News


  • Emerging APT Mounts Mass iPhone Surveillance Campaign

    March 26, 2020

    A recently discovered, mass-targeted watering-hole campaign has been aiming at Apple iPhone users in Hong Kong – infecting website visitors with a newly developed custom surveillance malware. The bad code – the work of a new APT called “TwoSail Junk” – is delivered via a multistage exploit chain that targets iOS vulnerabilities in versions 12.1 ...

  • Hacking isn’t canceled: Chinese group attacked Citrix and Zoho during coronavirus lockdown

    March 25, 2020

    A prolific state-backed Chinese cyber espionage operation started 2020 with one of its largest hacking campaigns – even though the coronavirus lockdown in China appeared to have an impact on the group’s output. The global operation by hacking group APT 41 – widely believed to linked to the Chinese government – targeted businesses in telecoms, manufacturing, healthcare, defence, ...

  • Paging A Joint Task Force: Cyber Defense Of Pandemic Medical Infrastructure

    March 24, 2020

    The ongoing global response to COVID-19 infections has become a critical public health, economic, and national security priority. The crisis has been made worse by ransomware and other disruptive intrusion incidents, threatening the continued provision of healthcare services to patients affected by the disease. U.S. Health and Human Services disclosures of known data breaches — even prior ...

  • WildPressure APT targets industrial-related entities in the Middle East

    March 24, 2020

    In August 2019, Kaspersky discovered a malicious campaign distributing a fully fledged C++ Trojan that we call Milum. All the victims we registered were organizations from the Middle East. At least some of them are related to industrial sector. Our Kaspersky Threat Attribution Engine (KTAE) doesn’t show any code similarities with known campaigns. Nor have ...

  • Monitoring ICS Cyber Operation Tools and Software Exploit Modules To Anticipate Future Threats

    March 23, 2020

    There has only been a small number of broadly documented cyber attacks targeting operational technologies (OT) / industrial control systems (ICS) over the last decade. While fewer attacks is clearly a good thing, the lack of an adequate sample size to determine risk thresholds can make it difficult for defenders to understand the threat environment, ...

  • Hackers breach FSB contractor and leak details about IoT hacking project

    March 20, 2020

    Russian hacker group Digital Revolution claims to have breached a contractor for the FSB — Russia’s national intelligence service — and discovered details about a project intended for hacking Internet of Things (IoT) devices. The group published this week 12 technical documents, diagrams, and code fragments for a project called “Fronton.” Read more… Source: ZDNet  

  • Developing Story: Coronavirus Used in Malicious Campaigns

    March 20, 2020

    The coronavirus disease (COVID-19) is being used in a variety of malicious campaigns including email spam, BEC, malware, ransomware, and malicious domains.  As the number of those afflicted continue to surge by thousands, campaigns that use the disease as a lure likewise increase. Trend Micro researchers are periodically sourcing for samples on coronavirus-related malicious campaigns. This report also includes ...

  • UK Department for Business, Energy and Industrial Strategy is looking for organisations who can support in the supply of ventilators and ventilator components

    March 20, 2020

    The Department for Business, Energy and Industrial Strategy (BEIS) is looking for organisations who can support in the supply of ventilators and ventilator components across the United Kingdom as part of the Government’s response to COVID-19. These questions aim to identify the suitability and readiness of organisations to be involved in the initiative. There are three ...

  • New Mirai Variant Targets Zyxel Network-Attached Storage Devices

    March 19, 2020

    As soon as the proof-of-concept (PoC) for CVE-2020-9054 was made publicly available last month, this vulnerability was promptly abused to infect vulnerable versions of Zyxel network-attached storage (NAS) devices with a new Mirai variant – Mukashi. Mukashi brute forces the logins using different combinations of default credentials, while informing its command and control (C2) server of the successful ...

  • Probing Pawn Storm Cyberespionage Campaign Through Scanning, Credential Phishing and More

    March 19, 2020

    Pawn Storm, an ongoing cyberespionage campaign with activities that can be traced as far back as 2004, has gained notoriety after aiming cyber-attacks at defense contractor personnel, embassies, and military forces of the United States and its allies, as well as international media and citizens across different civilian industries and sectors, among other targets. For years, ...

