actor dubbed DragonSpark. The Microsoft Security Threat Intelligence team reported about threat actors ... Read More
New Mimic Ransomware Abuses Windows' 'Everything' Search Tool
/https://cyware-ent.s3.amazonaws.com/image_bank/fce9_shutterstock_1868295205.jpg "New Mimic Ransomware Abuses Windows' 'Everything' Search Tool - Cyware Alerts - Hacker News")
Researchers at Trend Micro discovered a new ransomware strain, dubbed Mimic, that utilizes the 'Everything' file search tool on Windows to discover files to be targeted for encryption. English and Russian-speaking users are the prime targets. The ransomware supports command-line arguments to narrow ... Read More
DEV-0569 Abuses Google Ads to Breach Network
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_446035231.jpg "DEV-0569 Abuses Google Ads to Breach Network - Cyware Alerts - Hacker News")
The DEV-0569 threat actor was found abusing Google Ads in ongoing advertising campaigns to deploy malware, exfiltrate victims’ passwords, and breach networks for ransomware attacks. Some of the top programs impersonated by adversaries are Rufus, 7-Zip, FileZilla, LightShot, AnyDesk, LibreOffice, VL ... Read More
New Wave of Database Injection Attacks Compromise WordPress Sites
/https://cyware-ent.s3.amazonaws.com/image_bank/db75_shutterstock_698364331.jpg "New Wave of Database Injection Attacks Compromise WordPress Sites - Cyware Alerts - Hacker News")
The latest wave has been active since December 26, 2022, and over 5,600 websites are impacted by it so far. It has switched from fake CAPTCHA push notification scams to black hat ad networks.
Defend Against Threats with Cyber Fusion
Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.
Learn More
Trending Tags
