More than 600 servers worldwide have been subjected to recent attacks with the Androxgh0st malware, reports Hackread.
The U.S., India, and Taiwan accounted for the bulk of the impacted servers, which were compromised by Androxgh0st malware operators through web shells deployed via the exploitation of several security vulnerabilities, including CVE-2019-2725, CVE-2021-3129, and CVE-2024-1709, a report from Veriti Research revealed.
Read more…
Source: SC Media
Related:
- Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomware
November 20, 2024
Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius. Since the rebrand, Unit 42 has observed at least ...
- Сrimeware and financial cyberthreats in 2025
November 14, 2024
Kaspersky’s Global Research and Analysis Team constantly monitors known and emerging cyberthreats directed at the financial industry, with banks and fintech companies being the most targeted. Kaspersky researchers also closely follow threats that aim to infiltrate a wider range of industries, namely ransomware families that are financially motivated. These observations, as part of our Kaspersky Security ...
- Ymir: new stealthy ransomware in the wild
November 11, 2024
In a recent incident response case, Kaspersky researchers discovered a new and notable ransomware family in active use by the attackers, which they named “Ymir”. The artifact has interesting features for evading detection, including a large set of operations performed in memory with the help of the malloc, memmove and memcmp function calls. In the case ...
- GoZone Ransomware Adopts Coercive Tactics to Extract Payment
November 4, 2024
This week, the SonicWall Capture Labs threat research team analyzed a ransomware that not only encrypts files but also accuses the victim of harboring explicit content on their computer and then threatens to turn it over to authorities if ransom is not paid. Extortion attacks often come as unsolicited emails, and GoZone has stooped to pretending ...
- Bucharest’s District 5 City Hall hit by ransomware attack
October 28, 2024
The District 5 City Hall of Bucharest announced on October 26 that it was the target of a cyber attack that hit its servers. The hackers demanded USD 5 million in ransom, but mayor Cristian Popescu Piedone said he would not pay. “This morning (e.n. October 26), the District 5 City Hall employees reported that the ...
- Fake LockBit, Real Damage: Ransomware Samples Abuse AWS S3 to Steal Data
October 16, 2024
From infostealer development to data exfiltration, cloud service providers are increasingly being abused by threat actors for malicious schemes. While in this case the ransomware samples we examined contained hard coded AWS credentials, this is specific to this single threat actor and in general, ransomware developers leverage other online services as part of their tactics. In ...