From infostealer development to data exfiltration, cloud service providers are increasingly being abused by threat actors for malicious schemes. While in this case the ransomware samples we examined contained hard coded AWS credentials, this is specific to this single threat actor and in general, ransomware developers leverage other online services as part of their tactics.
In line with this, Trend Micro examined ransomware samples written in Go language (aka Golang), targeting Windows and MacOS environments. Most of the samples contained hard-coded AWS credentials, and the stolen data were uploaded to an Amazon S3 bucket controlled by the threat actor.
Read more…
Source: Trend Micro
Related:
- Proof-of-Concept Exploit Released for CVE-2024-53691 in QNAP QTS and QuTS NAS
January 17, 2025
QNAP has released a security advisory addressing three vulnerabilities in the QTS and QuTS products. QTS and QuTS are the operating system for QNAP Network-attached storage (NAS) appliances. CVE-2023-39298 is a ‘Missing authorisation’ vulnerability with a CVSSv3 score of 7.8. If exploited, a local attacker with low privileges could access data or perform actions without proper ...
- CIA employee pleads guilty over leak of classified Israeli plans
January 17, 2025
A CIA employee who was accused of leaking classified documents about Israel’s plans to strike Iran pleaded guilty on Friday to criminal charges that he willfully retained and transmitted national defense information, the U.S. Department of Justice said. In pleading guilty, Asif William Rahman, who worked at the U.S. intelligence agency since 2016, acknowledged that he ...
- Mercedes-Benz Head Unit security research report
January 17, 2025
This report covers the research of the Mercedes-Benz Head Unit, which was made by Kaspersky team. Mercedes-Benz’s latest Head Unit (infotainment system) is called Mercedes-Benz User Experience (MBUX). The researchers performed analysis of the first generation MBUX. MBUX was previously analysed by KeenLab. Their report is a good starting point for diving deep into the MBUX ...
- Clop ransomware gang names dozens of victims hit by Cleo mass-hack, but several firms dispute breaches
January 16, 2025
The prolific Clop ransomware gang has named dozens of corporate victims it claims to have hacked in recent weeks after exploiting a vulnerability in several popular enterprise file transfer products developed by U.S. software company Cleo. In a post on its dark web leak site, seen by TechCrunch, the Russia-linked Clop gang listed 59 organizations it ...
- How to Mitigate the Risk of Rogue Employees
January 16, 2025
Rogue employees present significant financial and cybersecurity risks to organizations. Rapid7 threat researchers and penetration testers are actively observing how malicious actors exploit hiring pipelines to infiltrate businesses. This blog highlights real-world tactics, including: Insider Reconnaissance: Rogue applicants leveraging interviews to map office layouts, identify vulnerable devices, and even plant malware during site visits. Read more… Source: Rapid7 Sign up ...
- PlugX malware deleted from thousands of systems by FBI
January 16, 2025
The FBI says it has removed PlugX malware from thousands of infected computers worldwide. The move came after suspicion that cybercriminals groups under control of the People’s Republic of China (PRC) used a version of PlugX malware to control, and steal information from victims’ computers. PlugX has been around since at least 2008 but is under ...