New ‘Enemybot’ DDoS Botnet Targets Routers, Web Servers
Dubbed Enemybot, the botnet appears to be the work of Keksec, an established cybercrime group that specializes in DDoS attacks and cryptocurrency mining. The malware was built using the source code of the Gafgyt (Bashlite) botnet – which leaked in 2015 – with some modules borrowed from the infamous Mirai botnet, including the scanner module…
Russia-Linked Pipedream/Incontroller ICS Malware Designed to Target Energy Facilities
The malware, described as a modular ICS attack framework and a collection of custom-made tools, can be used by threat actors to target ICS and SCADA devices, including programmable logic controllers (PLCs) from Schneider Electric and Omron, and OPC UA servers. Advisories and blog posts describing the toolset have been released by industrial cybersecurity firm…
‘Octo’ Android Trojan Allows Cybercrooks to Conduct On-Device Fraud
Dubbed Octo, the botnet was first mentioned on dark web forums in January 2022, but an analysis of its code revealed a close connection with ExobotCompact, which is believed to be the successor of the Exobot Android trojan, which in turn was based on the source code of the Marcher trojan. Exobot was used in…
CVE-2022-22965: Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware
Trend Micro Threat Research observed active exploitation of the Spring4Shell vulnerability assigned as CVE-2022-22965, which allows malicious actors to weaponize and execute the Mirai botnet malware. The exploitation allows threat actors to download the Mirai sample to the “/tmp” folder and execute them after permission change using “chmod”. We began seeing malicious activities at the…
FBI-Led Operation Disrupts Russian GRU Botnet
The FBI in March targeted and disabled the command and control communications of a botnet controlled by the infamous Russian General Staff Main Intelligence Directorate (GRU) hacking team Sandworm, the US Department of Justice (DoJ) announced today. The botnet used WatchGuard Technologies and ASUSTek Computer (ASUS) firewalls compromised with the so-called Cyclops Blink malware, which…
FIN7 Morphs into a Broader, More Dangerous Cybercrime Group
New research shows the notorious cybercrime group FIN7 to be behind numerous clusters of previously unattributed threat activity spanning several years and targeting organizations in multiple regions and industries. The study by Mandiant shows that the threat actor has shifted from mostly targeting the retail and hospitality sectors to aiming at organizations across a considerably…
Hive ransomware impacts California non-profit health organisation
Ransomware authors are once again targeting health services, holding important files to ransom and impacting potentially vital services. On this occasion, the victims are a non-profit organisation assisting people with their healthcare needs in California. When Hive ransomware strikes The victim, Partnership HealthPlan of California, has apparently been struggling since at least March 24 with…
Ransomware, Malware-as-a-Service Dominate Threat Landscape
Red Canary’s 2022 Threat Detection Report (PDF) analyzed more than 30,000 confirmed threats across the firm’s customer base. The report notes that ransomware criminals have responded to improving target company backups by introducing sensitive data exfiltration and the threat of exposure (double extortion). “Backups will allow an organization to get back up and running more…
Ukrainian Security Researcher Leaks Newer Conti Ransomware Source Code
Shortly after Russia launched its invasion of Ukraine, the notorious Conti ransomware group issued a statement warning that it was prepared to hit the critical infrastructure of Russia’s enemies in retaliation for potential attacks on Russia. In response, an anonymous individual set up a Twitter account named “Conti Leaks” and started releasing files allegedly stolen…
HD Moore’s Rumble Raises $15M Series A Investment
The Austin, Texas-based Rumble on Monday announced it had banked a new $15 million in Series A financing from Decibel Partners and a laundry-list of boldface cybersecurity practitioners. Rumble, created by HD Moore (of Metasploit fame), sells technology to help defenders monitor exposed attack surfaces. The company said the new money will help accelerate go-to-market…
