Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods.
Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that distribute malware via malicious links on their repositories and encrypted archives as releases. This network not only distributes malware but also provides various other activities that make these “Ghost” accounts appear as normal users.
Read more…
Source: Check Point
Related:
- Russia blames mass tech outages on DDoS attack
August 23, 2024
The Russian government has blamed the widespread outage of several popular mobile applications on a distributed denial of service (DDoS) attack. The outage affected a number of messaging apps and online services, including Telegram, WhatsApp, Skype, Wikipedia, Steam, Discord, Twitch, and VKontakte – a Russian social network. However, people in Moscow reported regaining access to services ...
- Europe’s leading solar power grid is ‘vulnerable’ to hackers
August 21, 2024
A recent study by a cybersecurity firm confirmed that the Dutch solar energy grid is vulnerable to multiple types of attacks on its system. A new study by a cybersecurity firm confirmed that one of Europe’s largest solar energy grids is vulnerable to multiple types of attacks on its system. Over a six-month period, researchers with ...
- Security gaps leave local governments vulnerable to a variety of cyber threats
August 21, 2024
Cities and counties are beefing up their IT security, and that makes sense, says Augustine Boateng, interim chief information officer (CIO) in Memphis, Tenn. “It’s important to note that local governments have developed a reputation over the years for having lackluster cybersecurity; and not without good reason. As a result, we’re seeing more and more cyberattacks ...
- Microchip Technologies hit by cyberattack
August 21, 2024
Microchip said an ‘unauthorised party’ disrupted its systems and has impacted its ability to fulfill manufacturing orders. US chipmaker Microchip Technologies has been hit with a cyberattack, disrupting its systems and impacting its manufacturing capabilities. The company revealed the details in a filing with the Securities and Exchange Commission and said it detected “suspicious activity” on ...
- Toyota confirms customer and employee data stolen, says breach at third party to blame
August 21, 2024
Last week, a cybercriminal using the handle ZeroSevenGroup dumped 240GB of data on the infamous stolen data site BreachForums, that they said came from a hack on the US branch of car manufacturer Toyota. ZeroSevenGroup claims the dump includes customer and employee data. Toyota told BleepingComputer that a breach at a third party had led to the ...
- Selling Ransomware Breaches: 4 Trends Spotted on the RAMP Forum
August 20, 2024
The sale and purchase of unauthorized access to compromised enterprise networks has become a linchpin for cybercriminal operations, particularly in facilitating ransomware attacks. Underground forums are sharing guidelines on breaching networks and selling the access they obtain, leaving the exploitation to other malicious actors. On underground criminal forums, these transactions allow actors with complementary skills to ...