Malware

October 1, 2024

On the first day of Cybersecurity Awareness Month in the U.S., research has revealed that the number of significant global cyber attacks in 2024 will be double that of 2020. A new report from insurer QBE, Connected Business: digital dependency fuelling risk, predicts that organisations will be hit by 211 disruptive and destructive cyber attacks this ...

September 29, 2024

From December 2023 to the present, QiAnXin Threat Intelligence Center observed that a ransomware written in rust language is very active on the Chinese Internet, and a large number of machines in China have been ransomed, with up to more than 20 victimized units only in the terminals of government and enterprises, which the researchers call ...

September 23, 2024

In late August 2024, Kaspersky researchers attention was drawn to a Spotify mod called Spotify Plus, version 18.9.40.5. At the time of writing this, the mod could be downloaded from spotiplusxyz and several related sites that linked to it. The original website claimed that the mod was certified, safe, and contained numerous additional features not found ...

September 18, 2024

Unit 42 researchers have been tracking the activity of an ongoing poisoned Python packages campaign delivering Linux and macOS backdoors via infected Python software packages. Unit 42 researchers named these infected software packages PondRAT. They’ve also found Linux variants of POOLRAT, a known macOS remote administration tool (RAT) previously attributed to Gleaming Pisces (aka Citrine Sleet, ...

September 18, 2024

In May 2024, kaspersky researchers detected a campaign exclusively targeting victims in Italy. They were rather surprised by this, as cybercriminals typically select a broader target to maximize their profits. What sets this campaign apart is that, at various stages of the infection chain, checks are made to ensure that only Italian users are infected. This ...

September 18, 2024

The Justice Department today announced a court-authorized law enforcement operation that disrupted a botnet consisting of more than 200,000 consumer devices in the United States and worldwide. As described in court documents unsealed in the Western District of Pennsylvania, the botnet devices were infected by People’s Republic of China (PRC) state-sponsored hackers working for Integrity ...

September 9, 2024

In July 2024, Kaspersky researchers discovered the previously unknown Loki backdoor, which was used in a series of targeted attacks. By analyzing the malicious file and open sources, we determined that Loki is a private version of an agent for the open-source Mythic framework. The newly discovered Loki agent is a Mythic-compatible version of the agent for ...

September 6, 2024

Intellexa Group’s Predator spyware has experienced a resurgence in activity following a decline spurred by sanctions imposed by the Biden administration, reports The Record, a news site by cybersecurity firm Recorded Future. Angola and the Democratic Republic of Congo, which is a new Intellexa client, may have leveraged new Predator infrastructure to enable spyware staging and ...

September 6, 2024

Since the beginning of 2024, Trend Micro have been receiving incident response cases from Taiwan. Trend Micro researchers track this unidentified threat cluster as TIDRONE. Their research reveals that the threat actors have shown significant interest in military-related industry chains, particularly in the manufacturers of drones. Furthermore, telemetry from VirusTotal indicates that the targeted countries are ...

September 5, 2024

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) assess that cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm ...