Patchwork is an Indian threat actor that has been active since December 2015 and usually targets Pakistan via spear phishing attacks. In its most recent campaign from late November to early December 2021, Patchwork has used malicious RTF files to drop a variant of the BADNEWS (Ragnatela) Remote Administration Trojan (RAT). What is interesting among…

If you use the recently compromised SolarWinds Orion monitoring products, you are already reviewing your infrastructure and possibly blocking network access to the servers in your domain. For those of you who do not use the SolarWinds software, this is an opportunity to review your own processes and determine whether you would have detected the…

Making it harder for attackers to know when a system begins to deceive a bad actor

Can you deceive a deceiver? That’s the question that computer scientists at Binghamton University, State University of New York have recently been exploring. Assistant Professor of Computer Science Guanhua Yan and PhD student Zhan Shu are looking at how to make cyber deception a more effective tool against malicious hackers. Their study was inspired by…

Olympic Destroyer: who hacked the Olympics?

Long ago, during the Olympic Games, the participating countries halted their wars and put aside their political disputes. Today, the opposite is increasingly likely. The PyeongChang Winter Olympic Games started with a scandal: unknown hackers attacked the servers just before the opening ceremonies and many spectators were unable to attend the ceremonies as they were unable…

Turla gets ready to target Mac users

The cyber espionage group deploying the Turla (aka Snake, Uroburos, or Agent.BTZ) malware framework is expected to be able to target Mac users soon. The APT group The group, which security researchers named after the tool, has been operating for years, and was first spotted targeting computers running the Windows, then later also Linux users….