Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods.
Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that distribute malware via malicious links on their repositories and encrypted archives as releases. This network not only distributes malware but also provides various other activities that make these “Ghost” accounts appear as normal users.
Read more…
Source: Check Point
Related:
- New Report On Suffolk County Cyber Attack Raises Questions
November 6, 2023
The former IT commissioner for the Suffolk County Clerk’s department did not alert county officials that the computer network in the clerk’s office was responding to a “radical malware attack” until eight hours after he was alerted, the Press has learned. The Center for Internet Security (CIS) sent an email at 3 a.m. on Sept. 8, ...
- US sanctions Russian accused of laundering Ryuk ransomware funds
November 6, 2023
The U.S. government has sanctioned a Russian national for allegedly laundering millions of dollars’ worth of victim ransom payments on behalf of individuals linked to the notorious Ryuk ransomware group. According to an announcement from the U.S. Treasury’s Office of Foreign Assets Control (OFAC), Ekaterina Zhdanova, 37, is accused of using virtual currency exchange transfers and ...
- Allied Pilots Association Hit With Ransomware Attack
November 4, 2023
On October 30, APA experienced a cybersecurity incident referred to by the union as a ransomware attack. In a statement, the Allied Pilots Association explained, “Upon discovery of the incident, we immediately took steps to secure our networks. Our IT team, with the support of outside experts, continues to work nonstop to restore our systems.” This ...
- Infosys subsidiary hit by cyber security attack
November 3, 2023
Infosys announced on Friday, November 3, that its US unit, Infosys McCamish Systems, was impacted by a cyber security event, resulting in the non-availability of certain applications and systems. The IT services major said it is working with a cyber security company to resolve the issue and that it had launched an investigation to identify the ...
- Payola ransomware operator demands remote access to PC
November 3, 2023
The Sonicwall threat research team have recently been tracking a new ransomware family called Payola. This family of ransomware appeared in late August 2023. It is written in .NET and is easy to analyze as it contains no obfuscation. Early variants would append “.Payola” to the names of encrypted files but the current variants use ...
- UK: Huge data breach at Southend-on-Sea City Council
November 2, 2023
Details of over 2,000 staff and councillors have been made public in a council data breach. Southend-on-Sea City Council could face six-figure fines for the mistake. The information disclosed included names, addresses and National Insurance numbers. The council leader has apologised and said that all those affected would be contacted and offered advice and support. ...