Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods.
Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that distribute malware via malicious links on their repositories and encrypted archives as releases. This network not only distributes malware but also provides various other activities that make these “Ghost” accounts appear as normal users.
Read more…
Source: Check Point
Related:
- Russian Authorities Arrest 96 in Major Money Laundering Operation
October 3, 2024
In a coordinated effort against cybercrime-related money laundering, Russian authorities have made nearly 100 arrests in connection with an extensive criminal operation involving cryptocurrency exchanges and illegal financial activities. The arrests were part of a nationwide crackdown tied to the UAPS payment system and the Cryptex cryptocurrency exchanges, both of which have been linked to cybercriminals ...
- Key Group: another ransomware group using leaked builders
October 1, 2024
Key Group, or keygroup777, is a financially motivated ransomware group primarily targeting Russian users. The group is known for negotiating with victims on Telegram and using the Chaos ransomware builder. The first public report on Key Group’s activity was released in 2023 by BI.ZONE, a cybersecurity solutions vendor: the attackers drew attention when they left an ...
- Global Cyber Attacks to Double from 2020 to 2024
October 1, 2024
On the first day of Cybersecurity Awareness Month in the U.S., research has revealed that the number of significant global cyber attacks in 2024 will be double that of 2020. A new report from insurer QBE, Connected Business: digital dependency fuelling risk, predicts that organisations will be hit by 211 disruptive and destructive cyber attacks this ...
- UK unmasks LockBit ransomware affiliate as high-ranking hacker in Russia state-backed cybercrime gang
October 1, 2024
The U.K.’s National Crime Agency has linked a long-standing affiliate of the LockBit ransomware group to the notorious Russia-backed Evil Corp, a cybercrime gang with links to the Russian government. The NCA said on Tuesday that it had unmasked the LockBit affiliate, known as “Beverley,” as Russian national Aleksandr Ryzhenkov, who British authorities believe to be ...
- China: Rast ransomware gang aiming at domestic government and enterprises
September 29, 2024
From December 2023 to the present, QiAnXin Threat Intelligence Center observed that a ransomware written in rust language is very active on the Chinese Internet, and a large number of machines in China have been ransomed, with up to more than 20 victimized units only in the terminals of government and enterprises, which the researchers call ...
- Iranian Cyber Actors Targeting Personal Accounts to Support Operations
September 27, 2024
The Federal Bureau of Investigation (FBI), U.S. Cyber Command – Cyber National Mission Force (CNMF), the Department of the Treasury (Treasury), and the United Kingdom’s National Cyber Security Centre (NCSC) are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity by cyber actors working on behalf of the Iranian Government’s Islamic Revolutionary ...