In June 2024, Kaspersky discovered a macOS version of the HZ Rat backdoor targeting users of the enterprise messenger DingTalk and the social network and messaging platform WeChat.
The samples Kaspersky found almost exactly replicate the functionality of the Windows version of the backdoor and differ only in the payload, which is received in the form of shell scripts from the attackers’ server. The researchers noticed that some versions of the backdoor use local IP addresses to connect to C2, which led us to believe the threat may be targeted. This also points to an intention to exploit the backdoor for lateral movement through the victim’s network.
Read more…
Source: Kaspersky
Related:
- Ingram Micro says ongoing outage caused by ransomware attack
July 7, 2025
Ingram Micro, a U.S. technology distributing giant and managed services provider, said on Monday a ransomware attack is the cause of an ongoing outage at the company. The hack began on Thursday, after which the company’s website and much of its network went down. Late on Saturday, the company said in a brief statement that it ...
- Australia’s Qantas says cyber criminal contacts one week after data breach
July 7, 2025
A cyber criminal has made contact with Australia’s Qantas following a data breach last week that exposed personal information of six million customers, a company spokesperson told Reuters on Tuesday. The hacker had targeted a call centre and gained access to a third-party customer service platform containing the customers’ names, email addresses, phone numbers, birth dates ...
- Louis Vuitton Korea says systems breach led to customer data leak
July 4, 2025
A systems breach at Louis Vuitton Korea in June led to the leak of some of customer data including contact information, but did not involve customers’ financial information, the luxury brand’s South Korea unit said on Friday. “We regret to inform that an unauthorized third party temporarily accessed our system resulting in the leak of some ...
- French government hit by Chinese hackers exploiting Ivanti security flaws
July 4, 2025
In late 2024, Chinese state-sponsored threat actors abused multiple zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices to access French government agencies, as well as numerous commercial entities such as telcos, finance, and transportation organizations. The news was recently confirmed by the French National Agency for the Security of Information Systems (ANSSI), which noted threat ...
- The people behind the pixels: why cybersecurity in critical industries is more human than ever
July 3, 2025
When the phone rings at 3am in the world of critical infrastructure cybersecurity, it’s rarely good news. For security professionals protecting water utilities, power grids, and transport networks, these midnight calls often signal that someone, somewhere, is trying to disrupt the services millions depend on. Recent ransomware attacks targeting water treatment facilities remind us that ...
- Taking SHELLTER: a commercial evasion framework abused in the wild
July 3, 2025
Elastic Security Labs is observing multiple campaigns that appear to be leveraging the commercial AV/EDR evasion framework, SHELLTER, to load malware. SHELLTER is marketed to the offensive security industry for sanctioned security evaluations, enabling red team operators to more effectively deploy their C2 frameworks against contemporary anti-malware solutions. SHELLTER, like many other offensive security tools (OSTs), is ...