While responding to an incident, the Incident Response team of Positive Technologies Expert Security Center (PT ESC) discovered an unknown keylogger embedded in the main Microsoft Exchange Server page of one of our customers.
This keylogger was collecting account credentials into a file accessible via a special path from the internet. The team identified over 30 victims, most of whom were linked to government agencies across various countries. According to the researchers’ data, the first compromise occurred in 2021. Without additional data, they were not able to attribute these attacks to a specific group; however, most victims are located in Africa and the Middle East.
Read more…
Source: Positive Technologies
Related:
- 5 linked to cyber espionage ring arrested in Türkiye
January 27, 2025
Authorities arrested five people on cyber espionage charges through a software system uncovered thanks to information from the National Intelligence Organization (MIT), Turkish media reported Monday. An investigation led by the Chief Public Prosecutor’s Office in the capital, Ankara, discovered that a software program known as “Avatar” or “Adalet” (Turkish for “justice”), exclusively designed for attorneys, ...
- Japan links Chinese hacker MirrorFace to dozens of cyberattacks targeting security and tech data
January 8, 2025
Japan on Wednesday linked more than 200 cyberattacks over the past five years targeting the country’s national security and high technology data to a Chinese hacking group, MirrorFace, detailing their tactics and calling on government agencies and businesses to reinforce preventive measures. MirrorFace sent emails with attachments containing malware to targeted organizations and individuals to view ...
- EAGERBEE, with updated and novel components, targets the Middle East
January 6, 2025
In recent investigation into the EAGERBEE backdoor, kaspersky researchers found that it was being deployed at ISPs and governmental entities in the Middle East. The researchers analysis uncovered new components used in these attacks, including a novel service injector designed to inject the backdoor into a running service. Additionally, Kaspersky team discovered previously undocumented components (plugins) ...
- WhatsApp scores historic victory against NSO Group in long-running spyware hacking case
December 23, 2024
A U.S. judge has ruled that Israeli spyware maker NSO Group breached hacking laws by using WhatsApp to infect devices with its Pegasus spyware. In a historic ruling on Friday, a Northern California federal judge held NSO Group liable for targeting the devices of 1,400 WhatsApp users, violating state and federal hacking laws as well as ...
- Cloud Atlas seen using a new tool in its attacks
December 23, 2024
Known since 2014, Cloud Atlas targets Eastern Europe and Central Asia. We’re shedding light on a previously undocumented toolset, which the group used heavily in 2024. Victims get infected via phishing emails containing a malicious document that exploits a vulnerability in the formula editor (CVE-2018-0802) to download and execute malware code. When opened, the document downloads a ...
- Chinese national cyber centre says U.S. hacks stole trade secrets from tech firms
December 18, 2024
China’s national internet emergency response centre said on Wednesday it had found and dealt with two incidents of U.S. cyber attacks on Chinese tech firms to “steal trade secrets” since May 2023. The National Computer Network Emergency Response Technical Team/Coordination Centre of China (CNCERT/CC) said in a statement published on its website that an advanced materials ...