  • The IIoT Threat Landscape: Securing Connected Industries

    March 18, 2020

    The Industrial Internet of Things (IIoT) provides bridges of connectedness that enable seamless IT and OT convergence. However, threat actors can cross these bridges to compromise systems. As the use of IoT extends beyond the home and goes into the vast industrial landscape, the scale of threats likewise grows. With that being said, some components of ...

  • New Variant of Paradise Ransomware Spreads Through IQY Files

    March 18, 2020

    Internet Query Files (IQY) were used to deliver a new variant of Paradise ransomware, as reported by Last Line. The said file type has not been associated with this ransomware family before. In the past, IQY files were typically used in other malware campaigns such as the Necurs botnet that distributes IQY files to deliver FlawedAmmy RAT. Bebloh and Ursnif also spreads ...

  • APT36 Taps Coronavirus as ‘Golden Opportunity’ to Spread Crimson RAT

    March 17, 2020

    A Pakistani-linked threat actor, APT36, has been using a decoy health advisory that taps into global panic around the coronavirus pandemic to spread the Crimson RAT. The functionalities of the Crimson RAT include stealing credentials from victims’ browsers, capturing screenshots, collecting anti-virus software information, and listing the running processes, drives and directories from victim machines. The ...

  • Oxford University infectious disease experts provide evidence for a coronavirus mobile app for instant contact tracing

    March 17, 2020

    For Immediate Release Oxford University – 17 March 2020: A team of medical research and bioethics experts at Oxford University are supporting several European governments to explore the feasibility of a coronavirus mobile app for instant contact tracing. If rapidly and widely deployed, the infectious disease experts believe such an app could significantly help to contain the ...

  • New Ursnif Campaign Targets Users in Japan

    March 17, 2020

    Trend Micro researchers detected a new Ursnif campaign targeting users in Japan. The malware is distributed through infected Microsoft Word documents coming from spam emails. Ursnif, also known as Gozi, is an information stealer that collects login credentials from browsers and email applications. It has capabilities for monitoring network traffic, screen capturing, and keylogging. It is ...

  • Hackers attacked a US health agency’s computer system in an attempt to slow down its COVID-19 response

    March 16, 2020

    As the US ramps up its response to the spread of COVID-19, the Health and Human Services Department was hit with a cyberattack, according to a new report from Bloomberg. Citing three unnamed sources familiar with the matter, Bloomberg reported that the cyberattack aimed to slow down HHS computer systems Sunday night, but were unsuccessful in ...

  • They Come in the Night: Ransomware Deployment Trends

    March 16, 2020

    Ransomware is a remote, digital shakedown. It is disruptive and expensive, and it affects all kinds of organizations, from cutting edge space technology firms, to the wool industry, to industrial environments. Infections have forced hospitals to turn away patients and law enforcement to drop cases against drug dealers. Ransomware operators have recently begun combining encryption with the threat of data leak and exposure in order ...

  • MonitorMinor: vicious stalkerware?

    March 16, 2020

    What is the usual functionality of stalkerware? The most basic thing is to transmit the victim’s current geolocation. There are many such “stalkers”, since various special web resources are used to display coordinates, and they only contain a few lines of code. Often, their creators use geofencing technology, whereby a notification about the victim’s movements is ...

  • The SIM highjackers: how criminals are stealing millions by highjacking phone numbers

    March 13, 2020

    SIM swappers arrested by Spain, Austria and Romania as police gears up against this growing threat It is a common story: the signal bars disappears from their mobile phones, they call the phone number – it rings, but it’s not their phone ringing. They try to login to their bank account, but the password fails. They ...

  • Analysis: Abuse of .NET features for compiling malicious programs

    March 12, 2020

    The .NET framework, a software development framework created by Microsoft and is now a built-in component of Windows, includes components that enable developers to compile and execute C# source code during runtime. This allows programs to update or load modules without having to restart. While the .NET framework is originally intended to help software engineers, cybercriminals ...