Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods.
Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that distribute malware via malicious links on their repositories and encrypted archives as releases. This network not only distributes malware but also provides various other activities that make these “Ghost” accounts appear as normal users.
Read more…
Source: Check Point
Related:
- Jamaica: Police charge 6 people in connection with cyber attack on account of bank customer
December 7, 2024
The six people arrested last week in connection with a multi-million dollar cyber attack on the account of a customer of the National Commercial Bank, have been charged. This was disclosed by Dane Nicholson, Head of the Anti-Fraud Committee of the Jamaica Banker’s Association, who said the suspects were charged on Thursday and are booked to ...
- Europol: Fraudulent shopping sites tied to cybercrime marketplace taken offline
December 5, 2024
Europol has supported the dismantling of a sophisticated criminal network responsible for facilitating large-scale online fraud. In an operation led by the Hanover Police Department (Polizeidirektion Hannover) and the Verden Public Prosecutor’s Office (Staatsanwaltschaft Verden) in Germany, and supported by law enforcement authorities across Europe, over 50 servers were seized, significant digital evidence was secured, ...
- Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware
December 4, 2024
Beginning in early October, Rapid7 has observed a resurgence of activity related to the ongoing social engineering campaign being conducted by Black Basta ransomware operators. Rapid7 initially reported the discovery of the novel social engineering campaign back in May, 2024, followed by an update in August 2024, when the operators updated their tactics and malware payloads ...
- NCA disrupts $multi-billion Russian money laundering networks with links to, drugs, ransomware and espionage, resulting in 84 arrests
December 4, 2024
An international NCA-led investigation – Operation Destabilise – has exposed and disrupted Russian money laundering networks supporting serious and organised crime around the world: spanning from the streets of the UK, to the Middle East, Russia, and South America. Investigators have identified two Russian-speaking networks collaborating at the heart of the criminal enterprise; Smart and TGR. ...
- 63% of companies plan to pass data breach costs to customers
December 4, 2024
The rising practice of shaking down customers to pay for security shortfalls could have a silver lining for CISOs, as diluted price competitiveness could convince top brass of the ROI of cybersecurity investments. Consumers may be more on the hook for paying for the rising costs of data breaches than they realize, as companies increasingly turn ...
- Ireland: Woman, 20s, arrested over potential data breach at utility service provider
December 4, 2024
A woman has been arrested over a potential data breach at a national utility service provider last year. The woman, aged in her 20s, was arrested yesterday and is detained at a garda station in Dublin. The potential breach was identified by members of the Garda National Cyber Crime Bureau in 2023. It was referred to ...