From December 2023 to the present, QiAnXin Threat Intelligence Center observed that a ransomware written in rust language is very active on the Chinese Internet, and a large number of machines in China have been ransomed, with up to more than 20 victimized units only in the terminals of government and enterprises, which the researchers call Rast ransomware.
After a long time of tracking, QiAnXin Threat Intelligence Center have captured three versions of Rast ransomware, and the versions are still iterating. rast ransomware has a very special logic: after the ransomware is completed, it will upload the machine name and unique identifier of the local machine to the remote mysql database. Through reverse analysis the research team got the mysql database account password and statistics of victims in the database, and found that in just ten months more than 6,800 terminals were controlled.
Read more…
Source: QiAnXin Threat Intelligence Center
Related:
- XDR investigation uncovers PlugX, unique technique in APT attack
January 20, 2021
Advanced persistent threats (APT) are known — and are universally dreaded — for their stealth. Actors behind such attacks actively innovate their techniques to evade detection and ensure that they maintain a foothold inside an environment as long as possible. Through the Apex One with Endpoint Sensor (iES), we discovered one such incident wherein an ...
- Bugs in Signal, Facebook, Google chat apps let attackers spy on users
January 20, 2021
Vulnerabilities found in multiple video conferencing mobile applications allowed attackers to listen to users’ surroundings without permission before the person on the other end picked up the calls. The logic bugs were found by Google Project Zero security researcher Natalie Silvanovich in the Signal, Google Duo, Facebook Messenger, JioChat, and Mocha messaging apps and are now ...
- Cyberattack fears raise the alarm in Eastern European countries
January 20, 2021
The cyberattacks that targeted multiple US government agencies and companies in recent months have raised the alarm in developing Eastern European countries regarding their own cybersecurity capabilities. During the past year, some of them, like North Macedonia, have already experienced breaches of their state IT systems: last summer, the country had its electoral process disrupted by ...
- A Chinese hacking group is stealing airline passenger details
January 20, 2021
A suspected Chinese hacking group has been attacking the airline industry for the past few years with the goal of obtaining passenger data in order to track the movement of persons of interest. The intrusions have been linked to a threat actor that the cyber-security has been tracking under the name of Chimera. Believed to be operating ...
- Cisco fixes critical pre-auth bugs in SD-WAN, cloud license manager
January 20, 2021
Cisco has released security updates to address pre-auth remote code execution (RCE) vulnerabilities affecting multiple SD-WAN products and the Cisco Smart Software Manager software. SD-WAN are software products that help manage wide-area networks (WAN) while Smart Software Manager is a cloud-based management solution for Cisco licenses. Unauthenticated attackers can remotely exploit buffer overflow and command injection bugs ...
- Improving Your Security Posture with the Pipeline Cybersecurity Initiative
January 19, 2021
A few years ago, I worked alongside some oil commodity traders. Environmental concerns aside, I never realized how many parts were required to get the oil out of the ground, not to mention everything else that finally resulted in the production of refined products that surround our lives. As a cybersecurity professional, I was more ...