• An overview of the new Rhysida ransomware targeting the Healthcare sector

    August 9, 2023

    On August 4, 2023, the HHS’ Health Sector Cybersecurity Coordination Center (HC3) released a security alert about a relatively new ransomware called Rhysida (detected as Ransom.PS1.RHYSIDA.SM), which has been active since May 2023. In this blog entry, Trend Micro reaseachers will provide details on Rhysida, including its targets and what they know about its infection ...

  • Attackers Distribute Malware via And SYK Crypter

    August 9, 2023

    FortiGuard Labs recently detected a new injector written in Rust—one of the fastest-growing programming languages—to inject shellcode and introduce XWorm into a victim’s environment. While Rust is relatively uncommon in malware development, several campaigns have adopted this language since 2019, including Buer loader, Hive, and RansomExx. FortiGuard Labs analysis also revealed a significant increase in injector ...

  • Code leaks are causing an influx of new ransomware actors

    August 7, 2023

    Ransomware gangs are consistently rebranding or merging with other groups, as highlighted in our 2022 Year in Review, or these actors work for multiple ransomware-as-a-service (RaaS) outfits at a time, and new groups are always emerging. This trend is already continuing this year. Since 2021, there have been multiple leaks of ransomware source code and builders ...

  • What’s happening in the world of crimeware: Emotet, DarkGate and LokiBot

    August 3, 2023

    The malware landscape keeps evolving. New families are born, while others disappear. Some families are short-lived, while others remain active for quite a long time. In order to follow this evolution, Kaspersky researchers rely both on samples that they detect and their monitoring efforts, which cover botnets and underground forums. While doing so, the researchers found ...

  • FBI was using advanced hacking software despite White House ban

    August 2, 2023

    Since November of 2021, US-based companies have been barred from doing business with the NSO Group, an Israeli research firm behind some of the most advanced hacking tools the tech world has ever seen. Come to find out, a New York Times investigation from this past April revealed that a US government agency was actively using ...

  • Out of the Sandbox: WikiLoader Digs Sophisticated Evasion

    July 31, 2023

    Proofpoint researchers identified a new malware we call WikiLoader. It was first identified in December 2022 being delivered by TA544, an actor that typically uses Ursnif malware to target Italian organizations. Proofpoint observed multiple subsequent campaigns, the majority of which targeted Italian organizations. WikiLoader is a sophisticated downloader with the objective of installing a second malware ...

  • US officials search for hidden Chinese malware that could affect military operations

    July 29, 2023

    US officials are searching for Chinese malware hidden in various defense systems that could disrupt military communications and resupply operations, The New York Times reported Saturday. The administration believes malicious computer code has been hidden inside “networks controlling power grids, communications systems and water supplies that feed military bases,” officials told the Times. Read more… Source: CNN News  

  • CISA Releases Malware Analysis Reports on Barracuda Backdoors

    July 28, 2023

    CISA has published three malware analysis reports on malware variants associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions It was exploited as a zero day as early as October 2022 to gain access to ESG appliances. According to industry reporting, the actors exploited ...

  • Uncovering an Iranian mobile malware campaign

    July 27, 2023

    During a recent proactive hunt for malicious mobile malware, Sophos X-Ops researchers from SophosLabs discovered a group of four credential-harvesting apps targeting customers of several Iranian banks. Most of the apps are signed using the same – possibly stolen – certificate, and share various classes and strings. The apps target the following banks: Bank Mellat Bank Saderat Resalat ...

  • Hibernating Qakbot: A Comprehensive Study and In-depth Campaign Analysis

    July 25, 2023

    In the ever-evolving landscape of cyber threats, banking trojans continue to pose a significant risk to organizations worldwide. Among them, Qakbot, also known as QBot or Pinkslipbot, stands out as a highly sophisticated and persistent malware active since 2007, targeting businesses across different countries. With a primary focus on stealing financial data and login credentials from ...