Cicada3301 ransomware, written in Rust, was first reported less than two months ago. Despite its recent emergence, Morphisec threat researchers have already identified striking similarities between Cicada3301 and the infamous BlackCat ransomware.
Like its namesake, the Cicada puzzle, which has long been associated with complex, cyber-related problem-solving, the true identity of the Cicada3301 ransomware developers remains shrouded in mystery.
Read more…
Source: Morphisec
Related:
- FBI: Cyber Actors Scrape Credit Card Data from US Business’ Online Checkout Page and Maintain Persistence by Injecting Malicious PHP Code
May 16, 2022
As of January 2022, unidentified cyber actors unlawfully scraped credit card data from a US business by injecting malicious PHP Hypertext Preprocessor (PHP) code into the business’ online checkout page and sending the scraped data to an actor-controlled server that spoofed a legitimate card processing server. The unidentified cyber actors also established backdoor access to the ...
- Ukraine supporters in Germany targeted with PowerShell RAT malware
May 16, 2022
An unknown threat actor is targeting German users interested in the Ukraine crisis, infecting them with a custom PowerShell RAT (remote access trojan) and stealing their data. The malware campaign uses a decoy site to lure users into fake news bulletins that supposedly contain unreleased information about the situation in Ukraine. These sites offer malicious documents that ...
- Iran-linked Cobalt Mirage extracts money, info from US orgs – report
May 13, 2022
The Iran-linked Cobalt Mirage crew is running attacks against America for both financial gain and for cyber-espionage purposes, according to Secureworks’ threat intelligence team. The cybercriminal gang has been around since June 2020, and its most recent activities have been put into two categories. One, using ransomware to extort money, as illustrated by a strike in ...
- Ukrainian crook jailed in US for selling thousands of stolen login credentials
May 13, 2022
A Ukrainian man has been sentenced to four years in a US federal prison for selling on a dark-web marketplace stolen login credentials for more than 6,700 compromised servers. Glib Oleksandr Ivanov-Tolpintsev, 28, was arrested by Polish authorities in Korczowa, Poland, on October 3, 2020, and extradited to America. He pleaded guilty on February 22, and ...
- BPFdoor: Stealthy Linux malware bypasses firewalls for remote access
May 12, 2022
A recently discovered backdoor malware called BPFdoor has been stealthily targeting Linux and Solaris systems without being noticed for more than five years. BPFdoor is a Linux/Unix backdoor that allows threat actors to remotely connect to a Linux shell to gain complete access to a compromised device. The malware does not need to open ports, it can’t ...
- APT34 hackers exposed in a highly targeted espionage campaign
May 12, 2022
Threat analysts have spotted a novel attack attributed to the Iranian hacking group known as APT34 group or Oilrig, who targeted a Jordanian diplomat with custom-crafted tools. The attack involved advanced anti-detection and anti-analysis techniques and had some characteristics that indicate lengthy and careful preparation. Security researchers at Fortinet have gathered evidence and artifacts from the attack ...