Malware


NEWS 
  • Netwalker ransomware hits Pakistan’s largest private power utility

    September 8, 2020

    K-Electric, the sole electricity provider for Karachi, Pakistan, has suffered a Netwalker ransomware attack that led to the disruption of billing and online services. K-Electric is Pakistan’s largest power supplier, serving 2.5 million customers and employing over 10 thousand people. Starting yesterday, K-Electric customers have been unable to access the online services for their account. To resolve this ...

  • Newcastle University students’ data held to ransom by cyber criminals

    September 8, 2020

    Newcastle University is being held to ransom by cyber criminals in an attack which has been disrupting IT systems since the beginning of the month. The cyber crime group behind the attack – known as DoppelPaymer – previously leaked documents online relating to Elon Musk’s companies SpaceX and Tesla. The criminals have posted stolen files from the ...

  • France warns of Emotet attacking companies, administration

    September 7, 2020

    The French national cyber-security agency today published an alert warning of a surge in Emotet attacks targeting the private sector and public administration entities throughout the country. French public administration has three sub-sectors: central public administrations (APUC), local government (LUFA), and social security administrations (ASSO). Emotet, originally a run-of-the-mill banking Trojan first spotted in 2014, is now ...

  • Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa

    September 4, 2020

    On July 6 and July 9, 2020, we observed files associated with an attack on two state-run organizations in the Middle East and North Africa that ultimately installed and ran a variant of the Thanos ransomware. The Thanos variant created a text file that displayed a ransom message requesting the victim transfer “20,000$” into a ...

  • XCSSET Update: Browser Debug Modes, Inactive Ransomware

    September 4, 2020

    In our first blog post that covered XCSSET, we discussed its relatively unique danger to Xcode developers and the way it took advantage of two macOS vulnerabilities to maximize what it can take from an infected machine. Our research into this incident is still ongoing, and in this blog post, we cover some other aspects of ...

  • Cetus: Cryptojacking Worm Targeting Docker Daemons

    August 27, 2020

    Unsecured Docker daemons have been known to security professionals as a major threat since the early days of containers. Unit 42 recently wrote about Graboid, the first-ever Docker cryptojacking worm and unsecured Docker daemons. I conducted additional research by setting up a Docker daemon honeypot in order to examine how things look for an average ...

  • SunCrypt Ransomware sheds light on the Maze ransomware cartel

    August 26, 2020

    A ransomware named SunCrypt has joined the ‘Maze cartel,’ and with their membership, we get insight into how these groups are working together. In June, we broke the story that the Maze threat actors created a cartel of ransomware operations to share information and techniques to help each other extort their victims. When first started, this cartel ...

  • Transparent Tribe: Evolution analysis, part 2

    August 26, 2020

    Transparent Tribe, also known as PROJECTM or MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. In the last four years, this APT group has never taken time off. They continue to hit their targets, which typically are Indian military and government personnel. This is the second of ...

  • Conti (Ryuk) joins the ranks of ransomware gangs operating data leak sites

    August 25, 2020

    It has now become a mainstream tactic for big ransomware groups to create so-called “leak sites” where they upload and leak sensitive documents from companies who refuse to pay the ransomware decryption fee. These “leak sites” are part of a new trend forming on the cybercriminal underground where ransomware groups are adopting a new tactic called ...

  • DarkSide: New targeted ransomware demands million dollar ransoms

    August 21, 2020

    A new ransomware operation named DarkSide began attacking organizations earlier this month with customized attacks that have already earned them million-dollar payouts. Starting around August 10th, 2020, the new ransomware operation began performing targeted attacks against numerous companies. In a “press release” issued by the threat actors, they claim to be former affiliates who had made millions ...

  • Transparent Tribe: Evolution analysis, part 1

    August 20, 2020

    Transparent Tribe, also known as PROJECTM and MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. Proofpoint published a very good article about them in 2016, and since that day, we have kept an eye on the group. We have periodically reported their activities through our APT ...

  • WannaRen ransomware author contacts security firm to share decryption key

    August 19, 2020

    A major ransomware outbreak hit Chinese internet users earlier this year in April. For about a week, a ransomware strain known as WannaRen made tens of thousands of victims among both home consumers and local Chinese and Taiwanese companies. Looking back, in retrospect, four months later, WannaRen’s virality can be explained due to the fact that ...

  • Threat Recap: Darkside, Crysis, Negasteal, Coinminer

    August 19, 2020

    In the past few weeks, we have spotted notable developments for different types of threats. For ransomware, a new family named Darkside surfaced, while operators behind Crysis/Dharma released a hacking toolkit. For messaging threats, a targeted email campaign was used to propagate Negasteal/Agent Tesla. Finally, for fileless threats, a coinminer was seen bundled with legitimate applications. Read ...

  • US govt exposes new North Korean BLINDINGCAN backdoor malware

    August 19, 2020

    U.S. government agencies today published a malware analysis report exposing information on a remote access trojan (RAT) malware used by North Korean hackers in attacks targeting government contractors. The malware was identified by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) and is known as known BLINDINGCAN. The trojan was attributed ...

  • New FritzFrog P2P botnet has breached at least 500 enterprise, government servers

    August 19, 2020

    A P2P botnet newly-discovered by researchers has struck at least 500 government and enterprise SSH servers over 2020. On Wednesday, cybersecurity firm Guardicore Labs published research into FritzFrog, a peer-to-peer (P2P) botnet that has been detected by the company’s sensors since January this year. According to researcher Ophir Harpaz, FritzFrog has attempted to brute-force SSH servers belonging ...

  • Dharma RaaS is ‘targeting and menacing’ SMBs

    August 17, 2020

    Dharma ransomware as-a-service (RaaS), which is among the world’s most popular, is being used predominantly to target small and medium-sized businesses (SMBs), according to a new report from Sophos. Offers as a service, Dharma ransomware is available to whoever is willing to pay for its use. User groups (called affiliates) rely “almost entirely” on a menu-driven ...

  • ‘EmoCrash’ Exploit Stoppered Emotet For 6 Months

    August 17, 2020

    A researcher was able to exploit a vulnerability in Emotet – effectively causing the infamous malware to crash and preventing it from infecting systems for six months. Emotet, which first emerged in 2014 and has since then evolved into a full fledged botnet that’s designed to steal account credentials and download further malware, mysteriously disappeared from ...

  • Half of anti-malware products fail to recognize notable threats

    August 17, 2020

    Most popular, well-established cybersecurity solutions do not protect their users from all notable threats, according to new analysis from SE Labs. The security firm tested 14 of the world’s most popular cybersecurity solutions and, while products from Microsoft and Kaspersky Lab scored 100 percent, more than half failed to identify all threats. “While the numbers of ‘misses’ ...

  • Business technology giant Konica Minolta hit by new ransomware

    August 16, 2020

    Business technology giant Konica Minolta was hit with a ransomware attack at the end of July that impacted services for almost a week, BleepingComputer has learned. Konica Minolta is a Japanese multinational business technology giant with almost 44,000 employees and over $9 billion in revenue for 2019. Read more… Source: Bleeping Computer  

  • U.S. spirits and wine giant hit by cyberattack, 1TB of data stolen

    August 15, 2020

    Brown-Forman, one of the largest U.S. companies in the spirits and wine business, suffered a cyber attack. The intruders allegedly copied 1TB of confidential data; they plan on selling to the highest bidder the most important info and leak the rest. Headquartered in Louisville, Kentucky, the company holds world-known whiskey and scotch brands like Jack Daniel’s, ...