From December 2023 to the present, QiAnXin Threat Intelligence Center observed that a ransomware written in rust language is very active on the Chinese Internet, and a large number of machines in China have been ransomed, with up to more than 20 victimized units only in the terminals of government and enterprises, which the researchers call Rast ransomware.
After a long time of tracking, QiAnXin Threat Intelligence Center have captured three versions of Rast ransomware, and the versions are still iterating. rast ransomware has a very special logic: after the ransomware is completed, it will upload the machine name and unique identifier of the local machine to the remote mysql database. Through reverse analysis the research team got the mysql database account password and statistics of victims in the database, and found that in just ten months more than 6,800 terminals were controlled.
Read more…
Source: QiAnXin Threat Intelligence Center
Related:
- IT threat evolution Q3 2019
November 29, 2019
Targeted attacks and malware campaigns, Mobile espionage targeting the Middle East At the end of June Kaspersky reported the details of a highly targeted campaign that we dubbed ‘Operation ViceLeaker’ involving the spread of malicious Android samples via instant messaging. The campaign affected several dozen victims in Israel and Iran. We discovered this activity in May ...
- Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK
November 29, 2019
While we have been following cyberespionage group TICK (a.k.a. “BRONZE BUTLER” or “REDBALDKNIGHT”) since 2008, we noticed an unusual increase in malware development and deployments towards November 2018. We already know that the group uses previously deployed malware and modified tools for obfuscation, but we also found TICK developing new malware families capable of detection ...
- Ransomware: Big paydays and little chance of getting caught means boom time for crooks
November 29, 2019
Ransomware will continue to plague organisations in 2020 because there’s little risk of the cyber criminals behind the network-encrypting malware attacks getting caught; so for them there’s only a small amount of risk, but a potentially large reward. During the last year, there’s been many examples of ransomware attacks where victims have given into the extortion demands of ...
- Hotel front desks are now a hotbed for hackers
November 28, 2019
It seems that any possible way cybercriminals can exploit the hospitality industry, they will. Hotels, restaurant chains, and related tourism services have been subject to a range of techniques when it comes to cybercrime; the compromise of Point-of-Sale (PoS) terminals to harvest guest data, phishing emails sent to staff which are designed to give attackers access ...
- NSO Group President Defends Controversial Tactics
November 27, 2019
In a rare public appearance by Shiri Dolev, the president of the secretive NSO Group Technologies, the company leader vented over what she called “false myths” about the firm. Dolev also took indirect aim at secure messaging platforms, offered by the likes of Facebook, explaining surveillance companies may soon have to step in where law ...
- Exploit code published for dangerous Apache Solr remote code execution flaw
November 25, 2019
Confusion still surrounds a security bug that the Apache Solr team patched over the summer, which turns out it’s actually much more dangerous than anyone thought. Apache Solr is a Java-based open-source search engine, initially developed to add search functionality to the CNET website. The project was donated to the Apache Software Foundation in 2006, from where ...