From December 2023 to the present, QiAnXin Threat Intelligence Center observed that a ransomware written in rust language is very active on the Chinese Internet, and a large number of machines in China have been ransomed, with up to more than 20 victimized units only in the terminals of government and enterprises, which the researchers call Rast ransomware.
After a long time of tracking, QiAnXin Threat Intelligence Center have captured three versions of Rast ransomware, and the versions are still iterating. rast ransomware has a very special logic: after the ransomware is completed, it will upload the machine name and unique identifier of the local machine to the remote mysql database. Through reverse analysis the research team got the mysql database account password and statistics of victims in the database, and found that in just ten months more than 6,800 terminals were controlled.
Read more…
Source: QiAnXin Threat Intelligence Center
Related:
- China-linked TA428 Continues to Target Russia and Mongolia IT Companies
March 17, 2021
Recorded Future’s Insikt Group recently identified renewed activity attributed to the suspected Chinese threat activity group TA428. The identified activity overlaps with a TA428 campaign previously reported by Proofpoint as “Operation LagTime IT”, which targeted Russian and East Asian government information technology agencies in 2019. Based on the infrastructure, tactics, and victim organization identified, we ...
- Cybercriminals Are Making, and Demanding, More Money Than Ever
March 17, 2021
Ransomware is one of the top threats in cybersecurity and a focus area for Palo Alto Networks. The global threat intelligence team (Unit 42) and incident response team (The Crypsis Group) have partnered to create the 2021 Unit 42 Ransomware Threat Report to provide the latest insights on the top ransomware variants, ransomware payment trends ...
- Hackers are targeting telecoms companies to steal 5G secrets
March 16, 2021
A cyber-espionage campaign is targeting telecoms companies around the world with attacks using malicious downloads in an effort to steal sensitive data – including information about 5G technology – from compromised victims. Uncovered by cybersecurity researchers at McAfee, the campaign is targeting telecommunications providers in Southeast Asia, Europe and the United States. Dubbed Operation Diànxùn, researchers ...
- Spectre proof-of-concept shows how dangerous side-channel attacks against JavaScript engine can be
March 15, 2021
Google has released a proof of concept (PoC) code to demonstrate the practicality of Spectre side-channel attacks against a browser’s JavaScript engine to leak information from its memory. Google in 2018 detailed two variants of Spectre, one of which – dubbed variant 1 (CVE-2017-5753) – concerned Javascript exploitation against browsers. Spectre targeted the process in modern ...
- New Mirai Variant Targeting Network Security Devices
March 15, 2021
On Feb. 23, 2021, one of the IPs involved in the attack was updated to serve a Mirai variant leveraging CVE-2021-27561 and CVE-2021-27562, mere hours after vulnerability details were published. On March 3, 2021, the same samples were served from a third IP address, with the addition of an exploit leveraging CVE-2021-22502. Furthermore, on March ...
- COVID-19: Examining the threat landscape a year later
March 15, 2021
A year ago — everything changed. In an effort to stem the tide of a rapidly spreading pandemic, the world shut down. Shops were forced to shut their doors, and whole countries were placed on stringent lockdowns. Schools were closed around the world, with more than one billion children affected, and the vast majority of ...