From infostealer development to data exfiltration, cloud service providers are increasingly being abused by threat actors for malicious schemes. While in this case the ransomware samples we examined contained hard coded AWS credentials, this is specific to this single threat actor and in general, ransomware developers leverage other online services as part of their tactics.
In line with this, Trend Micro examined ransomware samples written in Go language (aka Golang), targeting Windows and MacOS environments. Most of the samples contained hard-coded AWS credentials, and the stolen data were uploaded to an Amazon S3 bucket controlled by the threat actor.
Read more…
Source: Trend Micro
Related:
- Lazarus group evolves its infection chain with old and new malware
December 19, 2024
Over the past few years, the Lazarus group has been distributing its malicious software by exploiting fake job opportunities targeting employees in various industries, including defense, aerospace, cryptocurrency, and other global sectors. This attack campaign is called the DeathNote campaign and is also referred to as “Operation DreamJob”. Kaspersky researchers have previously published the history of ...
- U.S. Considers Ban On Chinese Made TP-Link Routers
December 18, 2024
The United States government is taking aim at TP-Link, a Chinese technology company that dominates the home and small-business router market in the U.S., amid mounting national security concerns. With TP-Link holding a significant 65% market share, federal authorities are investigating potential vulnerabilities in the company’s devices that could be exploited by foreign entities for cyberattacks. Read ...
- How the ransomware attack at Change Healthcare went down – a timeline
December 18, 2024
A ransomware attack earlier this year on UnitedHealth-owned health tech company Change Healthcare likely stands as one of the largest data breaches of U.S. health and medical data in history. Months after the February data breach, a “substantial proportion of people living in America” are receiving notice by mail that their personal and health information was ...
- New Gmail Security Warning For 2.5 Billion – Second Attack Wave Incoming
December 18, 2024
As it issues a warning that a second wave of cyber threats against Gmail users is incoming from very persistent attackers, Google has detailed the specific attack methodologies involved and recommended actions that all 2.5 billion Gmail users employ to stay safe and secure. Here’s what you need to know. Although when compared to last year, ...
- Chinese national cyber centre says U.S. hacks stole trade secrets from tech firms
December 18, 2024
China’s national internet emergency response centre said on Wednesday it had found and dealt with two incidents of U.S. cyber attacks on Chinese tech firms to “steal trade secrets” since May 2023. The National Computer Network Emergency Response Technical Team/Coordination Centre of China (CNCERT/CC) said in a statement published on its website that an advanced materials ...
- Analysis of Cyber Anarchy Squad attacks targeting Russian and Belarusian organizations
December 18, 2024
C.A.S (Cyber Anarchy Squad) is a hacktivist group that has been attacking organizations in Russia and Belarus since 2022. Besides data theft, its goal is to inflict maximum damage, including reputational. To this end, the group’s attacks exploit vulnerabilities in publicly available services and make extensive use of free tools. Kaspersky latest investigation unearthed new activity ...