In 2024, Volexity identified a cyber-espionage campaign undertaken by a suspected Pakistan-based threat actor that Volexity currently tracks under the alias UTA0137.
The malware used in these recent campaigns, which Volexity tracks as DISGOMOJI, is written in Golang and compiled for Linux systems. Volexity assesses with high confidence that UTA0137 has espionage-related objectives and a remit to target government entities in India. Based on Volexity’s analysis, UTA0137’s campaigns appear to have been successful.
Read more…
Source: Volexity
Related:
- European government systems hit by air-gap malware attack
October 9, 2024
In the last five years, hackers managed to steal sensitive information from air-gapped systems belonging to different European governments on at least three separate occasions. An air-gapped system is a computer or network that is physically isolated from unsecured networks, such as the internet, to prevent unauthorized access and enhance security. Still, crooks managed to steal ...
- U.S. Wiretap Systems Targeted in China-Linked Hack
October 5, 2024
A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers, potentially accessing information from systems the federal government uses for court-authorized network wiretapping requests. For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data, according to ...
- Internet surveillance firm Sandvine says it’s leaving 56 ‘non-democratic’ countries
September 20, 2024
Sandvine, the makers of surveillance-ware that allowed authoritarian countries to censor the internet and spy on their citizens, announced that it is leaving dozens of “non-democratic” countries as part of a major overhaul of the company. The company, which was founded in Canada, published a statement on Thursday, claiming that it now wants to be “a ...
- UNC1860 and the Temple of Oats: Iran’s Hidden Hand in Middle Eastern Networks
September 19, 2024
UNC1860 is a persistent and opportunistic Iranian state-sponsored threat actor that is likely affiliated with Iran’s Ministry of Intelligence and Security (MOIS). A key feature of UNC1860 is its collection of specialized tooling and passive backdoors that Mandiant believes supports several objectives, including its role as a probable initial access provider and its ability to gain ...
- Exotic SambaSpy is now dancing with Italian users
September 18, 2024
In May 2024, kaspersky researchers detected a campaign exclusively targeting victims in Italy. They were rather surprised by this, as cybercriminals typically select a broader target to maximize their profits. What sets this campaign apart is that, at various stages of the infection chain, checks are made to ensure that only Italian users are infected. This ...
- TikTok just had the most important two hours of its life
September 16, 2024
Who really controls TikTok’s magical algorithm — the US-based company that runs the app or its Chinese parent, ByteDance? That’s the question that bedeviled a trio of federal judges on Monday charged with deciding whether to allow the implementation of a law that could ultimately result in TikTok being banned for all Americans. After more than ...