North Korean Hackers Targeting IT Supply Chain: Kaspersky
As part of the observed attacks, the group used an updated DeathNote malware cluster, which includes a slightly modified version of BLINDINGCAN, a piece of malware that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) associated with the group. A new variant of COPPERHEDGE, which Lazarus has been using for at least two years, was…
Researcher Explains Wi-Fi Password Cracking at Scale
Conducted in Tel Aviv, the researcher’s experiment showed just how easy an attacker could hack into home and enterprise networks, by simply walking around a city with the right equipment in hand. For his experiment, CyberArk’s Ido Hoorvitch used an AWUS036ACH ALFA Network card, which costs around $50, and provides both monitoring and packet injection…
Two Bulletproof Hosting Administrators Sentenced to Prison in U.S.
Between 2009 and 2015, the two individuals – Aleksandr Skorodumov, 33, of Lithuania, and Pavel Stassi, 30, of Estonia – served as administrators for an organization that offered bulletproof hosting to malware families such as Citadel, SpyEye, Zeus, and the Blackhole exploit kit. The organization, which was founded and led by Russian nationals Aleksandr Grichishkin…
Ransomware Hit SCADA Systems at 3 Water Facilities in U.S.
The alert was issued by the FBI, CISA, the EPA and the NSA. The agencies are aware of attacks — launched by both known and unknown threat actors — against the IT and OT (operational technology) networks of water facilities. The agencies noted that while cyber threats are increasing across critical infrastructure sectors, the latest…
Nations Vow to Combat Ransomware at US-Led Summit
The United States gathered the countries — with the notable exception of Russia — to unify and boost efforts to fight a cybercrime that is transnational, on the rise and potentially devastating. “The threat of ransomware is complex and global in nature and requires a shared response,” the joint summit statement said, adding the nations…
Russia-Linked TA505 Back at Targeting Financial Institutions
The attacks target organizations across multiple sectors in Canada, the United States, Hong Kong, Europe, and more, and have seen low detection rates in Google’s VirusTotal scanning engine. Dubbed MirrorBlast, the campaign started in early September, following similar activity in April 2021, Morphisec’s security researchers reveal. The infection chain starts with a malicious document delivered…
Necro Python Botnet Starts Targeting Visual Tools DVRs
First discovered in January this year, Necro Python is also tracked as N3Cr0m0rPh, FreakOut, Python.IRCBot and is known for attempting to exploit multiple known vulnerabilities. In late September, the botnet added to its arsenal an exploit targeting a security vulnerability in Visual Tools DVR VX16 4.2.28.0, according to a warning from Juniper Threat Labs. Based…
Lots and Lots of Bots: Looking at Botnet Activity in 2021
Botnets continue to be a major problem for cybersecurity teams. With the growth in sophisticated threats, botnets are becoming more malicious, sometimes able to create hundreds of thousands of drones that can attack a variety of machines, including Mac systems, Linux, Windows systems, edge devices, IoT devices, and so on. Examining threat trends around botnet…
FontOnLake Linux Malware Used in Targeted Attacks
Dubbed FontOnLake, the malware family employs a rootkit to conceal its presence and uses different command and control servers for each sample, which shows how careful its operators are to maintain a low profile. What’s more, the malware developers are constantly modifying the FontOnLake modules, and use three categories of components that have been designed…
Aggressive Ransomware Group FIN12 Moves Fast, Targets Big Companies
The threat group, tracked until now by Mandiant as UNC1878, has been around since at least October 2018. The UNC classification is assigned to “uncategorized” entities before the cybersecurity firm can determine with certainty if it’s a financially-motivated group (FIN) or a state-sponsored advanced persistent threat actor (APT). The threat group, tracked until now by…
