From December 2023 to the present, QiAnXin Threat Intelligence Center observed that a ransomware written in rust language is very active on the Chinese Internet, and a large number of machines in China have been ransomed, with up to more than 20 victimized units only in the terminals of government and enterprises, which the researchers call Rast ransomware.
After a long time of tracking, QiAnXin Threat Intelligence Center have captured three versions of Rast ransomware, and the versions are still iterating. rast ransomware has a very special logic: after the ransomware is completed, it will upload the machine name and unique identifier of the local machine to the remote mysql database. Through reverse analysis the research team got the mysql database account password and statistics of victims in the database, and found that in just ten months more than 6,800 terminals were controlled.
Read more…
Source: QiAnXin Threat Intelligence Center
Related:
- N3TW0RM ransomware emerges in wave of cyberattacks in Israel
May 3, 2021
A new ransomware gang known as ‘N3TW0RM’ is targeting Israeli companies in a wave of cyberattacks starting last week. Israeli media Haaretz reported that at least four Israeli companies and one nonprofit organization had been successfully breached in this wave of attacks. Read more… Source: Bleeping Computer
- San Diego: Scripps Health Cyberattack Causes Widespread Hospital Outages
May 3, 2021
Scripps Health, a hospital network based in San Diego, was hit by a cyberattack over the weekend, forcing some critical-care patients to be diverted, according to the San Diego Union-Tribune. Scripps acknowledged the attack in a statement but didn’t specify whether it was a ransomware incident. It’s also unknown whether the adversaries compromised any patient records ...
- New Buer Malware Downloader Rewritten in E-Z Rust Language
May 3, 2021
A variant of the Buer malware, which is being distributed in emails disguised as DHL support shipping notices, comes with a fresh code rewrite in the popular Rust language and looks like it may be in the process of prepping for rental to other cybercrooks. Using the increasingly popular, efficient and easy-to-use Rust programming language will ...
- Hewlett Packard Enterprise Plugs Critical Bug in Edge Platform Tool
May 3, 2021
Hewlett Packard Enterprise (HPE) is urging customers to patch one of its premier edge application management tools that could allow an attacker to carry out a remote authentication bypass attack and infiltrate a customer’s cloud infrastructure. Rated critical, with a CVSS score of 9.8, the bug impacts all versions of HPE’s Edgeline Infrastructure Manager (EIM) prior ...
- Suspected Chinese state hackers target Russian submarine designer
April 30, 2021
Hackers suspected to work for the Chinese government have used a new malware called PortDoor to infiltrate the systems of an engineering company that designs submarines for the Russian Navy. They used a spear-phishing email specifically crafted to lure the general director of the company into opening a malicious document. The threat actor targeted Rubin Central Design ...
- Microsoft finds memory allocation holes in range of IoT and industrial technology
April 30, 2021
The security research group for Azure Defender for IoT, dubbed Section 52, has found a batch of bad memory allocation operations in code used in Internet of Things and operational technology (OT) such as industrial control systems that could lead to malicious code execution. Given the trendy vulnerability name of BadAlloc, the vulnerabilities are related to ...