From infostealer development to data exfiltration, cloud service providers are increasingly being abused by threat actors for malicious schemes. While in this case the ransomware samples we examined contained hard coded AWS credentials, this is specific to this single threat actor and in general, ransomware developers leverage other online services as part of their tactics.
In line with this, Trend Micro examined ransomware samples written in Go language (aka Golang), targeting Windows and MacOS environments. Most of the samples contained hard-coded AWS credentials, and the stolen data were uploaded to an Amazon S3 bucket controlled by the threat actor.
Read more…
Source: Trend Micro
Related:
- Catching “EC2 Grouper”- no indicators required!
December 30, 2024
Through the years of analyzing identity compromises in the cloud, Fortinet researchers have seen the same attackers pop up regularly, some more frequently than others. Among the more prolific ones they’ve come to know is one they’ve dubbed “EC2 Grouper”. Over the past couple of years, they’ve seen this actor in several dozen customer environments, ...
- U.S. Treasury Department Says Systems Hacked by China-Backed Actor
December 30, 2024
The Treasury Department told lawmakers Monday that a state-sponsored actor in China hacked its systems, accessing several user workstations and certain unclassified documents. The treasury was informed on Dec. 8 by a third-party software service provider, BeyondTrust, that a threat actor used a stolen key to remotely access certain workstations and unclassified documents, according to a ...
- Google Chrome extensions targeted by hackers to steal user passwords
December 30, 2024
Cyberhaven has confirmed its Google Chrome extension was the subject of a Christmas Eve cyberattack, exposing sensitive customer data like passwords and session tokens. In a statement, the data loss prevention company noted the attack showed signs of being part of a “wider campaign” to target other companies, too. The attack started as many others do ...
- Singapore OSV player Vallianz hit by cyber attack
December 30, 2024
Singapore OSV owner and operator Vallianz has been hit by a cyberattack that has allowed an unknown party unauthorised access to the company’s servers. Upon discovering the ransomware incident, the firm – and its parent company Rawabi Holding Company Limited – took immediate action to identify, contain, and address the incident with the help of external ...
- Cyber attack on Italy’s Foreign Ministry, airports claimed by pro-Russian hacker group
December 28, 2024
Hackers targeted around ten official websites in Italy on Saturday, including the websites of the Foreign Ministry and Milan’s two airports, putting them out of action temporarily, the country’s cyber security agency said. The pro-Russian hacker group Noname057(16) claimed the cyber attack on Telegram, saying Italy’s “Russophobes get a well deserved cyber response”. Read more… Source: MSN News Sign ...
- Record-breaking ransoms and breaches: A timeline of ransomware in 2024
December 27, 2024
It was another record-breaking year for ransomware. When file-locking malware wasn’t causing widespread disruption, like downing online services and lasting outages, ransomware was the cause of unprecedented data theft attacks affecting hundreds of millions of people, in some cases for life. While governments have struck some rare wins against ransomware hackers over the past 12 months, ...